But consumer advocates say it's a bad deal.
That makes Microsoft the first big company to throw its weight behind the pact, which hasn’t been launched yet—the negotiations between the EU and U.S. are done, but the European Commission hasn’t yet issued the “adequacy decision” that will set it in motion. The agreement’s predecessor, Safe Harbor, was struck down because U.S. surveillance programs meant it did not offer “adequate” privacy protections to Europeans.
The EU’s privacy regulators are due to give their opinion on the new deal this week and leaks suggest they won’t approve it. They can’t technically stop the commission issuing its adequacy decision, but they can make life very difficult for companies transferring the data if they think the U.S. doesn’t offer adequate protections.
Get Data Sheet, Fortune’s technology newsletter.
Microsoft thinks the deal is great, though. Here’s what John Frank, the firm’s head of EU government affairs, wrote in a Monday blog post:
Privacy Shield is supposed to limit the surveillance that U.S. authorities can carry out on Europeans’ personal information, and place new obligations on the U.S. firms that will be importing the data of their customers or (in the case of multinational corporations) their employees.
Microsoft said it would sign up for the Privacy Shield program, meaning it will need to do things like respond to complaints about data misuse within 45 days, and cooperate with EU privacy regulators.
For more on privacy, watch:
However, also on Monday, the European Consumer Organisation (BEUC) wrote to the EU regulators to complain that the deal “does not adequately protect consumers’ fundamental rights to privacy and data protection.”
BEUC said Privacy Shield suffered from the same flaws as Safe Harbor, chiefly due to a mismatch between the European and American legal systems:
Let’s see what the regulators themselves say later this week.