US and EU authorities have agreed in principle to new data sharing agreements, months after the existing framework was repealed by the top European court.
On Tuesday, transatlantic diplomats said the new rules have yet to be fleshed out, but the immediate agreement could prevent European regulators from halting data from flowing between the two geographic superpowers.
"We have a deal," Christian Wigand, a spokesperson for the EU, said in a tweet.
The deal still needs political approval, reports Reuters. That could take weeks or months after the rules are formally written.
The European Commission confirmed the news in a statement, calling it a new deal to "protect the fundamental rights of Europeans where their data is transferred to the United States and ensure legal certainty for businesses."
The decision to revoke the so-called Safe Harbor agreement, used by thousands of companies including Silicon Valley tech giants, was declared "invalid" by the European Court of Justice in October.
Sophie in 't Veld, a Dutch member of the European Parliament, said at the time the decision put companies and governments on both sides of the Atlantic in "uncharted territory."
But many companies had backups in the event Safe Harbor was negated, such as the use of model contracts and binding corporate rules, to prevent entering murky legal waters.
Safe Harbor was a vital tool for companies like Facebook, Google, and Microsoft -- among others -- to operate. When US companies operating in Europe sign up to Safe Harbor and transfer data to the US, they promise to protect personal data as though the data is still in Europe, where data protection and privacy laws are stronger.
The long-waited ruling came after a long challenge in the wake of the Edward Snowden disclosures into mass government surveillance. Privacy campaigners said the framework was effectively useless.
One of the sticking points would aim to allay privacy fears by including written guarantees that US intelligence agencies would not have indiscriminate access to data transferred from Europe.
But the deal faces an almost immediate challenge. On Wednesday, European national regulators will determine their own rules on how and when data can be sent outside the EU's borders.
Other legal challenges await if the new rules are passed, some privacy rights groups have warned.
Jan Philipp Albrecht, a member of the European Parliament and privacy advocate, called the agreement a "joke." He said in a tweet that the European Commission "sells out EU fundamental rights and puts itself at risk to be lectured by CJEU again."
Whistleblower Edward Snowden, whose disclosures kickstarted much of the issue, echoed similar sentiments on Twitter.
"Never seen a policy agreement so universally criticized," he said in a tweet, calling the agreement an "accountability shield [not a] privacy shield."
Some, however, commended the deal. The Information Technology and Innovation Foundation (ITIF), a non-profit research group, commended the efforts in a statement, saying the agreement will ensure "continuity for the thousands of U.S. and European companies providing services across the two markets."