The US government cemented its policy commitments toward a data privacy pact with Europe that’s poised to lift a cloud of legal uncertainty hanging over companies such as
The measures carry out the Trans-Atlantic Data Privacy Framework that the US and European Union announced in March. The agreement replaces the defunct Privacy Shield, which was struck down by an EU court over concerns that personal information leaving the bloc’s borders is subject to sweeping US government surveillance.
In an executive order Friday, President
The US policy announcement kicks off a process of approval by European authorities. It remains to be seen whether the steps go far enough to satisfy the European court’s criticisms of the invalidated transfer mechanism, with another legal challenge anticipated down the line.
Senior Biden administration officials, speaking on a call with reporters, expressed confidence that the deal would withstand scrutiny.
“The EU-US data privacy framework will provide a durable and reliable legal foundation and certainty for transatlantic data flows,” US Secretary of Commerce Gina Raimondo said on the call.
Austrian privacy activist Max Schrems, who challenged the previous data flows agreement in court, has called the latest version a “flawed deal,” signaling that it may end up before the European Court of Justice again.
In response to the court’s criticisms, Biden’s executive order seeks to strengthen safeguards for US intelligence-gathering activities. Such activities must be conducted only in pursuit of defined national security objectives and only when necessary to advance an intelligence priority, in a manner proportionate to that priority, according to a White House fact sheet.
The fact sheet also indicates that intelligence activities need to take into consideration people’s privacy and civil liberties.
Individuals who believe their personal data was illegally collected for US intelligence purposes will have a new route for making complaints. As part of the executive order’s directives, an existing official within the Office of the Director of National Intelligence will be tasked with reviewing these complaints for civil liberties concerns.
Decisions will be subject to further scrutiny by the Data Protection Review Court that the US Attorney General establishes. Judges will be appointed from outside the US government and they’ll have relevant experience in data privacy and national security, the fact sheet said.