Officials from Europe and the U.S. said Tuesday they have agreed to a framework for a new pact that will allow tech companies to transfer data about Europeans to America.
Broadly, the "EU-US Privacy Shield" will require U.S. companies to "commit to robust obligations on how personal data is processed and individual rights are guaranteed," the European Commission stated. The Department of Commerce will now monitor those commitments, which are enforceable by the Federal Trade Commission, the EC stated.
The U.S. also will appoint an ombudsman who will hear complaints from Europeans at the request of privacy officials in their own countries. European officials added that the U.S. has provided "written assurances" that the authorities won't engage in "indiscriminate mass surveillance" on European's data.
Officials only released the broad contours of the agreement, so many of the specifics remain known. A more detailed draft is expected to be unveiled in several weeks.
But it's not yet clear that this pact will be finalized. EU's individual members must still approve it, and some privacy activists are already prepping a court challenge, according to The New York Times.
Some privacy advocates in the U.S. also oppose the deal. Jeff Chester, executive director of the Center for Digital Democracy, says the pact "weakens protections for both Europeans and Americans."
If the deal goes through, the Privacy Shield will replace the 2000 "safe harbor" agreement, which was invalidated by Europe's highest court in October. The EU court said the old agreement didn't adequately protect Europeans' privacy because the U.S. allows the government to monitor communications. That decision appeared to stem largely from concern over former NSA contractor Ed Snowden's revelations about mass surveillance.
More than 4,000 U.S. companies that do business in Europe relied on that former agreement to transfer data from the EU to America, according to the think tank Future of Privacy Forum.
The Interactive Advertising Bureau and Direct Marketing Association cheered news of the agreement. “This new agreement provides certainty to American and European businesses that trans-Atlantic data flows may continue and confirms the establishment of clear safeguards for protecting individual privacy rights," DMA Vice President of Advocacy Christopher Oswald said in a statement.
Microsoft's Brad Smith, president and chief legal officer, tweeted that the announcement "represents a vital step in maintaining data flows and strengthening confidence in the cloud."