The US and EU finalized a long-awaited data-sharing agreement that will allow personal data to continue flowing freely between the two regions. The deal establishes an independent review body for Europeans to appeal potential improper data collection by US intelligence agencies. It also outlines more clearly when intelligence agencies can access personal data of EU residents and how Europeans can appeal such collection. Some privacy advocates and EU lawmakers remain skeptical that it does enough to curb US mass surveillance.

1. 19/7/23, 1:42 PM
U.S. and E.U. Finalize Long-Awaited Deal on Sharing Data - The New York Times
Page 1 of 6
https://www.nytimes.com/2023/07/10/technology/us-eu-data-privacy-deal.html
U.S. and E.U. Complete Long-
Awaited Deal on Sharing Data
The agreement ends legal uncertainty for Meta,
Google and scores of companies — at least for now.
July 10, 2023

2. 19/7/23, 1:42 PM
U.S. and E.U. Finalize Long-Awaited Deal on Sharing Data - The New York Times
Page 2 of 6
https://www.nytimes.com/2023/07/10/technology/us-eu-data-privacy-deal.html
Didier Reynders, a European commissioner, helped negotiate a data-sharing deal with his U.S.
counterparts.Ksenia Kuleshova for The New York Times
Didier Reynders, a European commissioner, helped negotiate a data-

3. 19/7/23, 1:42 PM
U.S. and E.U. Finalize Long-Awaited Deal on Sharing Data - The New York Times
Page 3 of 6
https://www.nytimes.com/2023/07/10/technology/us-eu-data-privacy-deal.html
sharing deal with his U.S. counterparts.Ksenia Kuleshova for The New
York Times
A deal to ensure that data from Meta, Google and scores of other
companies can continue flowing between the United States and the
European Union was completed on Monday, after the digital transfer of
personal information between the two jurisdictions had been thrown into
doubt because of privacy concerns.
The decision adopted by the European Commission is the final step in a
yearslong process and resolves — at least for now — a dispute about
American intelligence agencies’ ability to gain access to data about
European Union residents. The debate pitted U.S. national security
concerns against European privacy rights.
The accord, known as the E.U.-U.S. Data Privacy Framework, gives
Europeans the ability to object when they believe their personal
information has been collected improperly by American intelligence
agencies. An independent review body made up of American judges,
called the Data Protection Review Court, will be created to hear such
appeals.
Didier Reynders, the European commissioner who helped negotiate the
agreement with the U.S. attorney general, Merrick B. Garland, and
Commerce Secretary Gina Raimondo, called it a “robust solution.” The
deal sets out more clearly when intelligence agencies are able to retrieve
personal information about people in the European Union and outlines
how Europeans can appeal such collection, he said.
“It’s a real change,” Mr. Reynders said in an interview. “Protection is
traveling with the data.”
President Biden issued an executive order laying the groundwork for the
deal in October, requiring American intelligence officials to add more

4. 19/7/23, 1:42 PM
U.S. and E.U. Finalize Long-Awaited Deal on Sharing Data - The New York Times
Page 4 of 6
https://www.nytimes.com/2023/07/10/technology/us-eu-data-privacy-deal.html
protections for the collection of digital information, including by making
them proportionate to the national security risks.
The trans-Atlantic agreement was a top priority for the world’s biggest
technology companies and thousands of other multinational businesses
that rely on the free flow of data. The deal replaces an accord known as
Privacy Shield, which the European Union’s highest court invalidated in
2020 because it did not include enough privacy protections.
The lack of an agreement had created legal uncertainty. In May, a
European privacy regulator pointed to the 2020 judgment when fining
Meta 1.2 billion euros ($1.3 billion) and ordering it to stop sending
information about Facebook users in the European Union to the United
States. Meta, like many businesses, moves data from Europe to the United
States, where it has its headquarters and many of its data centers.
Other European privacy regulators ruled that services provided by
American companies, including Google Analytics and MailChimp, could
violate Europeans’ privacy rights because they moved data through the
United States.
The issue traces back to when Edward Snowden, a former U.S. national
security contractor, released details of how America’s foreign surveillance
apparatus tapped into data stored by American tech and
telecommunications companies. Under laws such as the Foreign
Intelligence Surveillance Act, U.S. intelligence agencies may seek access
to data about international users from companies for national security
purposes.
After the disclosure, an Austrian privacy activist, Max Schrems, began a
legal challenge arguing that Facebook’s storage of his data in the United
States violated his European privacy rights. The European Union’s top
court agreed, striking down two previous trans-Atlantic data-sharing
pacts.

5. 19/7/23, 1:42 PM
U.S. and E.U. Finalize Long-Awaited Deal on Sharing Data - The New York Times
Page 5 of 6
https://www.nytimes.com/2023/07/10/technology/us-eu-data-privacy-deal.html
On Monday, Mr. Schrems said he planned to sue again.
“Just announcing that something is ‘new,’ ‘robust’ or ‘effective’ does not
cut it before the Court of Justice,” Mr. Schrems said in a statement,
referring to the European Union’s top court. “We would need changes in
U.S. surveillance law to make this work — and we simply don’t have it.”
Max Schrems, an Austrian online privacy activist, founded the campaign group NOYB (None of Your
Business).Joe Klamar/Agence France-Presse — Getty Images
Members of the European Parliament criticized the agreement. The
Parliament had no direct role in the negotiations, but passed a nonbinding

6. 19/7/23, 1:42 PM
U.S. and E.U. Finalize Long-Awaited Deal on Sharing Data - The New York Times
Page 6 of 6
https://www.nytimes.com/2023/07/10/technology/us-eu-data-privacy-deal.html
resolution in May that said the agreement failed to create adequate
protection.
“The framework does not provide any meaningful safeguards against
indiscriminate surveillance conducted by U.S. intelligence agencies,” said
Birgit Sippel, a European lawmaker from the Socialists and Democrats
group who specializes in civil liberties issues. “This lack of protection
leaves Europeans’ personal data vulnerable to mass surveillance,
undermining their privacy rights.”
Mr. Reynders said people should wait to test the new policy in practice.
He said the new framework would establish a system through which
Europeans could raise concerns with the American government. First,
Europeans who suspect that an American intelligence agency is unfairly
collecting their data must file a complaint with their national data
protection regulator. After further review, the authorities will take the
matter to American officials in a process that could eventually reach the
new review panel.
Ms. Raimondo said this month that the U.S. Department of Justice had
established that the European Union’s 27 countries would have access to
the tools that allowed them to complain about abuses of their rights. She
said the Office of the Director of National Intelligence had also confirmed
that intelligence agencies added the safeguards established in Mr. Biden’s
order.
“This represents the culmination of months of significant collaboration
between the United States and the E.U. and reflects our shared
commitment to facilitating data flows between our respective jurisdictions
while protecting individual rights and personal data,” Ms. Raimondo said in
a recent statement.