The European Commission on Tuesday touted a new deal that will continue to allow tech companies such as Google and Facebook to share user data overseas based on a promise from U.S. intelligence officials that EU citizens will not be subject to indiscriminate mass surveillance, in a move that critics said "sells out EU fundamental rights."
"This is just a joke," tweeted Jan Philipp Albrecht, European Parliament member and Green home affairs spokesperson, after the agreement was announced.
The new deal replaces the so-called Safe Harbor agreement that the European Court of Justice struck down in October after documents leaked by NSA whistleblower Edward Snowden exposed PRISM and other mass surveillance programs. Those revelations, the Court said, underscored just how weak user data protections are under U.S. law.
The EU's current data protection rules forbid personal data, like social media posts or financial information, from being moved to outside jurisdictions without adequate privacy protections.
"With billions of dollars of business potentially at stake," the New York Times reports, and more than 4,000 companies likely to be impacted, the deal's proponents herald it as a "privacy shield"—a claim Snowden personally rebuked on Tuesday:
It's not a "Privacy Shield," it's an accountability shield. Never seen a policy agreement so universally criticized. https://t.co/VxXxxkIEPR— Edward Snowden (@Snowden) February 2, 2016
Under the new deal, which was announced two days after negotiators missed a key deadline set by EU regulators, the U.S. agreed to provide annual written assurances from the U.S. Office of the Director of National Intelligence "ruling out indiscriminate mass surveillance on data transferred under the new arrangement," Politico Europe reports.
However, in a press statement on Tuesday, Albrecht remarked on the inadequacy of that provision.
"The proposal foresees no legally binding improvements," Albrecht said. "Instead, it merely relies on a declaration by the U.S. authorities on their interpretation of the legal situation regarding surveillance by U.S. secret services, as well as the creation of an independent but powerless Ombudsman, who would assess citizens' complaints."
"This is a sellout of the fundamental EU right to data protection," he added.
And Max Schrems, the Austrian student who brought the initial complaint against Safe Harbor, echoed those concerns.
"A couple of letters by the outgoing Obama administration is by no means a legal basis to guarantee the fundamental rights of 500 million European users in the long run, when there is explicit U.S. law allowing mass surveillance," he said.
The European Digital Rights association said that the European Commission essentially "announced plans to back down from defending the European Court’s ruling and to accept a new badly flawed arrangement."
"The emperor is trying on a new set of clothes," remarked Joe McNamee, the group's executive director.
According to the Times, the negotiations "were driven by a sense of urgency, as industry executives and trade bodies on both sides of the Atlantic worried that the means for transferring data between two of the world’s largest economies remained in jeopardy."
The agreement must still be officially approved by the European Union’s 28 member states and national data protection authorities must also sign off. Albrecht said that the new framework will surely "be challenged in the European Court of Justice, as it is clear that it does not fulfill the conditions of the court's ruling."