The US and the European Union today released the full text of a transatlantic data transfer agreement that was reached earlier this month, detailing new rules for American tech companies and intelligence agencies. The framework, known as the EU-US Privacy Shield, places tighter restrictions on how American intelligence agencies can access data on European citizens, and calls for the creation of an ombudsman to handle individual complaints of data misuse.
American and European officials agreed to the framework this month after a European court struck down the longstanding Safe Harbor agreement in October. Safe Harbor had been in place since 2000, but was invalidated amid concerns over mass surveillance in the US. EU member states are expected to ratify the new agreement, though European data regulators have yet to approve it, and some privacy groups are planning to challenge it in court.
"a strong agreement that enables transatlantic commerce while safeguarding privacy."
The European Commission today released an adequacy decision on the agreement, effectively giving it a seal of approval, though as The New York Times reports, the EU also released a separate document on Monday calling for the US to strengthen its domestic privacy protections. National data protection agencies and a committee of representatives from EU member states will be consulted on the Privacy Shield agreement before it is adopted as law.
"The new EU-US Privacy Shield provides certainty that will help grow the digital economy by ensuring that thousands of European and American businesses and millions of individuals can continue to access services online," US Secretary of Commerce Penny Pritzker said in a statement Monday. "In the end, we achieved a strong agreement that enables transatlantic commerce while safeguarding privacy."