The best agreements at the top “express the values of companies and their expectations of corporate behaviour in binding and enforceable language,” Mouzas writes. They are also flexible and give the parties the space to reconsider their goals and responsibilities on the other line. Analysis: The first of these two provisions (paragraph 4) does not concern mlATs (EU-US and US-EU-MUs): it is the transmission of data relating to “specific cases, investigations or prosecutions”. It is therefore likely that this provision applies to agreements relating to the non-suspicious provision of data in large quantities, such as under the EU-US PNR agreement, etc. The text of this provision and the following paragraph (paragraph 5) suggest that these agreements are acceptable as long as they (i) treat the purposes (s) of the plural of (mass) transmissions and (ii) the data “in a directly relevant and not excessive or excessive manner for the purpose of this treatment”. However, the treatment of data as “mode,” “directly relevant and not excessive or excessive in the context of the purposes of this treatment,” is not the same as the data itself, which must be “directly relevant and not excessive or excessive in relation to the purposes of this treatment.” Given that much of the data contained in NRPs is “irrelevant and excessive” for normal repressive purposes and (ii) used for profiling purposes, is it questionable whether this strange text is an attempt to permit the transmission of “irrelevant, excessive and excessive” data as long as it is not used in an “irrelevant” manner excessive and excessive”? (With the U.S. authorities` argument that data analytics and profiling operations are not “irrelevant, excessive and excessive.”) This would be inconsistent with the EU Charter as interpreted by the ECJ in Schrems, which states that mass surveillance by third countries is in principle incompatible with the nature of the right to privacy. Although these frameworks are of a very different nature, a data transfer system on the one hand and a data protection agreement on the other, they represent a unique opportunity for the EU to guarantee and improve the protection of users` rights. Unfortunately, it turned out to be a missed opportunity. Both European negotiators and US negotiators misrepresced the data protection shield and the framework agreement and overestimated the level of protection of these privacy and data protection instruments.