×

Your guide to the key EU-US data-sharing pact

A Facebook data center in Prineville, Oregon.
Meg Roussos | Bloomberg | Getty Images
A Facebook data center in Prineville, Oregon.

Europe and the U.S. have struck a new deal to allow the easy transfer of citizens' personal data across the Atlantic by companies such as Facebook and Apple after the last agreement was ruled "invalid" by top judges .

The latest European Union (EU)-U.S. deal is called the "Privacy Shield" and has put safeguards in place to protect people's data from mass surveillance and to allow European citizens to seek redress if they feel their data has been misused in America.

Here's what you need to know :.



Why was the last deal ripped up?

The former agreement, known as "Safe Harbor", was deemed "invalid" by the European Court of Justice (ECJ), the EU's top court.

The Safe Harbor agreement allowed U.S. companies to transfer European citizens' data to America, provided where it was being sent to had privacy protections that met EU standards.

In the wake of the U.S. surveillance revelations by former National Security Agency (NSA) contractor Edward Snowden, Austrian student Max Schrems filed a complaint against Facebook to the Irish data protection authority.

He claimed that Snowden's leaks showed Facebook wasn't sufficiently protecting user data as the NSA was carrying out mass surveillance on technology companies, claims the social network has denied. When the case was escalated to the ECJ, judges found that Schrems had a case and the Safe Harbor agreement was ended.


What does the new deal entail?

The Privacy Shield will include the following elements:

  • The office of the director of national intelligence will provide written assurances that the U.S. will not carry out "indiscriminate mass surveillance" on personal data transferred to America.
  • The European Commission and U.S. Department of Commerce will do an annual joint review to check the agreement is being adhered to.
  • A new ombudsman will be created who's job will be to collect EU citizens' complaints about possible misuse of their data by national intelligence authorities

Lawyers said that the EU-US data transfer agreement now has "serious teeth".

"The new framework will require stronger compliance and data protection measures which will give individuals enhanced guarantees and assurances around the safety and protection of their data," Dyann Heward-Mills, Baker & McKenzie's head of data protection, told CNBC by email.

Is everyone happy?

Many groups that represent technology companies, which had warned of massive disruption to business if a new deal was not found, welcomed the result.

However, Schrems has his concerns.

"A couple of letters by the outgoing Obama administration is by no means a legal basis to guarantee the fundamental rights of 500 million European users in the long run, when there is explicit US law allowing mass surveillance," he wrote in a letter.

"We don't know the exact legal structure yet, but this could amount to obviously disregarding the Court's judgment… I doubt that a European can walk to a US court and claim his fundamental rights based on a letter by someone."

Schrems added that he may event challenge the proposals depending on the final text.


What next?

National data protection authorities in Europe will get a chance to have their say on the proposals. Member states will also be able to give their opinion.

Some are convinced that the agreement will face legal challenges.

"Keeping in mind that this new safe harbor will almost certainly be challenged by civil liberties groups – and possibly even some data protection authorities – pretty much immediately, only the foolhardy would place want to place their trust in a new safe harbor right now," Phil Lee, partner at law firm Fieldfisher said.