This Friday, U.S. president Joe Biden signed an executive order to restart a flagship data transfer agreement with the European Union whose aim is to facilitate user data transfer between U.S. and EU territories under their joint data privacy framework.
The statement reads: “Transatlantic data flows are critical to enabling the $7.1 trillion EU-U.S. economic relationship. The EU-U.S. DPF will restore an important legal basis for transatlantic data flows by addressing concerns that the Court of Justice of the European Union raised in striking down the prior EU-U.S. Privacy Shield framework as a valid data transfer mechanism under EU law.”
The new framework will be replacing the now defunct EU-U.S. Privacy Shield, and its predecessor, Safe Harbor, which was struck down following the 2013 disclosures of U.S. government surveillance programs by NSA whistleblower, Edward Snowden.
This is good news for multinational companies, who have had to operate without a legal framework or any kind of security fallback for two years now.
Now that it’s in motion, the executive order is set to add further safeguards for U.S. signals intelligence activities, mandate handling requirements for any personal information collected, require U.S. Intelligence Community elements to update their policies and procedures to reflect the new privacy and civil liberties safeguards contained in the E.O.
It will also create a multi-layer mechanism for individuals from qualifying states and regional economic integration organizations, as designated pursuant to the E.O., to obtain independent and binding review and redress of their information collection claims.
Furthermore, the E.O will call on the Privacy and Civil Liberties Oversight Board to review Intelligence Community policies and procedures to ensure that they are consistent with the Executive Order and to conduct an annual review of the redress process.
For its part, the EU has announced that it will move to draft an adequacy decision and initiate the adoption process to restore an important, accessible, and affordable data transfer mechanism under EU law.
If you see something out of place or would like to contribute to this story, check out our Ethics and Policy section.