The European Union and the United States have established a new transatlantic data-sharing pact called the EU-US Data Privacy Framework, which allows social media companies to store user data of EU citizens in the US. This agreement mitigates risks for such companies operating in both regions and facilitates the free flow of information.
This pact follows the EU's top court's annulment of the Privacy Shield three years ago, which previously enabled US-based companies to collect and process EU citizens' data. However, the court ruled that the Privacy Shield did not adequately protect users' data from US intelligence agencies. This decision impacted businesses like Meta and Amazon, which rely heavily on data collection.
The annulling of this policy made companies responsible for compliance with the EU's data-transferring policies. Meta and Amazon both faced substantial fines from Ireland's Data Protection Commission and Luxembourg's National Commission for Data Protection, respectively, over their handling of EU residents' data.
The new EU-US Data Privacy Framework is designed to protect companies from such penalties, provided they adhere to its principles. It limits the amount of overseas data accessible to US intelligence and establishes a Data Protection Review Court to investigate complaints and order data deletion. US companies will also need to adhere to privacy obligations, including deleting personal data when no longer necessary and ensuring safeguards are in place when sharing data with third parties.
President of the European Commission, Ursula von der Leyen, stated that this new framework would ensure safe data flows and legal certainty for companies on both sides of the Atlantic. The future of this policy remains uncertain as it awaits the EU court's approval.