Google calls for a secure US-EU “data transfer framework”

Google calls for a secure US-EU “data transfer framework”

The tech giant responds to a series of legal losses for breaking EU privacy laws.

Google is calling on U.S. and European lawmakers to create a new plan for a secure data transfer framework.

Kent Walker, President of Global Affairs and Chief Legal Officer at Google, called for the new framework in a blog post this week. In the post, he laments the fact that the current data framework that is causing issues between the US and the European Union.

“The ability to share information underpins global economies and powers a range of services like high-value manufacturing, media, and information services,” Walker writes. “But those data flows, that convenience, and those economic benefits are more and more at risk.”

Walker then refers to the recent decision by Austria’s data protection authority declaring that a local web publisher’s implementation of Google Analytics did not provide an adequate level of protection. The reason given was that U.S. national security agencies have what Walker dismisses as “a theoretical ability” to access user data.

U.S. Privacy programs: could the third time be the charm?

The EU’s General Data Protection Regulation (GDPR) went into effect in 2018 as a data privacy law to provide more privacy for citizens. In response, U.S. authorities have implemented a series of measures and frameworks designed to accommodate the requirements of the GDPR. At first, the U.S,. implemented a program called “Safe Harbor.” While the European Commission decided that the privacy protection afforded by Safe Harbor was adequate, the European Court of Justice (CJEU) subsequently ruled that the Safe Harbor protections were insufficient.

The Americans then developed a new Privacy program they called “Privacy Shield.” But in July 2020, the CJEU again ruled that the U.S. Privacy Shield regime was inadequate.

In both cases, the primary concern of the European Court was that U.S. authorities have the right to access any data that is housed on U.S.-based servers.

“Businesses in both Europe and the U.S. are looking to the European Commission and the U.S. Department of Commerce to quickly finalize a successor agreement to the Privacy Shield,” Walker writes.

Given that the two previous attempts to assuage the Europeans’ suspicions regarding NSA snooping failed, Walker seems to be fighting an uphill battle. The question thus becomes: is Google powerful enough to take on the U.S. security state?