European officials Tuesday agreed to a deal with the United States that would let Google, Amazon, and thousands of other businesses continue moving people’s digital data, including social media posts and financial information, back and forth across the Atlantic.
With billions of dollars of business potentially at stake, the data-transfer deal was the result of more than three months of often tense negotiations between US and EU policy makers, who have clashed over what level of privacy individuals can expect when companies and government agencies follow ever-expanding digital footprints.
Part of the challenge is balancing individuals’ privacy concerns with national security obligations, particularly in light of mounting fears about international terrorism.
The agreement announced Tuesday aims to address those privacy concerns and strike that balance by including written guarantees by the United States — to be reviewed annually — that US intelligence agencies would not have indiscriminate access to Europeans’ digital data when it is sent across the Atlantic. Whether that provision will reassure privacy-rights groups remains to be seen.
Many obstacles still await the deal, which must be officially approved by the European Union’s 28 member states. National data protection regulators have yet to give their support to the pact, and European privacy-rights advocates are preparing to file legal challenges seeking to overturn it.
The data-transfer agreement, replacing a 15-year-old pact that Europe’s highest court struck down in October, is intended to let the free flow of digital data — the lifeblood of many global businesses — continue as usual.
In seeking to ensure the continued free flow of digital data, the deal announced Tuesday could especially benefit big US companies like Google, Facebook, and Amazon that tend to dominate Internet searches, social media, and digital commerce in Europe. But it is also meant to let nontech companies like the drugmaker Pfizer and the industrial conglomerate General Electric continue to send customer and employee data between the United States and Europe.
Europe’s privacy watchdogs had demanded that European and US officials agree to a new deal by Jan. 31. Although negotiators missed that deadline, they had been meeting almost continuously in Brussels since Sunday to hammer out an agreement. They were driven by a sense of urgency, as industry executives and trade bodies on both sides of the Atlantic worried that the means for transferring data between two of the world’s largest economies remained in jeopardy.
Most sensitive, perhaps, were provisions demanded by the European Commission, the executive arm of the European Union, aimed at limiting how US intelligence agencies collect data on Europeans when companies send their personal information to the United States. The US negotiators, in response, agreed to provide the annual written assurances.
These guarantees, European officials said, will be reviewed each year, with US and European policy makers meeting to ensure that the strict privacy rights of Europe’s more than 500 million citizens are respected by US agencies.
“We will hold the US accountable on the commitments that they have made,’’ Vera Jourova, the EU’s justice commissioner who has led the negotiating team, said Tuesday.
Both sides will now spend the next two weeks completing the details of the new pact, which is to be called the EU-US Privacy Shield. If approved, it would go into effect by early April.
But the deal’s first hurdle comes Wednesday, when Europe’s increasingly powerful national privacy agencies plan to pass their own judgment on how data can be safely transferred outside the European Union.