European Council President Charles Michel, President of the European Commission, Ursula von der Leyen and US President Joe Biden meet within EU -USA Summit in Brussels, Belgium on June 15, 2021.
Dursun Aydemir | Anadolu Agency | Getty Images
President Joe Biden signed an executive order to implement a new framework to protect the privacy of personal data shared between the U.S. and Europe, the White House announced on Friday.
The new framework fills a significant gap in data protections across the Atlantic since a European court undid a previous version in 2020. The court found the U.S. had too great an ability to surveil European data transferred through the earlier system.
The court case, known as Schrems II, “created enormous uncertainty about the ability of companies to transfer personal data from the European Union to the United States in a manner consistent with EU law,” then-Deputy Assistant Commerce Secretary James Sullivan wrote in a public letter shortly after the decision. The outcome made it so U.S. companies would need to use different “EU-approved data transfer mechanisms” on an ad hoc basis, creating more complexity for businesses, Sullivan wrote.
The so-called Privacy Shield 2.0 seeks to address European concerns of surveillance by U.S. intelligence agencies. In March, after the U.S. and EU agreed in principle to the new framework, the White House said in a fact sheet that the U.S. “committed to implement new safeguards to ensure that signals intelligence activities are necessary and proportionate in the pursuit of defined national security objectives.”
The new framework will allow individuals in the EU to seek redress through an independent Data Protection Review Court made up of members outside of the U.S. government. That body “would have full authority to adjudicate claims and direct remedial measures as needed,” according to the March fact sheet.
Before a matter reaches the DPRC, the civil liberties protection officer in the Office of the Director of National Intelligence will also conduct an initial investigation of complaints. Its decisions are also binding, subject to the independent body’s assessment.
The executive order directs the U.S. intelligence community to update policies and procedures to fit the new privacy protections in the framework. It also instructs the Privacy and Civil Liberties Oversight Board, an independent agency, to examine those updates and conduct an annual review of whether the intelligence community has fully adhered to binding redress decisions.
“The EU-U.S. Data Privacy Framework includes robust commitment to strengthen the privacy and civil liberties safeguards for signals intelligence, which will ensure the privacy of EU personal data,” Commerce Secretary Gina Raimondo told reporters Thursday.
Raimondo said she will transfer a series of documents and letters from relevant U.S. government agencies outlining the operation and enforcement of the framework to her EU counterpart, Commissioner Didier Reynders.
The EU will then conduct an “adequacy determination” of the measures, the White House said. It will assess the sufficiency of the data protection measures in order to restore the data transfer mechanism.
— CNBC’s Chelsey Cox contributed to this report.