Privacy & Cybersecurity Law Blog

On October 7, 2022, President Biden signed Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities, which provides a new framework for legal data transfers between the European Union and the United States. The legal basis for transatlantic data transfers has been uncertain since 2020, when the European Court of Justice (“ECJ”) declared the previous framework, the EU-U.S. Privacy Shield, invalid under EU law. 

The Executive Order seeks to address the ECJ’s concerns with the EU-U.S. Privacy Shield by providing stronger protections to EU residents against U.S. intelligence activities. In particular, the Executive Order restricts U.S. intelligence agencies’ processing of EU data subjects’ personal data to the activities necessary and proportionate to advance a national security purpose. In addition, the Executive Order requires the U.S. to establish a two-tier redress mechanism to address complaints of alleged violations, whereby the Office of the Director of National Intelligence would first conduct an initial investigation to assess qualifying claims and potential remedies, and an independent Data Protection Review Court would render binding decisions on such complaints. The  framework will now undergo a ratification process by the European Data Protection Board, the European Parliament and the European Commission. Following ratification by the European Commission, the Executive Order is expected to become operative in March 2023.