If you rely on an open, global internet, you’ll want the European Union and the U.S. government to agree soon on a new data framework to keep the services you use up and running. People increasingly rely on data flows for everything from online shopping, travel, and shipping, to office collaboration, customer management, and security operations. The ability to share information underpins global economies and powers a range of services like high-value manufacturing, media, and information services. And over the next decade, these services will contribute hundreds of billion euros to Europe’s economy alone.
But those data flows, that convenience, and those economic benefits are more and more at risk. Last week, Austria’s data protection authority ruled that a local web publisher’s implementation of Google Analytics did not provide an adequate level of protection, on the grounds that U.S. national security agencies have a theoretical ability to access user data. But Google has offered Analytics-related services to global businesses for more than 15 years and in all that time has never once received the type of demand the DPA speculated about. And we don’t expect to receive one because such a demand would be unlikely to fall within the narrow scope of the relevant law.
The European Court of Justice’s July 2020 ruling did not impose an inflexible standard under which the mere possibility of exposure of data to another government required stopping the global movement of data. We are convinced that the extensive supplementary measures we offer to our customers ensure the practical and effective protection of data to any reasonable standard.
While this decision directly affects only one particular publisher and its specific circumstances, it may portend broader challenges. If a theoretical risk of data access were enough to block data flows, that would pose a risk for many publishers and small businesses who use the web, andhighlight the lack of legal stability for international data flows facing the entire European and American business ecosystem.
Businesses in both Europe and the U.S. are looking to the European Commission and the U.S. Department of Commerce to quickly finalize a successor agreement to the Privacy Shield that will resolve these issues. Both companies and civil society have been supporting reforms based on an evidence-based approach. The stakes are too high — and international trade between Europe and the U.S. too important to the livelihoods of millions of people — to fail at finding a prompt solution to this imminent problem.
A durable framework — one that provides stability for companies offering valuable services in Europe — will help everyone, at a critical moment for our economies. A new framework will bolster the transatlantic relationship, ensure the stability of transatlantic commerce, help businesses of all sizes to participate in the global digital economy, and avoid potentially serious disruptions of supply chains and transatlantic trade. And it will assure continued protection of people’s right to privacy on both sides of the Atlantic.
We strongly support an accord, and have for many years supported reasonable rules governing government access to user data. We have long advocated for government transparency, lawful processes, and surveillance reform. We were the first major company to create a Transparency Report on government requests for user data, were founding members of the Global Network Initiative and the Reform Government Surveillance coalition, and support the OECD’s workstream on government access to data. At this juncture, we urge both governments to take a flexible and aligned approach to resolving this important issue.
As the governments finalize an agreement, we remain committed to upholding the highest standards of data protection in all our products, and are focused on meeting the needs of our customers as we wait for a revised agreement. But we urge quick action to restore a practical framework that both protects privacy and promotes prosperity.