EU-US move closer to Trans-Atlantic Data Privacy Framework

10/10/2022 | European Commission

Last Friday, 7 October, US President Joe Biden signed an executive order Enhancing Safeguards for United States Signals Intelligence Activitieswhich is intended to address legal uncertainty around transatlantic data transfers following the Schrems II ruling by the Court of Justice of the European Union (CJEU) in July 2020. On the same day, the European Commission published an FAQ document outlining the following:

  • What the Executive Order is about
  • What the next steps are in the process
  • How the new redress mechanism is different
  • Why the Commission believe this new agreement will not be struck down by the CJEU
  • The options for companies in the meantime

The Department for Digital, Culture, Media and Sport (DCMS) published an explanatory note acknowledging the progress between the UK and US toward an adequacy agreement.  

In response, Austrian privacy group noyb wrote that this new presidential order "which is not a law" is unlikely to resolve the issue surrounding pervasive US surveillance and that EU citizens have access to judicial redress. Noyb also confirmed they are working on an in-depth analysis, which will be published over the coming week. 

The IAPP hosted a LinkedIn Live panel discussing how the executive order is a major step toward restoring trust in EU-U.S. data flows. The conversation covered several topics, including new protections under the framework. In a related piece, the IAPP asks: does the new data privacy framework represents a new era for data transfers?

UPDATE: 101022 - On Monday, the Commission pressroom released a statement confirming the executive order implements the EU-US Trans-Atlantic Data Privacy Framework into US law. The Commission announced that it will now "prepare a draft adequacy decision and then launch its adoption procedure."

The IAPP examines the redress mechanism presented in the executive order, along with the effective powers of the Data Protection Review Court. It also asks whether these US legal mechanisms "meet the 'independence' and 'binding' requirements of EU law." They write that the approach "represents a creative and good-faith effort to meet the relevant EU requirements on 'independent' redress, while complying with US law."

Additional commentary: 

  • DLA Piper - President Biden orders surveillance reforms two years after Schrems II
  • Pinsent Masons - Privacy Shield 2.0 nearer for EU-US data transfers after Biden order
  • Bloomberg - highlight legal questions remain over latest agreement
Read Full Story
EU US flag

What is this page?

You are reading a summary article on the Privacy Newsfeed, a free resource for DPOs and other professionals with privacy or data protection responsibilities helping them stay informed of industry news all in one place. The information here is a brief snippet relating to a single piece of original content or several articles about a common topic or thread. The main contributor is listed in the top left-hand corner, just beneath the article title.

The Privacy Newsfeed monitors over 300 global publications, of which more than 5,750 summary articles have been posted to the online archive dating back to the beginning of 2020. A weekly roundup is available by email every Friday.

Freevacy has been shortlisted in the Best Educator category.
The PICCASO Privacy Awards recognise the people making an outstanding contribution to this dynamic and fast-growing sector.