Thu. Feb 2nd, 2023
    en flag
    nl flag
    et flag
    fi flag
    fr flag
    de flag
    he flag
    ja flag
    lv flag
    pl flag
    pt flag
    es flag
    uk flag

    Content Assessment: Protecting Personal Data? Executive Order to Implement the EU-US Data Privacy Framework

    Information - 92%
    Insight - 90%
    Relevance - 90%
    Objectivity - 92%
    Authority - 93%

    91%

    Excellent

    A short percentage-based assessment of the qualitative benefit of the post highlighting the recent Executive Order on the EU-US Data Privacy Framework.

    Editor’s Note: From time to time, ComplexDiscovery highlights publicly available or privately purchasable announcements, content updates, and research from cyber, data, and legal discovery providers, research organizations, and ComplexDiscovery community members. While ComplexDiscovery regularly highlights this information, it does not assume any responsibility for content assertions.

    To submit recommendations for consideration and inclusion in ComplexDiscovery’s cyber, data, and legal discovery-centric service, product, or research announcements, contact us today.


    Executive Order (October 7, 2022)*

    President Biden Signs Executive Order to Implement the European Union-U.S. Data Privacy Framework

    Fact Sheet

    Today, President Biden signed an Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities (E.O.) directing the steps that the United States will take to implement the U.S. commitments under the European Union-U.S. Data Privacy Framework (EU-U.S. DPF) announced by President Biden and European Commission President von der Leyen in March of 2022.

    Transatlantic data flows are critical to enabling the $7.1 trillion EU-U.S. economic relationship.  The EU-U.S. DPF will restore an important legal basis for transatlantic data flows by addressing concerns that the Court of Justice of the European Union raised in striking down the prior EU-U.S. Privacy Shield framework as a valid data transfer mechanism under EU law.

    The Executive Order bolsters an already rigorous array of privacy and civil liberties safeguards for U.S. signals intelligence activities. It also creates an independent and binding mechanism enabling individuals in qualifying states and regional economic integration organizations, as designated under the E.O., to seek redress if they believe their personal data was collected through U.S. signals intelligence in a manner that violated applicable U.S. law.

    U.S. and EU companies large and small across all sectors of the economy rely upon cross-border data flows to participate in the digital economy and expand economic opportunities. The EU-U.S. DPF represents the culmination of a joint effort by the United States and the European Commission to restore trust and stability to transatlantic data flows and reflects the strength of the enduring EU-U.S. relationship based on our shared values.

    In particular, the Executive Order:

    • Adds further safeguards for U.S. signals intelligence activities, including requiring that such activities be conducted only in pursuit of defined national security objectives; take into consideration the privacy and civil liberties of all persons, regardless of nationality or country of residence; and be conducted only when necessary to advance a validated intelligence priority and only to the extent and in a manner proportionate to that priority.
    • Mandates handling requirements for personal information collected through signals intelligence activities and extends the responsibilities of legal, oversight, and compliance officials to ensure that appropriate actions are taken to remediate incidents of non-compliance.
    • Requires U.S. Intelligence Community elements to update their policies and procedures to reflect the new privacy and civil liberties safeguards contained in the E.O.
    • Creates a multi-layer mechanism for individuals from qualifying states and regional economic integration organizations, as designated pursuant to the E.O., to obtain independent and binding review and redress of claims that their personal information collected through U.S. signals intelligence was collected or handled by the United States in violation of applicable U.S. law, including the enhanced safeguards in the E.O.

      • Under the first layer, the Civil Liberties Protection Officer in the Office of the Director of National Intelligence (CLPO) will conduct an initial investigation of qualifying complaints received to determine whether the E.O.’s enhanced safeguards or other applicable U.S. law were violated and, if so, to determine the appropriate remediation. The E.O. builds up the existing statutory CLPO functions by establishing that the CLPO’s decision will be binding on the Intelligence Community, subject to the second layer of review, and provides protections to ensure the independence of the CLPO’s investigations and determinations.
      • As a second layer of review, the E.O. authorizes and directs the Attorney General to establish a Data Protection Review Court (“DPRC”) to provide independent and binding review of the CLPO’s decisions, upon an application from the individual or an element of the Intelligence Community. Judges on the DPRC will be appointed from outside the U.S. Government, have relevant experience in the fields of data privacy and national security, review cases independently, and enjoy protections against removal. Decisions of the DPRC regarding whether there was a violation of applicable U.S. law and, if so, what remediation is to be implemented will be binding. To further enhance the DPRC’s review, the E.O. provides for the DPRC to select a special advocate in each case who will advocate regarding the complainant’s interest in the matter and ensure that the DPRC is well-informed of the issues and the law with regard to the matter. The Attorney General today issued accompanying regulations on the establishment of the DPRC.

    • Calls on the Privacy and Civil Liberties Oversight Board to review Intelligence Community policies and procedures to ensure that they are consistent with the Executive Order and to conduct an annual review of the redress process, including to review whether the Intelligence Community has fully complied with determinations made by the CLPO and the DPRC.

    These steps will provide the European Commission with a basis to adopt a new adequacy determination, which will restore an important, accessible, and affordable data transfer mechanism under EU law. It will also provide greater legal certainty for companies using Standard Contractual Clauses and Binding Corporate Rules to transfer EU personal data to the United States.

    Read the original order.


    *Shared with permission.

    Additional Reading

    Source: ComplexDiscovery

     

    Have a Request?

    If you have information or offering requests that you would like to ask us about, please let us know and we will make our response to you a priority.

    ComplexDiscovery is an online publication that highlights cyber, data, and legal discovery insight and intelligence ranging from original research to aggregated news for use by cybersecurity, information governance, and eDiscovery professionals. The highly targeted publication seeks to increase the collective understanding of readers regarding cyber, data, and legal discovery information and issues and to provide an objective resource for considering trends, technologies, and services related to electronically stored information.

    ComplexDiscovery OÜ is a technology marketing firm providing strategic planning and tactical execution expertise in support of cyber, data, and legal discovery organizations. Focused primarily on supporting the ComplexDiscovery publication, the company is registered as a private limited company in the European Union country of Estonia, one of the most digitally advanced countries in the world. The company operates virtually worldwide to deliver marketing consulting and services.