The names always sounded promising. First “Safe Harbor” – a safe harbor for personal data. Later “Privacy Shield” – a protective shield for privacy. But the two Internet agreements concluded between the EU and the USA were overturned by a court years ago. The reason given at the time was that they allowed America’s secret services to access the information of European Internet users. Now there should be a third deal. He might fail again.
It is a key question for the European and American economy and for millions of people: are Google, Amazon, Facebook, Instagram, WhatsApp and all the other US platforms allowed to transfer personal data of German, French, Italian users to the United States? And how is the information protected there? In the end, what is at stake is nothing less than the future of tech companies in Europe and the privacy of EU citizens.
Facebook has already threatened to leave the EU if data is no longer allowed to be sent to the USA. But experts see this as a PR stunt, an attempt to put pressure on the Commission in Brussels. One thing is clear: there is currently uncertainty. Put simply, there is no legal framework that covers all types of data transfers between Europe and America.
In 2015, the European Court of Justice (ECJ) declared Safe Harbor invalid, followed in 2020 by the successor Privacy Shield. Because both agreements, the lawyers argued, fell short of the standards for data protection that apply in the EU. Above all, the ECJ criticized the fact that US secret services – as the whistleblower Edward Snowden revealed in 2013 – can siphon off masses of data without suspicion.
Now, after three years of negotiations, Europe and America are trying again. The title of the planned agreement this time is quite simply: “Trans-Atlantic Data Privacy Framework”, or TADPF for short. The pact aims to ensure that data from internet users in the EU can continue to flow to the USA. The internet companies are happy – but there is resistance in Brussels. This is shown by a first, unpublished draft report by the European Parliament, which is available to WELT.
The central statement: Parliament rejects the data deal agreed upon by the US government and the EU Commission. The Spaniard Juan Fernando López Aguilar, chairman of the interior committee responsible for the agreement, writes: The USA cannot be accorded “adequacy” in terms of data protection. This means that the level of protection for personal information in America – still – falls short of EU standards.
Others see it similarly. “The planned data protection agreement between the EU and the USA is old wine in new bottles,” says Moritz Körner, member of the FDP in the EU Parliament, to WELT. “The Commission’s new adequacy decision will not withstand an ECJ review.” The legal uncertainty, says Körner, remains. And that is poison for the economy.
The American proposals do not go far enough for Körner. “The goal of the US government,” he says, “is obviously to offer the EU Commission a political fig leaf with cosmetic changes so that data can flow freely again.” The new agreement will continue to allow authorities in the United States to monitor Europeans, criticizes Körner. In the next step, the EU states must agree to the deal, but that is considered a formality. Parliament can only make one recommendation.
The American government claims that with TADPF, secret services have less access to the personal data of foreigners than they did with Safe Harbor and Privacy Shield. But is that so? Not only the MPs in Brussels are skeptical.
“The new agreement is a misnomer,” says Thilo Weichert from the network data protection expertise. “There are no changes in content, you just exchanged a few words.” For example, it was said in the earlier agreements that the processing of data in the USA had to be “tailored”, now the talk is of “proportionate”. In truth, according to Weichert, the US secret services could continue as before. And there is no way for Europeans to take action before an independent court.
Weichert also believes that the agreement will not last long. “The EU Commission should recognize TADPF as appropriate,” he says. “But that will only be a temporary solution again.” It is to be expected that the ECJ will overturn the agreement in the event of a lawsuit.
An Austrian, Max Schrems, had sued Safe Harbor and Privacy Shield. The judgments of the ECJ are therefore known as Schrems I and Schrems II. Schrems III could soon follow. Because the lawyer wants to go back to court.
“Unfortunately we will have to do it again, even if I personally really don’t feel like it,” says Schrems to WELT. “The ECJ has now held twice that US surveillance cannot be reconciled with EU fundamental rights.” The EU Commission is biting its teeth at the USA. The government in Washington is not prepared to change the legal basis that allows the secret services to tap data from European Internet users. Instead, new data packages between Europe and America would only be provided with nice-sounding formulations.
The ECJ will soon be dealing with the issue of data protection again. And not even the EU itself seems fully convinced that its agreement will survive. Justice Commissioner Didier Reynders recently said that on a scale of one to ten, TADPF should have a “seven to eight” chance of being in court.
“Everything on shares” is the daily stock exchange shot from the WELT business editorial team. Every morning from 5 a.m. with the financial journalists from WELT. For stock market experts and beginners. Subscribe to the podcast on Spotify, Apple Podcast, Amazon Music and Deezer. Or directly via RSS feed.
