Biden announces an order for the implementation of EU-U.S. Privacy framework for data
Washington/Brussels (Reuters) -U.S. president Joe Biden on Friday signed an executive order to establish an EU-US framework for data transfer announced in March. It adopts a the latest American security measures for privacy of intelligence gathering.
The agreement aims to end the confusion that hundreds of businesses were caught after the top court of Europe tossed out two previous agreements because of concerns about U.S. surveillance.
U.S. Commerce Secretary Gina Raimondo said to reporters that this executive decision “is an end result of our collaborative effort to restore stability and trust to the transatlantic flow of data” and “will guarantee the security of EU personal information.”
The framework responds to the concerns of Court of Justice of the European Union (CJEU), which in July of 2020 rejected the original EU-U.S. Privacy Shield scheme as an appropriate method of data transfer in accordance with EU law.
Related: Biden will put more limits on how much the U.S. can sell chips and tools to China.
European Commission of Justice Didier Reynders said that he was “quite certain” there will be a new legal challenge, but was confident that the agreement was in line with the requirements of the Court.
“We are a step ahead in comparison to Privacy Shield …. It’s totally different” said the Privacy Shield’s CEO to Reuters via an interview. “Maybe the third time around will be the one that is successful.”
The White House said “transatlantic data flows are essential to enable to establish the $7.1 trillion EU-U.S. economic relationship” and that the framework “will bring back an important legal foundation for transatlantic data flow.”
The U.S. Chamber of Commerce and Microsoft (NASDAQ: MSFT) applauded the executive order, however activists for digital rights groups Access Now and European consumer association BEUC claimed that it didn’t seem that the rights of individuals were adequately secured.
Related: Biden hops into a Corvette and declares Detroit “back” at an EV-focused auto show.
The White House said Biden’s order strengthened the current “privacy as well as civil rights security measures” to protect U.S. intelligence gathering and established an autonomous, legally binding, multi-layer recourse mechanism for those who believe their personal information was unlawfully taken from U.S. intelligence agencies.
Reynders stated that it will take around six months to finish a complicated approval process, noting that the old system offered recourse to an ombudsperson within the U.S. administration, which the EU court had rejected.
Biden’s order introduces new safeguards on the work in U.S. intelligence gathering, making sure they only do what is appropriate and necessary and provides the possibility of redressing in two steps initially to an agency’s monitor, and then to a tribunal composed of independent judges whose decisions will bind the agencies.
Biden along with European Commission President Ursula von der Leyen in March stated that the interim agreement would provide greater legal protections as well as addressed concerns of the EU court’s concerns.
Raimondo this Friday is scheduled to send an array of letters to EU officials on Friday. EU by U.S. agencies “outlining the functioning and the implementation of the EU-U.S. data privacy framework” which “will serve as the basis for the EU Commission’s evaluation in a new adequacy determination,” she said.
Related: Biden says the U.S. is ready to keep talking with South Korea about EV subsidies.
In accordance with the order, it is the Civil Liberties Protection Officer (CLPO) of the U.S. Office of the Director of National Intelligence will investigate complaints and make recommendations.
The U.S. Justice Department is setting up the Data Protection Review Court to independently review the CLPO’s decision-making. Judges with expertise in the field of data privacy and the national security field will be chosen by outside of the U.S. government.
European privacy advocates have threatened to sue the framework if they do not believe it adequately safeguards privacy. Austrian Max Schrems, whose legal challenges have knocked down the two previous EU-U.S. systems for data flow and said that he was still required to look into the system.
“At first glance it appears that the issues at hand weren’t resolved and will come returned to the CJEU (EU court) sooner or later,” he said.