US Tech Companies Allowed to Keep European User Data on US Servers Under New Agreement
The European Union has approved a plan that will enable US tech giants to store data about European users in the US, following a court decision in 2020 that posed a threat to transatlantic e-commerce. The Trans-Atlantic Data Privacy Framework, announced on Monday by the European Commission, allows Europeans to engage with a US court if they believe their data privacy rights have been violated by a US tech platform. President Joe Biden established the Data Protection Review Court through an executive order last year, which has the authority to delete user data and impose other corrective measures. Additionally, the framework restricts access to European user data by US intelligence agencies.
The Trans-Atlantic Data Privacy Framework is the latest chapter in a saga that has been more than a decade in the making. Just earlier this year, the EU fined Metal a record €1.2 billion after finding that Facebook’s practice of transferring EU users’ data to US servers violated the bloc’s digital privacy laws. The EU also ordered Meta to delete the data it had already stored on its US servers if the company has no legal way to store it there by the fall. As The Wall Street Journal points out, Monday’s agreement should allow Metal to avoid deleting the data, but the company may still pay the fine.
Even if a new agreement is reached, it is still unlikely to be smooth sailing for the companies most dependent on cross-border data flows. Max Schrems, a lawyer who successfully challenged the previous Safe Harbor and Privacy Shield agreements that governed transatlantic data transfers before today, told The Journal he plans to challenge the new framework. “We needed changes to US surveillance law to make this work, and we simply don’t have that,” he said. The European Commission says it is confident it can defend its new framework in court.