Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Government

Biden Signs Executive Order on US-EU Personal Data Privacy

Executive order requires that US signals intelligence activities be conducted “only in pursuit of defined national security objectives”

US President Joe Biden signed an executive order on Friday designed to protect the privacy of personal data transfers between the EU and the United States and address European concerns about US intelligence collection activities.

Executive order requires that US signals intelligence activities be conducted “only in pursuit of defined national security objectives”

US President Joe Biden signed an executive order on Friday designed to protect the privacy of personal data transfers between the EU and the United States and address European concerns about US intelligence collection activities.

The executive order provides a new legal framework for trans-Atlantic data flows that are critical to the digital economy, the White House said.

It will be subject to review and ratification by the European Commission, a process expected to take several months.

“This is a culmination of our joint efforts to restore trust and stability to trans-Atlantic data flows,” Commerce Secretary Gina Raimondo told reporters. 

“It will enable a continued flow of data that underpins more than a trillion dollars in cross-border trade and investment every year.”

US tech giants have faced a barrage of lawsuits from EU privacy activists concerned about the ability of US intelligence services to access the personal data of Europeans.

Europe’s top court has invalidated previous arrangements after hearing complaints that US laws violate the fundamental rights of EU citizens.

Advertisement. Scroll to continue reading.

The White House said the executive order addresses concerns raised by the Court of Justice of the European Union when it ruled that the previous framework known as Privacy Shield did not provide adequate protection.

Privacy Shield, struck down in July 2020, was the successor to another EU-US deal, Safe Harbor, which was itself torpedoed by a court ruling in 2015.

Businesses have since resorted to legally uncertain workarounds to keep the data flow moving, with hope that the two sides could come up with something stronger in the long term.

US officials acknowledged that the new pact will almost certainly face intense legal scrutiny that began after revelations by Edward Snowden of mass digital spying by US agencies.

– ‘Robust commitments’ –

Raimondo expressed confidence that the new arrangement, which builds upon an agreement in principle announced in March, will pass muster.

“The EU-US data privacy framework includes robust commitments to strengthen the privacy and civil liberties safeguards for signals intelligence which will ensure the privacy of EU personal data,” she said.

The executive order requires that US signals intelligence activities be conducted “only in pursuit of defined national security objectives” and “take into consideration the privacy and civil liberties of all persons” regardless of nationality or country of residence.

It creates an independent court for EU individuals “to seek redress if they believe they are unlawfully targeted by US intelligence activities.”

The redress process includes two layers.

The first involves a “Civil Liberties Protection Officer” (CLPO) in the US Office of the Director of National Intelligence who will investigate complaints to determine whether they involve a violation of US law.

The second involves an independent Data Protection Review Court which will review the CLPO’s decisions.

“Judges on the DPRC will be appointed from outside the US Government… review cases independently, and enjoy protections against removal,” the White House said.

Their decisions will be binding.

Written By

AFP 2023

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cloud Security

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to Outlook.com and Exchange Online.

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

Cybercrime

Daniel Kelley was just 18 years old when he was arrested and charged on thirty counts – most infamously for the 2015 hack of...

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Cyberwarfare

US National Cybersecurity Strategy pushes regulation, aggressive 'hack-back' operations.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...