For millions of Europeans, the simple act of checking a social media feed, sending an email, or making an online purchase has carried a quiet, nagging uncertainty for years: where is their personal information going, and how safe is it once it leaves the continent? That uncertainty has now been addressed by a preliminary agreement between the United States and the European Union, a deal that President Joe Biden and European Commission President Ursula von der Leyen announced during Biden’s stop in Brussels on a European tour amid Russia’s war in Ukraine.
The agreement ends a years-long battle over the privacy of data that flows across the Atlantic. It paves the way for Europeans’ personal information, which may include names, ID numbers, geolocation data, online identifiers like IP addresses and emails, and other data used for online advertising, purchases, and communications, to be stored in the U.S. The deal stems from a complaint filed a decade ago by Austrian lawyer and privacy activist Max Schrems, who was concerned about how Facebook handled data transfers.
What the Deal Means for People and Businesses
For the thousands of companies—including tech giants like Google and Facebook—that depend on transferring data between the U.S. and Europe, the announcement provides relief from the uncertainty that had clouded their ability to send data across borders. Europe has much stricter regulations on data privacy than the U.S., and the new arrangement is designed to enhance the Privacy Shield framework. “Today we’ve agreed to unprecedented protections for data privacy and security for our citizens,” Biden said. “This new arrangement will enhance the Privacy Shield framework, promote growth and innovation in Europe and the United States, and help companies — both small and large to compete in the digital economy.”
Von der Leyen said the agreement “will enable predictable and trustworthy data flows between the EU and the U.S., safeguarding the privacy and civil liberties.” The data in question includes “any information that we voluntarily provide or generate when using services and products online,” said Alexandre Roure, an official with the tech trade group CCIA. That includes names, ID numbers and geolocation data, online identifiers like IP addresses and emails, and other information that tech companies use to target ads.
Industry and Activist Reactions
Business groups hailed the announcement. Google said it commended the work by the EU and U.S. to “safeguard transatlantic data transfers.” The agreement came hours after EU officials agreed on sweeping new digital rules to rein in the power of big tech companies such as Facebook and Google. However, Schrems warned that the latest deal could get tied up in the courts. His Vienna-based group NOYB would analyze it in-depth and challenge anything that’s not in line with EU law. “Customers and businesses face more years of legal uncertainty,” Schrems said.
Looking ahead, the focus now shifts to how the agreement will be implemented and whether it can withstand legal scrutiny. With Schrems and NOYB already signaling their intent to challenge any provisions that fall short of EU law, the coming months will determine whether this deal delivers the predictable, trustworthy data flows that both leaders promised, or if the transatlantic data privacy saga is set to continue in courtrooms on both sides of the Atlantic.
