Big Tech Can Transfer Europeans' Data To US In Win For Facebook and Google

An anonymous reader quotes a report from Ars Technica: The European Commission today decided it is safe for personal data to be transferred from the European Union to US-based companies, handing a victory to firms like Facebook and Google despite protests from privacy advocates who worry about US government surveillance. The commission announced that it "adopted its adequacy decision for the EU-US Data Privacy Framework," concluding "that the United States ensures an adequate level of protection -- comparable to that of the European Union -- for personal data transferred from the EU to US companies under the new framework. On the basis of the new adequacy decision, personal data can flow safely from the EU to US companies participating in the Framework, without having to put in place additional data protection safeguards." In May, Facebook-owner Meta was fined 1.2 billion euros for violating the General Data Protection Regulation (GDPR) with transfers of personal data to the United States and was ordered to stop storing European Union user data in the US within six months. But Meta said at the time that if the pending data-transfer pact "comes into effect before the implementation deadlines expire, our services can continue as they do today without any disruption or impact on users." The data-transfer deal "is expected to face a legal challenge from European privacy advocates, who have long said that the US needs to make substantial changes to surveillance laws," a Wall Street Journal report said today. "Transfers of data from Europe to the US have been in question since an EU court ruled in 2020 that a previous deal allowing trans-Atlantic data flows was illegal because the US didn't give EU individuals an effective way to challenge surveillance of their data by the US government." The EC's announcement said the new framework has "binding safeguards to address all the concerns raised by the European Court of Justice, including limiting access to EU data by US intelligence services to what is necessary and proportionate, and establishing a Data Protection Review Court (DPRC), to which EU individuals will have access." The new court "will be able to order the deletion" of data that is found to have been collected in violation of the new rules. The framework will be administered and monitored by the US Department of Commerce and the "US Federal Trade Commission will enforce US companies' compliance," the EC announcement said. EU residents who challenge data collection will have free access to "independent dispute resolution mechanisms and an arbitration panel." US companies can join the EU-US framework "by committing to comply with a detailed set of privacy obligations, for instance the requirement to delete personal data when it is no longer necessary for the purpose for which it was collected, and to ensure continuity of protection when personal data is shared with third parties," the European Commission said. The latest deal is expected to get challenged, according to the WSJ. European Parliament member Birgit Sippel, who is in Germany's Social Democratic Party, said the "framework does not provide any meaningful safeguards against indiscriminate surveillance conducted by US intelligence agencies," according to The New York Times. The Computer & Communications Industry Association, which represents major tech companies like Amazon, Apple, Google and Meta, said: "Today's decision means that EU and US businesses will soon have full legal certainty again to transfer personal data across the Atlantic... Data flows are vital to transatlantic trade and the EU-US economic relationship, which is worth 5.5 trillion euros per year. Nevertheless, the two economies had been left without guidelines for data transfers after an EU Court ruling invalidated the previous framework back in 2020."

Read more of this story at Slashdot.