The European Comission approved a pact that allows companies like Meta or Google to store the data of European citizens in the United States. The EU-US Data Privacy Framework. The U.S. warrants that personal information you will be able to move safely from the EU to US companies, as long as they meet a series of requirements. The agreement comes three years after the Court of Justice of the European Union invalidated the controversial Privacy Shield for security concerns.
According to the Commission, the new Privacy Framework introduces guarantees such as the limitation of access by United States intelligence services to the data of European citizens. It also provides for the creation of a Tribunal that would have powers to suppress the transfer when companies do not comply with the guarantees.
Although the pact is a breather for social media companies, adopting it does not imply that they will be able to do whatever they please. The large technology companies that adhere must comply with a series of privacy obligations. Among them is a rule that dictates that must delete personal data when it is no longer neededguarantee their protection when they are shared with third parties, or establish specific safeguards when it comes to sensitive information (medical information, origin, political affiliation, etc.).
Some principles of the EU-US Data Privacy Framework. USA
- Personal data must be processed lawfully and fairly. It must be collected for a specific purpose and then used only to the extent that this is not incompatible with the purpose of the processing.
- Interested parties must be informed of the main characteristics of the processing of their personal data.
- An organization may not process personal data in a way that is incompatible with the purpose for which it was originally collected or subsequently authorized by the data subject.
- Organizations must obtain the express and affirmative consent of individuals to use sensitive information for purposes other than those for which it was originally collected.
- Before using personal data for a new purpose or disclosing it to a third party, the organization must give data subjects the opportunity to object.
- Personal data must also be processed in a way that ensures its security, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage.
The Commission stated that if companies mistreat of personal information, users will be able to request a repair. The Framework also limits access to US public administrations to “what is necessary and proportionate to protect national security.”
How secure is your data?
According to Ursula von der Leyen, the new Privacy Framework guarantees the secure circulation of data and establishes legal certainty for companies. The President of the European Commission indicates that the United States “has fulfilled unprecedented commitments in order to establish the new framework.” European and American authorities have been negotiating for three years to reach an agreement that allows the flow of information.
After the entry into force of this agreement, the Commission, in conjunction with data protection authorities, They will carry out periodic reviews to guarantee their operation.. The first will take place in one year and will serve to verify whether the elements have been fully implemented and are effective in practice.
Although von der Leyen and Biden are confident of what was agreed, the last word rests with the High Court of the European Union. Let us remember that national security and law enforcement requirements in the United States can interfere with the fundamental rights of individuals. The Privacy Shield fell for that reason and there is no guarantee that the Data Privacy Framework will come to pass.