I can only describe the decision of the European Union as surprising, and I am sure that for many people it will mean a significant step backwards in terms of the protection of the data of the citizens of the common European space. But hey, first the raw news and then the analysis, in which I would very much like you to actively participate in the conversation through the comments, since it is a matter that concerns us all very directly.
The news, then, is that the European Commission has adopted an adequacy decision for the circulation of EU-US data. safely and confidently. What does this mean? Well, translated into ordinary human, it means that The European Union once again allows the transit of data between the European Union and the United Statessomething that many of the American technology companies that also offer their services in Europe have been demanding for years.
Let us remember that between 2016 and 2020 the Privacy Shield was in force, a bilateral agreement between the European Union and the United States so that this type of movement could be carried out. However, In 2020 the Court of Justice of the European Union annulled this agreement considering that the US legal framework did not preserve the privacy of users to the level required on this side of the Atlantic. Since then there has been no alternative, which has led companies like Meta to threaten to leave the EU, although it is true that shortly after they had no choice but to say “where did I say, I say Diego”.
A little over a year ago there were many signs that an agreement like the Privacy Shield was unrepeatablesince the US legal framework changed to give more powers to the US public administration, including its investigative and espionage services, to invoke the set of rules that allow access to private information, something that technology companies are obliged to comply with, ceding the rights data of its users.
The press release from the European Commission does not evade this point, stating that the agreement «introduces new binding guarantees in order to respond to each of the concerns raised by the Court of Justice of the European Union. These guarantees include limiting access by US intelligence services to EU data to what is necessary and proportionate, and the establishment of a Data Protection Appeal Court, to which EU citizens will have access«.
President Ursula von der Leyen has declared: “The new EU-US Data Privacy Framework it will ensure Europeans the safe circulation of their data and will establish legal certainty for companies on both sides of the Atlantic. Since I reached agreement in principle with President Biden last year, the United States has made unprecedented commitments to establish the new framework. Today we take an important step with the aim of giving citizens the confidence that their data will be safe, of deepening the economic link between the EU and the United States, and, simultaneously, of reaffirming our shared values. It shows that when we work together, we are capable of tackling the most complex issues«.
I can accept that the new legal framework between the European Union and the United States that allows the transit of data from the EU to the US and its processing on that shore of the Atlantic is based on a set of rules that conform to European standards . What worries me is that we have already been aware, in the past, of abuses by both technology companies and US public institutionsand to make it clear, in many of these cases those actions were located very, very far from the current legality.
I hope I’m wrong, but I personally believe that the European Union has taken a step backwards, and it is a big step, in what refers to the protection of the data of its citizens or, better said, for the lack of protection of the same. I remember once again that the European courts annulled Privacy Shield, but it is that they also annulled its predecessor, Safe Habor, before, in 2015. And of course, we must also remember what revelations such as the one carried out by Edward Snowden told us.
What do you think? Do you think that on this occasion we can trust that the data will receive the treatment indicated by the European Union?
