US president Joe Biden and EU chief Ursula von der Leyen announced on Friday that the US and the EU have agreed upon a new framework on a new data sharing system.
"The framework underscores our commitment to privacy, to data protection and to the rule of law," said Biden. "It will enable predictable and trustworthy data flows, balancing security, the right to privacy and data protection," added Commission chief Ursula von der Leyen.
The aim is to stop the torrent of data from the EU that is constantly pouring towards the US by honing in on Analytics, Google's landmark tool to measure web traffic and track user behaviour.
A free service, in 2021 it was used by over half of all websites and dominates competitors, according to a report by W3Techs site.
Several European data protection authorities have ruled the use of this service illegal within the EU, as it sends data to the US with information which can identify users.
Despite support for stronger data regulation, Austrian data privacy activist Max Schremms of NGO NOYB ( None of Your Business) is sceptical of the new deal, particular stressing that the US will maintain surveillance laws.
- ‘Accept all cookies’: Data Protection Authority wants to know what it means
- Facebook ‘very poor’ at distinguishing political ads, KU Leuven researchers find
- Facebook’s new smart glasses arrive in Belgium
- Belgium 4th in world for cybercrime
"The final text will need more time, once this arrives we will analyse it in depth, together with our US legal experts. If it is not in line with EU law, we or another group will likely challenge it," said Schremms.
In France, CNIL ordered a French company to comply with GDPR and stop using Google Analytics. CNIL received 101 complaints across the EU filed by the Noyb. The complaints were against data controllers allegedly transferring personal data to the US.
The European Court of Justice had highlighted in its Privacy Shield ruling in 2020 that American intelligence services would access personal data transmitted to the US if the data transfers weren't properly regulated, according to Cnil.