The European Commission has approved a framework agreement that allows the free transfer of data between Europe and the U.S., voting that new steps by the U.S. intelligence community to safeguard European citizens’ data provide an “adequate level of data protection.” The approval comes after two previous frameworks were rejected by the European Court of Justice for failing to meet the standard established under the General Data Protection Regulation, the law governing data privacy rights in the E.U. The approval of the E.U.-U.S. Data Privacy Framework (D.P.F.) allows the immediate resumption of data flow, representing hundreds of billions of dollars of value on its own and underpinning the $7.1 trillion economic relationship between Europe and the U.S.

Max Scherms, the activist lawyer who filed the lawsuits which caused the rejection of the two previous agreements, pushed back against the declarations of victory from Brussels and Washington. “We would need changes in U.S. surveillance law to make this work – and we simply don’t have it,” Scherms insisted. “There are even parts that are worse than before.”

However, Justice Commissioner Didier Reynders rejected this analysis, arguing that the new framework is “substantially different than the E.U.-U.S. Privacy Shield. When deciding whether and to what extent U.S. intelligence agencies should access data,” Commissioner Reynders said, “they will be required to balance the same factors as those required by the case law of the E.U. Court of Justice.”

Last October, President Joe Biden signed an executive order designed to reshape the practice of signals intelligence collection in order for the U.S. to meet the adequate privacy standard the E.U. demands. Amongst other reforms, the order required that signals intelligence activities be undertaken only in pursuit of defined national security objectives, allowed individuals to obtain reports on whether the standards governing collection were violated in their specific case, and forced the deletion of unrelated data obtained via bulk collection.

The agreement and attached reforms come as the renewal of Section 702 of the Foreign Intelligence Surveillance Act (F.I.S.A.) is facing stiff skepticism from Congress. The law, which allows for the targeted collection of data from non-U.S. persons abroad, has been criticized for authorizing the intelligence community to collect and store data from U.S. persons who communicate with targeted individuals. As the law comes up for renewal later this year, there will almost certainly be a concerted push for the intelligence community to make even more reforms in signals collection than agreed to in this framework.

While some advocates, such as Mr. Scherms, wish for even more limitations than are presented in the framework, the agreement represents a win for civil liberties on both sides of the Atlantic, as the signals reforms promise to make substantive changes to prior American practices. However, it is impossible to fully estimate how the reform will impact the efficacy of intelligence collection efforts against American adversaries when the changes are limited to open-source information. While some of the reforms are limited to qualifying regions, many of the most substantive changes apply to all signals collection activities. It’s unsurprising that reforms attract little public criticism as the U.S. experiences its first period without war in two decades. A more controversial question is whether these limitations will be able to stand when an enemy becomes an active threat.