Mar 25, 2022 - Technology

U.S., EU agree on transatlantic data rules

Illustration: Sarah Grillo/Axios

The U.S and European Union have reached an agreement on a new deal enabling data flows across the Atlantic.

Why it matters: After an EU decision struck down a previous arrangement allowing EU- and U.S.-based companies to store and share data despite differing regimes governing data privacy, tech firms stood at risk without a new data deal in place.

Driving the news: President Joe Biden and European Commission President Ursula von der Leyen made the announcement Friday, during the president's trip to Europe.

  • Though specific details on the deal are still emerging, an agreement means long negotiations over how the U.S. handles the privacy of people’s data from the EU are largely complete.

What they're saying: The new agreement is called the Trans-Atlantic Data Privacy Framework, replacing the previous Privacy Shield agreement, per a fact sheet from the White House.

  • "For EU individuals, the deal includes new, high-standard commitments regarding the protection of personal data," the statement reads.
  • "For citizens and companies on both sides of the Atlantic, the deal will enable the continued flow of data that underpins more than $1 trillion in cross-border commerce every year, and will enable businesses of all sizes to compete in each other’s markets."

Details: The deal seeks to give Europeans confidence that U.S. intelligence authorities aren't accessing their personal data via technology and information companies. Those concerns have been the main impetus for needing to make a new agreement, after various court decisions struck previous deals down.

The deal, which will include the White House publishing an executive order outlining its commitments, includes:

  • efforts to "strengthen the privacy and civil liberties safeguards governing U.S. signals intelligence activities," with new oversight procedures;
  • limited signals intelligence collection to be "undertaken only where necessary to advance legitimate national security objectives, and must not disproportionately impact the protection of individual privacy and civil liberties";
  • and the ability for Europeans to contest cases where they feel their data was improperly obtained.

What they're saying: "The new framework agreed to by the EU and the U.S. sets a very high standard for how governments should seek to access Europeans’ personal data and contains important rights for individuals to obtain redress if their data is accessed inappropriately," wrote Microsoft's chief privacy officer Julie Brill in a blog post.

  • “Moving data freely and securely across the Atlantic is critical to businesses of all sizes and in all industry sectors,” Victoria Espinel, president and CEO of BSA, which represents software companies, said in a statement. “Today’s announcement will help restore trust, provide legal certainty, and support the digital transformation of thousands of businesses in Europe and the United States.” 

Editor's note: This story has been updated with new details about the data-sharing agreement.

Go deeper