"The U.S. is starting to implement a deal with the European Union aimed at allowing information about Europeans to continue to be stored on U.S. soil, reducing a looming threat to thousands of companies with trans-Atlantic operations.
President Biden on Friday issued an executive order giving Europeans new rights to challenge U.S. government-surveillance practices against them, a central element of the preliminary deal that the U.S. and the EU first outlined in March.
The European Commission, the EU's executive arm, must approve the U.S. move to put the data-flow agreement, dubbed the EU-U.S. data-privacy framework, into force -- a process that could take about six months.
The issue is drawing high-level attention because two previous data agreements were rejected by the EU's top court, and this new pact is likely to face legal challenges.
"The EU-U.S. data privacy framework will provide a durable and reliable legal foundation and certainty for trans-Atlantic data flows and create greater economic opportunities for companies and citizens on both sides of the Atlantic," said U.S. Commerce Secretary Gina Raimondo.
Ms. Raimondo said the executive order would strengthen privacy and civil-liberties protections, and would create a mechanism for Europeans to seek redress if they believe they are being unlawfully targeted by U.S. intelligence activities.
She said the order includes a multilayered review process that draws in the civil-liberties protection officer in the office of the Director of National Intelligence.
The executive order also would create a new U.S. court, the Data Protection Review Court, for secondary review of cases.
The executive order is important "because it addresses the conditions and safeguards under which U.S. intelligence authorities will be able to access data transfers from the EU," an EU official said.
The order specifies when intelligence authorities can collect personal data, such as for investigating terrorism and other crimes, and limits how long it can be retained, the official said. Methods of data collection must be proportionate to requirements, the official said, meaning that authorities must also consider less intrusive measures and the consequences that surveillance would have on an individual.
If Europeans suspect their data has been accessed by U.S. intelligence authorities, they can file complaints to national privacy authorities in their home countries. The U.S. civil-liberties protection officer will determine whether their data was accessed, and can order intelligence agencies to delete personal data or correct it if it is incorrect, the EU official said.
If concluded, the deal could resolve one of the thorniest outstanding issues between the two economic giants, which has festered since the EU's top court in 2020 ruled illegal an earlier deal authorizing trans-Atlantic data flows because it had deemed U.S. safeguards on Europeans' data to be insufficient -- particularly regarding government surveillance.
Hanging in the balance has been the ability of businesses to use U.S.-based data centers to do things such as sell online ads, measure their website traffic or manage company payroll in Europe. Completing a deal is particularly important for big U.S. technology companies, including Meta Platforms Inc. and Alphabet Inc., which have faced several cases in which European privacy regulators -- citing the 2020 ruling -- are ordering them or their clients to cut off their transfer of data to the U.S.
The most prominent threat is a draft order for Meta's Facebook to stop sending certain data about its users to servers in the U.S., because it could be caught in surveillance requests. Under the EU's power-sharing rules, Ireland's Data Protection Commission in July submitted the draft order to privacy regulators across the bloc, which are discussing potential changes, and it could be officially issued in coming months, according to people familiar with the process. Ireland leads EU privacy enforcement for Facebook because the company's regional headquarters are in Dublin.
Even if there is no final data deal before Ireland issues its order, Facebook could appeal the order in court, a process that could take months or years to play out, effectively keeping its data flows running. The company has warned in securities filings that should it lose the ability to store data in the U.S., it might no longer be able to offer some of its services in Europe.
At the same time, in France and Austria, regulators citing the 2020 EU court decision have also in the past year ordered certain websites to stop using Alphabet's Google Analytics service because it sends information about users' internet addresses to the U.S., where the regulators say it could be requested by government agencies. Similar cases are pending in other EU countries.
Meta and Google were among tech companies that on Friday described the U.S. changes as an important step in securing the ability for companies to send data across the Atlantic.
The deal announced Friday is the latest effort to resolve more than two decades of squabbling about how to balance trade relations and privacy rules across the Atlantic.
The EU official said European negotiators are confident they could defend the data deal against legal challenges." [1]
1. World News: U.S. Rewrites Regulations For Europeans' Digital Privacy
Schechner, Sam; Stupp, Catherine.
Wall Street Journal, Eastern edition; New York, N.Y. [New York, N.Y]. 08 Oct 2022: A.9.
Komentarų nėra:
Rašyti komentarą