Bloomberg Law
Free Newsletter Sign Up
Bloomberg Law
Advanced Search Go
Free Newsletter Sign Up

US Boosts Spying Safeguards in Bid to Shore Up EU Data Flows

Oct. 7, 2022, 2:00 PM

The US government cemented its policy commitments toward a data privacy pact with Europe that’s poised to lift a cloud of legal uncertainty hanging over companies such as Meta Platforms Inc.‘s Facebook and Alphabet Inc.‘s Google that transfer data across the Atlantic.

The measures carry out the Trans-Atlantic Data Privacy Framework that the US and European Union announced in March. The agreement replaces the defunct Privacy Shield, which was struck down by an EU court over concerns that personal information leaving the bloc’s borders is subject to sweeping US government surveillance.

In an executive order Friday, President Joe Biden outlined safeguards for intelligence gathering and a new avenue for judicial review of Europeans’ complaints about US surveillance. The US Attorney General is issuing related regulations that will set up a Data Protection Review Court to weigh in on such complaints.

The US policy announcement kicks off a process of approval by European authorities. It remains to be seen whether the steps go far enough to satisfy the European court’s criticisms of the invalidated transfer mechanism, with another legal challenge anticipated down the line.

Senior Biden administration officials, speaking on a call with reporters, expressed confidence that the deal would withstand scrutiny.

“The EU-US data privacy framework will provide a durable and reliable legal foundation and certainty for transatlantic data flows,” US Secretary of Commerce Gina Raimondo said on the call.

Policy Measures

Austrian privacy activist Max Schrems, who challenged the previous data flows agreement in court, has called the latest version a “flawed deal,” signaling that it may end up before the European Court of Justice again.

In response to the court’s criticisms, Biden’s executive order seeks to strengthen safeguards for US intelligence-gathering activities. Such activities must be conducted only in pursuit of defined national security objectives and only when necessary to advance an intelligence priority, in a manner proportionate to that priority, according to a White House fact sheet.

The fact sheet also indicates that intelligence activities need to take into consideration people’s privacy and civil liberties.

Individuals who believe their personal data was illegally collected for US intelligence purposes will have a new route for making complaints. As part of the executive order’s directives, an existing official within the Office of the Director of National Intelligence will be tasked with reviewing these complaints for civil liberties concerns.

Decisions will be subject to further scrutiny by the Data Protection Review Court that the US Attorney General establishes. Judges will be appointed from outside the US government and they’ll have relevant experience in data privacy and national security, the fact sheet said.

To contact the reporter on this story: Andrea Vittorio in Washington at

To contact the editor responsible for this story: Jay-Anne B. Casuga at