EU-U.S. data pact kicks off new sharing era

A deal allowing tech companies to send user data between the European Union and the United States was completed Monday, resolving a disagreement over the ability of American intelligence agencies to access EU resident data.

Why it matters: The US and EU have been hammering out different versions of a transatlantic data sharing agreement for years, and officials hope this latest one will stick after previous attempts were struck down.

• Two previous agreements failed after being challenged and struck down by a European court.

The big picture: The EU's tighter data privacy protections put American companies at risk while sending European user data back to the U.S. The agreement aims to provide these firms with standards they can pledge to meet to comply with EU rules.

What they're saying: "This flow of data underpins the $7 trillion-dollar U.S.-EU economic relationship and provides vital benefits to citizens and businesses on both sides of the Atlantic, enabling businesses of all sizes to compete in each other’s markets," reads a statement from the Justice Department.

• "The importance of today’s decision to implement the EU-U.S. Data Privacy Framework cannot be overestimated,” said John Miller, senior vice president for policy for the Information Technology Industry Council.
• "The [framework] establishes a clear and reliable system that protects fundamental rights of citizens, provides legal certainty for businesses, and safeguards the continuity of commercial activities involving the movement of data across borders."

Details: Compared to past agreements, the EU-US Data Privacy Framework has clearer policies around when U.S. intelligence agencies can obtain personal EU resident information and how that process can be appealed.

• President Biden issued an executive order last October around the deal.

Flashback: Without a workable data agreement in place, Ireland's Data Protection Commission fined Meta $1.3 billion for transferring the personal data of European users to the U.S. in May.

The other side: Activist Max Schrems, who sued over the last two agreements for what he saw as inadequate privacy protections, said his pro-privacy group would challenge the decision.