Biden Signs EU / US Data Privacy Framework

President Biden has finally signed an executive order to implement a long-delayed data transfer framework with the European Union that adopts new American intelligence gathering privacy safeguards.

Privacy Shield is a European Union-United States data transfer framework that aims to ease European concerns regarding US surveillance practices. The order will create a new body within the US Department of Justice that will oversee how American national security agencies are able to access and use information from both European and US citizens.

The framework is expected to end the limbo in which thousands of companies found themselves after the Court of Justice of the European Union (CJEU) struck down the two previous pacts over doubts regarding the safety of EU citizens’ data that tech companies store in the US. It will also give new powers to the civil liberties protection officials within the US Office of the Director of National Intelligence, a body that oversees agencies' work, to investigate possible breaches of people's privacy rights.

The agreement is set to end disagreement between the European Union’s stringent data privacy rules and the comparatively lax regime in the US, which lacks a federal privacy law.

“Transatlantic data flows are critical to enabling the $7.1 trillion EU-US economic relationship.  The EU-US. DPF will restore an important legal basis for transatlantic data flows by addressing concerns that the Court of Justice of the European Union raised in striking down the prior EU-US Privacy Shield framework as a valid data transfer mechanism under EU law,” says the White House statement.

“The Executive Order bolsters an already rigorous array of privacy and civil liberties safeguards for US signals intelligence activities. It also creates an independent and binding mechanism enabling individuals in qualifying states and regional economic integration organisations, as designated under the Executive Order, to seek redress if they believe their personal data was collected through US signals intelligence in a manner that violated applicable US law.”

Facebook just avoided a threatened shutdown of its EU-US data flows this summer, after objections were raised to a draft regulatory decision ordering them to be suspended, adding months more to the process.

Under the executive order, the US intelligence community has been ordered to implement policy and procedure updates to adhere to new privacy protections, while the Privacy and Civil Liberties Oversight Board has been directed to evaluate such updates.

EU-based individuals will be permitted to seek redress via an independent Data Protection Review Court, with an Office of the Director of National Intelligence civil liberties protection officer tasked to perform an initial complaint investigation. "The EU-US Data Privacy Framework includes robust commitment to strengthen the privacy and civil liberties safeguards for signals intelligence, which will ensure the privacy of EU personal data," said US Commerce Secretary Gina Raimondo.

While the measure has gained the support of US tech firms and industry groups as an effort that would ease cross-border data flows, domestic consumer and data privacy organisations have criticised inadequate data protections laid out in the framework.

White House:      TEISS:    SC Magazine:      IET:     Politico:     Reuters:   

You Might Also Read: 

European Union  Agrees New Cyber Security Legislation:

 

« New EU Cyber Security Legislation Targets Cyber Crime
Costs Of The Cyber Attack On Gloucester City Keeps Going Up »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

XBOSoft

XBOSoft

XBOSoft is a software QA and testing company. We cover the entire QA and testing life cycle including software and application security.

Cyber 360

Cyber 360

Cyber 360 is a Cybersecurity contract and fulltime placement firm dedicated to identifying and hiring Cybersecurity professionals.

Picasso

Picasso

The Picasso project is focused on ICT Policy, Research and Innovation for a Smart Society: towards new avenues in EU-US ICT collaboration.

ThreatQuotient

ThreatQuotient

ThreatQuotient delivers an open and extensible threat intelligence platform to provide defenders the context, customization and collaboration needed for increased security effectiveness.

Prove & Run

Prove & Run

Prove & Run provides a patented software development toolchain that is specifically forged to deal with the complex security properties of sensitive software components.

Viscount Systems

Viscount Systems

Viscount Systems is a global security software solutions company that is changing the way access control is deployed and managed in the enterprise.

New Zealand Internet Task Force (NZITF)

New Zealand Internet Task Force (NZITF)

The New Zealand Internet Task Force (NZITF) is a non-profit with the mission of improving the cyber security posture of New Zealand.

Seavus

Seavus

Seavus is a software development and consulting company with a proven track-record in providing successful enterprise-wide business solutions including Managed Security Services.

2Keys

2Keys

2Keys designs, deploys and operates Digital Identity Platforms and Cyber Security Platforms through Managed Service and Professional Service engagements.

CSC Digital Brand Services

CSC Digital Brand Services

Our brand protection and security expertise give our customers peace of mind that no matter how fast the digital world changes, their intellectual property and digital assets will be secure.

MedSec

MedSec

MedSec is the only company of its type focused solely on cybersecurity for hospitals and medical device manufacturers, offering both a cybersecurity software solution and consulting services.

Pointsharp

Pointsharp

Pointsharp delivers software and services that help organizations secure data, identities, and access in a user-friendly way.

Credo AI

Credo AI

Credo have pioneered a Responsible AI platform that enables context driven, comprehensive and continuous governance, oversight and accountability of AI.

Control D

Control D

Control D is a modern and customizable DNS service that blocks threats, unwanted content and ads - on all devices.

Price Forbes

Price Forbes

Building on more than 100 years of specialist insurance broking, Price Forbes partner with clients around the world who are looking to understand and balance today’s risk and plan for the future.

Amtivo Group

Amtivo Group

Amtivo provides Certification, Inspection and Training services to national and local Government bodies, multi-nationals, enterprise clients and SMEs.