In 2020, the European Union struck down an attempt by the United States to allow European citizens' personal data to be stored and managed in the U.S.
According to a preliminary deal between the U.S. and the European Commission, trans-Atlantic data flows may begin between the nation and the EU. In a statement, the White House outlined steps the federal government will take to ensure the cybersecurity of European data on U.S. soil.
- Necessary surveillance: The United States will only necessary conduct signals intelligence collection.
- Redress opportunities: European citizens who believe they were surveilled without necessity can complete a redress process that involves impartial third parties.
- Privacy oversight: U.S. intelligence agencies will place a focus on privacy standards and compliance.
U.S. organizations looking to process European data must self-certify their compliance to the data privacy standards agreed upon by the United States and the European Union.
Data privacy professionals have expressed concern about a lack of specific information and legal action to protect European data in the U.S.-European Commission commitment.
According to Mandar Shinde, a data privacy expert and CEO of Blotout, “It's good to see the EU and the U.S. politically moving towards each other on this issue. But, unfortunately, the crucial details are unclear, so two opposing philosophies continue to face each other — American permission for surveillance vs. the European Union’s protection of personal data. As long as this tension is not clearly resolved, any other political idea is likely to fail before the European Court of Justice."