News

U.S. and European Union Agree on a New Trans-Atlantic Data Privacy Framework

The Biden White House and the European Commission  have taken first steps in agreeing on a new "Trans-Atlantic Data Privacy Framework".

Once the agreement, which needs to be put into a legal document, is finalized, it then needs to be institutionalized with a court process to address complaints by EU residents about how their information gets processed by U.S.-based organizations. Processes that should take months to finalize.   

This U.S.-EU agreement will "enable predictable and trustworthy data flows between the EU and U.S., safeguarding privacy and civil liberties," contended Ursula von der Leyen, the European Commission's president, in a released statement.

Here's what the U.S. government agreed to under this new framework agreement, per the European Commission's announcement:

  • The United States will "strengthen the privacy and civil liberties protections applicable to U.S. signals intelligence activities."
  • The United States will establish "a two-level independent redress mechanism with binding authority to direct remedial measures."
  • The United States will "ensure compliance with limitations on surveillance activities."

Privacy Shield Concerns Said To Be Addressed
The new agreement is said to address the EU's Court of Justice "concerns" about an earlier "Privacy Shield" data privacy and data processing agreement with the United States. Privacy Shield has been on hold since the court's "Schrems II decision of July 2020."

Schrems II is a reference to Austrian citizen Maximillian Schrems, who had filed two complaints about U.S.-based Facebook's processing of his personal information.

Back in 2020, the EU's Court of Justice had indicated (PDF) that under the Data Shield agreement, the personal data of EU residents would be processed according to U.S. laws. Such processing didn't meet the conditions of EU data privacy laws, specifically the EU's General Data Protection Regulation, the court had indicated. Moreover, there was no U.S. court process for EU "data subjects" to contest the U.S. processing of personal data.

The Privacy Shield agreement has been in limbo since that 2020 Schrems II decision. However, U.S. and European Commission officials are now signaling a breakthrough of sorts, although specific agreement details apparently weren't published.

Plaintiff Schrems expressed skepticism about the new agreement in a March 25 Twitter post, saying that it "seems we do another Privacy Shield, especially in one respect: Politics over law and fundamental rights." He predicted that this new agreement will "fail again."

The Privacy Shield agreement itself had been a reworked agreement. It emerged after the EU's European Court of Justice scrapped an earlier "Safe Harbor" framework for the trans-Atlantic processing of data back in October of 2015.

The new data privacy agreement, if viable, could grease the revenue skids for U.S.-based service provider companies eyeing EU markets. Trans-Atlantic data commerce represents "$7.1 trillion" in trade, according to Biden's statement.

The current U.S. government, though, may not be in a position to achieve the goals set by Shrems II, suggested Gary LaFever, general counsel and CEO of Anonos, a maker of privacy data enablement software, in a released statement:

The ruling that invalidated the Privacy Shield (Schrems II) requires that a ruling be guaranteed in U.S. law (not likely to happen with the current US Congress) or with technical supplemental measures recommended by the EDPB [European Data Protection Board] and by the EDPS [European Data Protection Supervisors] that enable ongoing data processing while safeguarding the fundamental rights of EU citizens to privacy. Currently, the agreement meets neither standard.

Microsoft Pledges Support
Microsoft on Friday announced support for the new Trans-Atlantic Data Privacy Framework, pledging to both embrace it and "go beyond it."

The company plans to address the framework in two ways, according to Julie Brill, Microsoft's corporate vice president for global privacy and regulatory affairs and chief privacy officer.

First, Microsoft plans to challenge U.S. government demands to access personal data when those demands do not comply with the Trans-Atlantic Data Privacy and Security Framework.

Second, Microsoft plans to "actively participate in the judicial review of an individual's claim of harm related to Microsoft's public sector and commercial cloud services." It'll also pay "monetary compensation" to its public sector and commercial customers if data were disclosed unlawfully following a government request.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

  • Microsoft Appoints Althoff as New CEO for Commercial Business

    Microsoft CEO and chairman Satya Nadella on Wednesday announced the promotion of Judson Althoff to CEO of the company's commercial business, presenting the move as a response to the dramatic industrywide shifts caused by AI.

  • Broadcom Revamps VMware Partner Program Again

    Broadcom recently announced a significant update regarding its VMware Cloud Service Provider (VCSP) program, coinciding with the release of VMware Cloud Foundation (VCF) 9.0, a key component in Broadcom’s private cloud strategy.

  • Closeup of the new Copilot keyboard key

    Microsoft Updates Copilot To Add Context-Sensitive Agents to Teams, SharePoint

    Microsoft has rolled out a new public preview for collaborative "always on" agents in Microsoft 365 Copilot, bringing enhanced, context-aware tools into Teams channels, meetings, SharePoint sites, Planner workstreams and Viva Engage communities.

  • Windows 365 Cloud Apps Now Available for Public Preview

    Microsoft announced this week that Windows 365 Cloud Apps are now available for public preview. This aims to allow IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.