EU-U.S. commercial data transfer pact enters into force

Servers for data storage are seen at Advania’s Thor Data Center in Hafnarfjordur, Iceland August 7, 2015.

Reuters/Sigtryggur Ari

A new commercial data pact between the European Union and the United States entered into force on Tuesday, ending months of uncertainty over cross-border data flows, and companies such as Google, Facebook and Microsoft can sign up from August 1.

The EU-U.S. Privacy Shield will give businesses moving personal data across the Atlantic – from human resources information to people’s browsing histories to hotel bookings – an easy way to do so without falling foul of tough EU data transferral rules.

The previous such framework, Safe Harbour, was struck down by the EU’s top court in October on the grounds that it allowed U.S. agents too much access to Europeans’ data.

Revelations three years ago from former U.S. intelligence contractor Edward Snowden of mass U.S. surveillance practices caused political outrage in Europe and stoked mistrust of big U.S. tech companies.

In the months that followed the EU ruling companies have had to rely on other more cumbersome mechanisms for legally transferring data to the United States.

The Privacy Shield will underpin over $250 billion dollars of transatlantic trade in digital services annually.

On Monday Microsoft said it had started the process of implementing the requirements of the Privacy Shield – which includes stricter rules on how companies may use data – and would sign up to it as soon as possible.

The Privacy Shield seeks to strengthen the protection of Europeans whose data is moved to U.S. servers by giving EU citizens greater means to seek redress in case of disputes, including through a new privacy ombudsman within the State Department who will deal with complaints from EU citizens about U.S. spying.

However the framework also faces criticism from privacy advocates for not going far enough in protecting Europeans’ data and is widely expected to be challenged in court.

Max Schrems, the Austrian law student who successfully challenged Safe Harbour, said the Privacy Shield was “little more than a little upgrade to Safe Harbour”. However he added that he did not have plans to challenge it himself for the time being.

“We are confident the framework will withstand further scrutiny,” Penny Pritzker, U.S. Secretary of Commerce, told a news conference.

(Reporting by Julia Fioretti; Editing by Alexandra Hudson)