Written as editor of the New Statesman’s NS Tech and first published here.

The controversial new EU and US cross-border commercial data transfer deal Privacy Shield has passed a final vote by member states’ representatives in Europe.

Privacy Shield replaces the old Safe Harbor framework, which was struck down by the European Court of Justice after a legal challenge following Ed Snowden’s US government spying revelations.

It is intended to ensure greater privacy for Europeans whose consumer data is being processed in the US by companies like Facebook and Google.

“The EU-US Privacy Shield will ensure a high level of protection for individuals and legal certainty for business,” the European Commission’s VP for the Digital Single Market Andrus Ansip said in a statement.

“It is fundamentally different from the old ‘Safe Harbour’. It imposes clear and strong obligations on companies handling the data and makes sure that these rules are followed and enforced in practice.

“For the first time, the US has given the EU written assurance that the access of public authorities for law enforcement and national security will be subject to clear limitations, safeguards and oversight mechanisms and has ruled out indiscriminate mass surveillance of European citizens’ data.

“And last but not least the Privacy Shield protects fundamental rights and provides for several accessible and affordable redress mechanisms.”

The new deal was rejected in its current form by the EU’s data protection group Article 29 for being “complex” and “unclear”. There were four countries that abstained on this latest vote too, Austria, Slovenia, Croatia and Bulgaria.

But that doesn’t matter now, it is set to be fully approved by the Commission next week, then the US will sign it.

At least this ends months of uncertainty for business, who needs privacy anyway?