(Bloomberg) -- The European Union and U.S. broke the deadlock on a new data-transfer pact, potentially avoiding a doomsday scenario for tech giants such as Meta Platforms Inc. and thousands of other firms that rely on free flows of information across the Atlantic.
The EU and U.S. said Friday they agreed in principle to a new accord after a previous arrangement was struck down due to concerns over the power of American agencies to snoop on the information without adequate privacy safeguards.
This new pact will “enable predictable and trustworthy data flows, balancing security, the right to privacy and data protection,” European Commission President Ursula von der Leyen said in a tweet on Friday.
While negotiators will still need to work out the finer details, the result could signal an end to the uncertainty over data flows that led Facebook owner Meta to warn of a potential withdrawal from the EU if the legal vacuum persisted.
The legal fears escalated when the EU Court of Justice, the bloc’s top court, in a surprise 2020 ruling toppled the so-called Privacy Shield, a trans-Atlantic transfer accord, over longstanding fears that citizens’ data wasn’t safe from American surveillance.
While it upheld a separate, contract-based system to keep transferring data, the doubts EU judges expressed about American data protection, has made this a shaky alternative too.
The political agreement on Friday follows a visit by President Joe Biden to Brussels, where he also joined back-to-back summits Thursday with NATO, the Group of Seven and the EU.
The breakthrough was aimed at ensuring data privacy and security and to protect data traffic “which formed the foundation of a $7.1 trillion economic relationship between the US and the EU,” White House National Security Advisor Jake Sullivan told reporters on Air Force One on Friday after the session in Brussels.
The accord “really puts us in a position to ensure that American technology firms -- big firms, yes, but especially small and medium sized firms -- will be protected as we go forward and can fully and safely operate within the context of the US-EU economic transatlantic economic relationship,” Sullivan said.
The EU court’s 2020 ruling forced regulators on both sides of the Atlantic and EU data protection authorities back to the drawing board, grappling with the ramifications amid doubts about the safety of EU user data once it’s been shipped to the U.S. The ruling meant thousands of businesses that ship commercial data to the U.S. had to figure out alternative ways to keep their data flowing.
Data transfers have been fraught with difficulty for years, with EU judges unafraid to weigh in. The EU top court in 2015 struck down an earlier trans-Atlantic data-transfer system, called Safe Harbor, over concerns U.S. spies could get unfettered access to EU data.
The controversy stretches back to 2013, when former contractor Edward Snowden exposed the extent of spying by the U.S. National Security Agency. Privacy campaigner Max Schrems has been challenging Facebook in the Irish courts -- where the social media company has its European base -- arguing that EU citizens’ data is at risk the moment it gets transferred to the U.S.
Schrems said on Friday he’s not convinced that the new draft accord would solve the problems of the previous ones and questioned the timing of the announcement.
“The deal was apparently a symbol that von der Leyen wanted, but does not have support among experts in Brussels, as the U.S. did not move,” he said in an emailed statement. “It is especially appalling that the U.S. has allegedly used the war on Ukraine to push the EU on this economic matter.”