Brussels and Washington reached a deal Tuesday on a new system to protect transatlantic data transfers, the European Commission announced, after the previous framework was struck down last year by an EU court.
"Goodbye Safe Harbor!" EU Justice Commissioner Vera Jourova wrote on Twitter. "New EU-US data protection framework agreed."
Since 2000, the Safe Harbor system had regulated how businesses in the European Union and the United States share data. But in November, the European Court of Justice (ECJ) found that the deal did not fully safeguard the rights of EU citizens.
The new deal - which still requires the approval of EU member states - replaces Safe Harbor, which was used by more than 4,000 firms to conduct their transatlantic business.
"This framework for transatlantic data flows protects the fundamental rights of Europeans and ensures legal certainty for businesses," a source close to the negotiations said Tuesday, adding that it lives up to the ECJ's requirements.
Under the new scheme, the US has for the first time given "binding assurances" that public authorities' access to data will be subject to "clear limitations, safeguards and oversight mechanisms," the source said.
One of the key criticisms of the original scheme was that it granted US intelligence agencies too much power to access EU citizens' data, without granting them legal redress.
The new mechanism is also expected to oblige companies to abide by data protection rules, overseen by the US Department of Commerce, and threatening them with sanctions and expulsion from the scheme if they do not.
It will also ratchet up conditions for firms to pass data on to partner companies.
Under the framework agreed Tuesday, citizens will have several avenues to raise concerns that their data has been misused, the source said.
If the company in question does not resolve a dispute, citizens will be able to raise the issue with EU data protection authorities, who will work together with their US counterparts on the matter.
An arbitration mechanism is also planned to escalate complaints, while the US judicial redress act - once passed - is to give EU citizens the unprecedented right to take complaints up with US courts.
Safe Harbor was established in 2000 after the commission banned the transfer of data to non-European countries that did not adhere to stringent criteria.
But it came under scrutiny following revelations in 2013 of mass spying by US intelligence authorities, prompting the EU's executive to begin talks with Washington on a safer system.
Following the November ruling, European data protection agencies had given EU and US authorities an end-of-January deadline to reach a new agreement, while allowing companies to use alternative legal tools to transfer data until then.