US, EU Reach Deal on New Data-Transfer Framework

The United States and the European Union reached a deal on a new data-transfer framework, potentially giving breathing room to thousands of companies that move information across the Atlantic.

In a last-minute deal, made a day after a deadline set by EU privacy regulators expired, the EU said the US conceded to making binding assurances that personal information about Europeans wouldn't be subject to mass surveillance when it is copied to US servers. However, it isn’t clear how privacy regulators will react to the deal. The commitments include a written letter from the Office of the Director of National Intelligence, as well as a promise by US Secretary of State John Kerry to establish an ombudsman to follow up on complaints from EU citizens and ensure that the US keeps its commitments, the EU said. The terms could especially benefit big American companies like Google, Facebook and Amazon that tend to dominate Internet searches, social media and digital commerce in Europe. But it is also meant to let nontech companies like the drugmaker Pfizer and the industrial conglomerate General Electric continue to send customer and employee data between the United States and Europe. Most sensitive, perhaps, are provisions demanded by the European Commission, the executive arm of the European Union, aimed at limiting how American intelligence agencies collect data on Europeans when companies send their personal information to the United States. Many obstacles still await the deal, which must be officially approved by the union’s 28 member states.