Biden Signs EU / US Data Privacy Framework

President Biden has finally signed an executive order to implement a long-delayed data transfer framework with the European Union that adopts new American intelligence gathering privacy safeguards.

Privacy Shield is a European Union-United States data transfer framework that aims to ease European concerns regarding US surveillance practices. The order will create a new body within the US Department of Justice that will oversee how American national security agencies are able to access and use information from both European and US citizens.

The framework is expected to end the limbo in which thousands of companies found themselves after the Court of Justice of the European Union (CJEU) struck down the two previous pacts over doubts regarding the safety of EU citizens’ data that tech companies store in the US. It will also give new powers to the civil liberties protection officials within the US Office of the Director of National Intelligence, a body that oversees agencies' work, to investigate possible breaches of people's privacy rights.

The agreement is set to end disagreement between the European Union’s stringent data privacy rules and the comparatively lax regime in the US, which lacks a federal privacy law.

“Transatlantic data flows are critical to enabling the $7.1 trillion EU-US economic relationship.  The EU-US. DPF will restore an important legal basis for transatlantic data flows by addressing concerns that the Court of Justice of the European Union raised in striking down the prior EU-US Privacy Shield framework as a valid data transfer mechanism under EU law,” says the White House statement.

“The Executive Order bolsters an already rigorous array of privacy and civil liberties safeguards for US signals intelligence activities. It also creates an independent and binding mechanism enabling individuals in qualifying states and regional economic integration organisations, as designated under the Executive Order, to seek redress if they believe their personal data was collected through US signals intelligence in a manner that violated applicable US law.”

Facebook just avoided a threatened shutdown of its EU-US data flows this summer, after objections were raised to a draft regulatory decision ordering them to be suspended, adding months more to the process.

Under the executive order, the US intelligence community has been ordered to implement policy and procedure updates to adhere to new privacy protections, while the Privacy and Civil Liberties Oversight Board has been directed to evaluate such updates.

EU-based individuals will be permitted to seek redress via an independent Data Protection Review Court, with an Office of the Director of National Intelligence civil liberties protection officer tasked to perform an initial complaint investigation. "The EU-US Data Privacy Framework includes robust commitment to strengthen the privacy and civil liberties safeguards for signals intelligence, which will ensure the privacy of EU personal data," said US Commerce Secretary Gina Raimondo.

While the measure has gained the support of US tech firms and industry groups as an effort that would ease cross-border data flows, domestic consumer and data privacy organisations have criticised inadequate data protections laid out in the framework.

White House:      TEISS:    SC Magazine:      IET:     Politico:     Reuters:   

You Might Also Read: 

European Union  Agrees New Cyber Security Legislation:

 

« New EU Cyber Security Legislation Targets Cyber Crime
Costs Of The Cyber Attack On Gloucester City Keeps Going Up »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Trend Micro

Trend Micro

Trend Micro is a leader in hybrid cloud, endpoint, and network security solutions.

Digital Infrastructure Association (DINL)

Digital Infrastructure Association (DINL)

DINL is the leading representative for companies and organisations which are active within the Dutch digital infrastructure sector.

Greenbone Networks

Greenbone Networks

Greenbone Networks delivers a vulnerability analysis solution for enterprise IT which includes reporting and security change management.

WeSecureApp (WSA)

WeSecureApp (WSA)

WeSecureApp is specialized in providing Cyber Security Solutions to safeguard your applications and networks.

Pixalate

Pixalate

Pixalate is an omni-channel fraud intelligence company that works with brands and platforms to prevent invalid traffic and improve ad inventory quality.

Cloud Managed Networks

Cloud Managed Networks

Cloud Managed Networks provides enterprise grade IT network solutions for cloud-based and on premise network security, Wi-Fi, data switching, collaboration, device management and more.

Asset Guardian Solutions (AGSL)

Asset Guardian Solutions (AGSL)

Asset Guardian are dedicated to protecting the integrity of process control systems software that is used to control operations and production processes.

CHT Security

CHT Security

CHT Security is a Managed Security Service Provider (MSSP) specialized in cyber security technologies enabling enterprises to defense against cyber threats to networks, gateways and endpoints.

Highland Capital Partners

Highland Capital Partners

Highland Capital Partners is an early stage venture capital firm focused on category-defining businesses in consumer and enterprise technology, including cybersecurity.

Gorodissky IP Security

Gorodissky IP Security

Gorodissky IP Security is a comprehensive approach to protecting your intellectual property on the Internet and beyond.

InfoExpress

InfoExpress

InfoExpress provides network security solutions that enhance productivity and security through better visibility, improved security, and automating device and mobile access to the network.

NXTsoft

NXTsoft

NXTsoft’s solutions help businesses secure, connect and optimize their data to maximize revenue opportunities, enhance profitability, and mitigate cybersecurity risk.

CodeHunter

CodeHunter

CodeHunter is a malware hunting SaaS platform designed to detect all variations of malware, known and unknown, without the need for source code or signatures.

EasyDMARC

EasyDMARC

EasyDMARC deliver the most comprehensive product for anyone who strives to build the most secure possible defence system for their email ecosystem.

Token Security

Token Security

Token is the new approach designed for the identity boom era. Introducing Machine-First Identity Security.

CyberAntix

CyberAntix

CyberAntix offers Premium CyberSecurity for your business using an advanced Security Operations Centre technology and process platform reinforced by a steadfast and expert SOC team.