European Commissioner of Justice, Consumers and Gender Equality Vera Jourova | John Thys/AFP via Getty Images Safe harbor deal divides opinion With a political agreement now in place, U.S. companies are breathing a sigh of relief.

Down to the wire, negotiators from the European Union and the United States agreed to a deal Tuesday that would give more than 4,000 companies the legal protection they need to transfer data across the Atlantic.

EU data protection regulators had set a three-month deadline for the new agreement, giving both sides a grace period after the European Court of Justice (ECJ) struck down the original pact in October.

Companies will likely have a second grace period to comply with the new framework, called the EU-U.S. Privacy Shield, which will govern the transfer of everything from photos to bank details, according a person briefed on the details.

The EU's College of Commissioners gave Věra Jourová, commissioner for justice, consumers and gender equality, and Andrus Ansip, vice president for the digital single market, the mandate to prepare an “adequacy decision” ensuring the U.S. will offer Europeans equivalent data protections as they have at home.

This will be done within weeks, after which the College is expected to adopt the new pact.

In the meantime, over the next three months the U.S. will need to make changes on its side, including naming an independent ombudsman for national security in the State Department to deal with EU data protection complaints. The U.S. will also implement a series of other measures, including a low-cost dispute resolution system for Europeans and last-resort arbitration.

Also promised: a letter from the U.S. Office of the Director of National Intelligence ruling out indiscriminate mass surveillance on data transferred under the new arrangement. The agreement will be reviewed annually by both sides.

“The new arrangement lives up to requirements of the ECJ … We have achieved safeguards and transparency obligations on U.S. government obligations on government data,” said Jourová. “The U.S. has given the EU binding assurances that access for national security and law enforcement will be subject to clear limitations, safeguards and oversight.”

Penny Pritzker, the U.S. Secretary of Commerce, said the deal would stand up to scrutiny from the ECJ.

"We are confident we have met the requirements of the ruling," she said.

Pritzker also outlined details on the new ombudsman, whom she said would be able to "leverage independence, oversight and other functions that oversee the intelligence community."

Industry lobbyists and companies from the U.S. and EU welcomed the news.

Brad Smith, president of Microsoft, said the deal was a vital step in maintaining data flows and strengthening confidence in cloud storage.

However, others expressed concerns.

"We suspect it will only be a matter of time before safe harbor 2.0 is challenged in court," said Yorgen Edholm, chief executive of U.S.-based cloud provider Accellion.

More importantly, Jan Philipp Albrecht, vice chair of Parliament’s civil liberties committee, is not convinced the agreement will stand up. Albrecht said the ombudsman and “last resort” arbitration may not be sufficient to allay concerns of Europe’s top court.

“If the court comes to the conclusion that the decision is unlawful, it will be taken down again. At the moment it’s very likely to happen and then this is a disaster for this Commission. It may even lead for this Commission to completely fail in this area,” he said, later adding, “This is rather a joke.”

That thought was echoed by Max Schrems, the man whose complaint about data transfers from Facebook’s Irish headquarters to the U.S. led to annulment of the original safe harbor pact.

“I don’t think it’s going to hold up in court,” Schrems said in an interview. “They are blankly ignoring the court judgment and trying to buy time. What was presented yesterday was so laughable.”

Chris Spillane contributed to this article.

This article was updated to add the latest developments.

Authors: