Biden Signs EU / US Data Privacy Framework
President Biden has finally signed an executive order to implement a long-delayed data transfer framework with the European Union that adopts new American intelligence gathering privacy safeguards.
Privacy Shield is a European Union-United States data transfer framework that aims to ease European concerns regarding US surveillance practices. The order will create a new body within the US Department of Justice that will oversee how American national security agencies are able to access and use information from both European and US citizens.
The framework is expected to end the limbo in which thousands of companies found themselves after the Court of Justice of the European Union (CJEU) struck down the two previous pacts over doubts regarding the safety of EU citizens’ data that tech companies store in the US. It will also give new powers to the civil liberties protection officials within the US Office of the Director of National Intelligence, a body that oversees agencies' work, to investigate possible breaches of people's privacy rights.
The agreement is set to end disagreement between the European Union’s stringent data privacy rules and the comparatively lax regime in the US, which lacks a federal privacy law.
“Transatlantic data flows are critical to enabling the $7.1 trillion EU-US economic relationship. The EU-US. DPF will restore an important legal basis for transatlantic data flows by addressing concerns that the Court of Justice of the European Union raised in striking down the prior EU-US Privacy Shield framework as a valid data transfer mechanism under EU law,” says the White House statement.
“The Executive Order bolsters an already rigorous array of privacy and civil liberties safeguards for US signals intelligence activities. It also creates an independent and binding mechanism enabling individuals in qualifying states and regional economic integration organisations, as designated under the Executive Order, to seek redress if they believe their personal data was collected through US signals intelligence in a manner that violated applicable US law.”
Facebook just avoided a threatened shutdown of its EU-US data flows this summer, after objections were raised to a draft regulatory decision ordering them to be suspended, adding months more to the process.
Under the executive order, the US intelligence community has been ordered to implement policy and procedure updates to adhere to new privacy protections, while the Privacy and Civil Liberties Oversight Board has been directed to evaluate such updates.
EU-based individuals will be permitted to seek redress via an independent Data Protection Review Court, with an Office of the Director of National Intelligence civil liberties protection officer tasked to perform an initial complaint investigation. "The EU-US Data Privacy Framework includes robust commitment to strengthen the privacy and civil liberties safeguards for signals intelligence, which will ensure the privacy of EU personal data," said US Commerce Secretary Gina Raimondo.
While the measure has gained the support of US tech firms and industry groups as an effort that would ease cross-border data flows, domestic consumer and data privacy organisations have criticised inadequate data protections laid out in the framework.
White House: TEISS: SC Magazine: IET: Politico: Reuters:
You Might Also Read:
European Union Agrees New Cyber Security Legislation: