The EU visit of U.S. President Joe Biden was undoubtedly dominated by the Ukraine war. But other things were also decided. The two parties were not only on the same wavelength when it came to future dealings with Russia. The representatives of both parties were also able to discuss the successor to the Privacy Shield, which has been called for for years. And here, too, a unified picture emerged.
A regulated data transmission at last
The focus of the Privacy Shield agreement, which was ruled unlawful by the ECJ some time ago, was the data transfer of personal information. With the lapse of the joint agreement between the EU and the U.S., legal consequences regularly flared up for U.S. companies that further processed data of EU users on servers in the United States. Only recently, for example, Meta had to accept a hefty fine in the millions. But why had the Privacy Shield failed? The reason is quite simple. The EU simply had no assurance that U.S. intelligence agencies such as the NSA or the CIA could not access user data. Accordingly, it was necessary to negotiate a successor as quickly as possible. Now, with U.S. President Joe Biden and EU Commission President Ursula von der Leyen, the leaders of the two delegations appear to have reached agreement on a new Privacy Shield. Von der Leyen said in reference to the talks:
“This will allow for predictable and trustworthy data flows between the EU and the U.S. and ensure the protection of privacy and civil liberties.”
Details still unknown
Content, meanwhile, does not yet appear to have been part of the initial talks. At least came neither from the U.S. nor from EU information on possible regulations of a successor. However, it is clear that a “Privacy Shield 2.0” would have to be more far-reaching than was the case in its original form. After all, it was precisely the weak design of the data protection agreement that was a thorn in the side of the ECJ. There is simply no point in relying solely on harmonization of data protection law in the context of a data transfer. After all, the levels between the EU and the U.S. are very far apart here. While the EU has strong data protection law, this can be described as rather rudimentary in the USA. Consequently, even with Privacy Shield, EU citizens had no protection against access by U.S. intelligence agencies. This will definitely have to change in a new edition, so that it will also have lasting effect.
Meta’s prayers have been answered
Certainly Meta, with social networks such as Instagram and Facebook, has also played a part in both the EU and the US being interested in a new agreement. After all, the tech company has been suffering from regular friction with data protection authorities of individual EU members for many months. The reason for this was precisely the insecure transfer of data across the pond. This even went so far that Meta itself threatened to at least restrict the service in the EU. If there was no successor to the Privacy Shield, the worst case scenario would have been the shutdown of Instagram, Facebook and the like within the EU. This dispute seems to have been settled soon.
The whole thing is also welcomed by the business community. In view of the advertising effectiveness of social networks from Meta, this is not surprising. The industry association Business Software Alliance is also pleased. After all, even smaller companies can now be pleased that there should soon be more certainty about the legality of data transfers. Meanwhile, we hope that this time the EU and the USA can finally succeed in initiating an effective agreement. Otherwise, finding an effective data protection regime would fail for the third time. However, since only the intention has been expressed so far, but tangible formulations are still missing, we will probably have to be patient for a while.