American and European Union leaders said on Friday that they had reached an “agreement in principle” to assure that it is legal to transfer personal data across the Atlantic, after a previous pact was struck down when a court found it did not do enough to shield Europeans from American surveillance programs.
President Biden said at a news conference in Brussels that the agreement included “unprecedented protections for data privacy and security for our citizens.”
The deal includes a way for Europeans to object if they feel that their privacy has been violated, including through an “independent Data Protection Review Court,” the White House said in a fact sheet released after the news conference. The deal still needs to be made final, the United States and the European Commission said in a joint statement, adding that the White House would put its commitments in an executive order.
Businesses that send European Union data to American servers have pushed hard for the governments to reach a new deal. Since the last pact was struck down more than 18 months ago, regulators in European countries have said companies cannot use certain web services, like Google Analytics and Mailchimp, because doing so could violate the privacy rights of Europeans.
Meta, the parent company of Facebook, said this year that it might shut down its services in Europe if the governments didn’t resolve their differences. Google’s top lawyer had urged “quick action to restore a practical framework that both protects privacy and promotes prosperity.”
The Friday announcement is the latest development in a lengthy debate about how far governments and tech companies should go to protect users’ privacy. Europe’s top court twice struck down pacts governing data flows between the United States and the European Union over concerns that the data would be exposed to American surveillance programs.
“With concern growing about the global internet fragmenting, this agreement will help keep people connected and services running,” Nick Clegg, the president of global affairs at Meta, wrote on Twitter. “It will provide invaluable certainty for American and European companies of all sizes, including Meta, who rely on transferring data quickly and safely.”
But it was unclear if the new pact would be enough to satisfy the concerns of privacy campaigners. Max Schrems, an activist whose group Noyb (as in: “none of your business”) has led efforts to invalidate the trans-Atlantic agreements, said in a statement that he was skeptical of the deal and that his organization would carefully analyze the details.
“If it is not in line with E.U. law, we or another group will likely challenge it,” he said.