After months of legal uncertainty for cloud services, the EU has announced reaching an agreement in principle with the USA on an updated trans-Atlantic data flow deal. Products such as Google Fonts, Analytics, Stripe, and Facebook have been dogged by multiyear complaints relating to trans-Atlantic data flows as these tech giants have been trying to exhaust all legal challenges. Meta will now likely not have to suspend its operations as the EU is expected to suspend EU-USA data transfer enforcements and introduce a grace period until a final agreement has been reached and the new deal has been adopted.
While this all sounds good, the fine details of the revised deal and how the gap has been closed between the EU’s and USA’s 2 very different legal systems was not made clear at the announcement of this development. Any new deal will face the prospect of legal challenges, just as the Safe Harbor agreement did in 2015 due to EU citizen’s privacy rights and US surveillance laws.
Since the announcement, the White house has released a fact sheet on the new framework agreement which explains that EU citizens can seek redress through an independent ‘Data Protection Review Court’ that will consist of people from outside the US government and can adjudicate claims and direct remedial measures as necessary. However, the Commission took a similar approach with Privacy Shield and Safe Harbor in the past, until the court enacted a very different view. EU commissions and their US counterparts cannot provide a final assessment here, and only the European Court of Justice can.
Max Schrems, an outspoken sceptic of trans-Atlantic data transfer deals, voiced his concerns over this reformed deal by mentioning little reform on the US side. He also threatened that it was possible, via civil litigation and preliminary injunction, to take any new agreement to the Court of Justice of the European Union (CJEU) within months should EU law not be respected in the reformed deal. He was quoted as saying:
“Once the final text arrives we will analyse it in depth, together with our U.S. legal experts. If it is not in line with EU law, we or another group will likely challenge it. In the end, the Court of Justice will decide a third time. We expect this to be back at the Court within months from a final decision,” he noted in a statement, “It is regrettable that the EU and U.S. have not used this situation to come to a ‘no spy’ agreement, with baseline guarantees among like-minded democracies. Customers and businesses face more years of legal uncertainty.”
Google, Meta, and the CCIA technology industry association all predictably welcomed the news and commended the European Commission and US government for coming to a new agreement in principle. However, CCIA director Alexandre Roure did express some concerns for upcoming EU rules surrounding industrial and connected device data reuse which is expected to introduce new data restrictions.
No comments:
Post a Comment