EU approves US data sharing accord

The European Union has approved a plan allowing companies to keep storing data about Europeans on servers in the U.S. The agreement, known as the E.U.-U.S. Data Privacy Framework, means there won’t be a costly disruption to data flowing between the two areas.

Why it is needed. In 2020 an EU court ruled that a previous data-transfer agreement was illegal because there was no effective way for EU residents to challenge surveillance of their data by the U.S. government. Negotiations for a new pact have been underway for years.

What it does. Under the new agreement, Europeans can object if they believe their personal information has been collected improperly by American intelligence agencies. Those objections will be heard by an independent body of American judges called the Data Protection Review Court.

Dig deeper: EU’s ruling against Facebook a big blow to first-party data usage

“The U.S. has implemented unprecedented commitments to establish the new framework,” EU President Ursula von der Leyen said in a statement. “Today we take an important step to provide trust to citizens that their data is safe, to deepen our economic ties between the EU and the U.S., and at the same time to reaffirm our shared values. It shows that by working together, we can address the most complex issues.”

What it requires. U.S. companies will need to comply with a detailed set of privacy obligations. They include deleting personal data when it is no longer necessary for the purpose for which it was collected, and ensuring continuity of protection when personal data is shared with third parties.

Why we care. This sets aside, for a while, a reckoning over the significant differences between U.S. and EU data privacy rights. America’s laissez-faire approach is the result of legislative inefficiency, not a legal doctrine. Europe, on the other hand, has developed policies and laws based on individuals’ rights to control their personal data.

This clash has cost U.S. corporations. Earlier this year Meta was fined $1.3 billion for storing information about Europeans on U.S. servers. While this particular issue is resolved (Meta is expected to still have to pay the fine), EU regulators are now tightening the rules around the use of data. The more the two systems diverge, the more difficult and costly marketing will become.