(Finance) – The European Union has approved a plan that will allow companies to continue storing data on Europeans on US soil, avoiding a potentially costly interruption, especially for Big Tech, of transatlantic data flows. The deal, known as the Trans-Atlantic Data Privacy Framework, marks the culmination of lengthy negotiations with the United States over data transfers that are used by thousands of companies to sell online ads and measure traffic to their websites.
The Trans-Atlantic Data Privacy Framework, explains Brussels in a note, “introduces new binding guarantees to address all the concerns expressed by the Court of Justice of the European Union, including the limitation of access to EU data by intelligence services to the extent necessary and proportionate and the establishment of a Data Protection Review Court (DPRC), accessible to EU citizens”. “
The new framework introduces significant improvements over the existing mechanism under the Privacy Shield. For example, if the DPRC believes that the data has been collected in violation of the new guarantees, it will be able to order its cancellation. The new public data access safeguards will complement the obligations that US companies importing data from the EU will have to sign up to,” he added.
“The new EU-US personal data protection framework will ensure secure data flows for European citizens and bring legal certainty to businesses on both sides of the Atlantic,” said EU Commission President Ursula von der Leyen. Following the agreement in principle I reached with President Biden last year, the United States has made unprecedented commitments to put in place the new framework.Today we take an important step to reassure citizens that their data is safe , to deepen economic ties between the EU and the US while at the same time reaffirming our shared values. This shows that, by working together, we can tackle the most complex issues.”
US companies will be able to join the EU-US framework for the protection of personal data by committing to comply with a detailed set of privacy obligations, such as the obligation to delete personal data when it is no longer necessary for the purpose for the which they were collected and to ensure continuity of protection when personal data is shared with third parties. EU citizens will benefit from various avenues of redress in the event of their data being mistreated by US companies, such as free independent dispute resolution mechanisms and an arbitration panel.
The functioning of the Data Privacy Framework will be subject to periodic reviews carried out by the European Commission in collaboration with representatives of the European data protection authorities and of the competent US authorities. The first review will take place within one year of the entry into force of the adequacy decision and will verify that all relevant elements have been fully implemented in the US legal framework and function effectively in practice.