The European Union has begun critical talks with the US to rebuild a data-sharing deal that covers 800m people on both sides of the Atlantic.
The Privacy Shield, the mechanism that allows thousands of companies to freely transfer personal data between the EU and the US, was invalidated after a landmark decision from Europe’s top court on July 16, dealing a blow to thousands of companies who depend on it to conduct ordinary business.
Wilbur Ross, US Secretary of Commerce, said: “The European Union and the United States recognise the vital importance of data protection and the significance of cross-border data transfers to our citizens and economies.
“We share a commitment to privacy and the rule of law, and to further deepening our economic relationship, and have collaborated on these matters for several decades.”
The European Court of Justice threw out the framework amid concerns that government surveillance meant the US could not guarantee the privacy of Europeans to a standard set by the General Data Protection Regulation.
Failure to reach an agreement could complicate Britain’s negotiations over its own treaty that would allow continued data transfers between the UK and EU after the end of the Brexit transition period on December 31.
Boris Johnson suggested earlier this year that the UK was planning to set up sovereign controls over its data, and could diverge away from EU rules. Britons are currently protected under the EU's GDPR.
The EU began looking into the way that the US gathers and holds onto the information of people living in Europe after Austrian activist Max Schrems filed a complaint in 2013.
Mr Schrems, a law student, filed the complaint against Facebook, which has its European headquarters in Dublin, Ireland, arguing that it should not hold onto his personal data in the US because the privacy laws are weaker there.
He filed the complaint after classified documents were leaked by former National Security Agency contractor Edward Snowden, revealing how the US government monitored people through online communications. The documents detailed how Facebook gave officials access to account information belonging to European citizens.
The Privacy Shield became operational on 1 August 2016, imposing stronger obligations on US companies to protect Europeans’ personal data than that of Americans. It required the US to cooperate more with European Data Protection Authorities.
The Court of Justice of the European Union ruled against the Privacy Shield in the July Schrems II case.