US President Joe Biden on Friday signed an executive order aimed at protecting privacy in the transfer of personal data between the EU and the United States and addressing European concerns about US espionage activities.
The executive order creates a new regulatory framework for transatlantic data flows, which are critical to the digital economy, the White House said.
Biden’s move is the latest attempt to end years of court battles in which activists in Europe have questioned the legality of the data transfers and put US Big Tech’s EU operations at risk.
“This is a culmination of our joint efforts to restore trust and stability to transatlantic traffic,” Trade Secretary Gina Raimondo told reporters.
“It will enable a continuous flow of data underpinning more than $1 trillion in cross-border trade and investment each year.”
EU Justice Commissioner Didier Reynders hailed the implementing regulation as a “significant step”, although officials in Brussels warned it was just the beginning of a process that could take months to arrive at a new data deal.
US tech giants are facing a spate of lawsuits from EU privacy activists concerned about US intelligence agencies’ ability to access the personal data of Europeans using Facebook or Google for their internet needs.
Europe’s top court has invalidated previous agreements, known as equivalence agreements, after hearing complaints that US laws violate the fundamental rights of EU citizens.
The White House said the executive order addresses concerns raised by the Court of Justice of the European Union when it ruled that the previous framework known as the Privacy Shield did not provide adequate protection.
– Court dispute “likely” –
Austrian privacy activist Max Schrems, whose legal campaigns brought down the previous pacts, said he was likely to contest the new rule.
“We will probably challenge (the deal) in court,” he told AFP, putting the odds at “90 percent.”
“We have to analyze this in detail first, which will take several days,” he said, adding that at first glance the key data protection issues “do not appear to have been resolved”.
Privacy Shield, which was struck down in July 2020, was the successor to another EU-US agreement, Safe Harbor, which itself was torpedoed by a court ruling in 2015.
Businesses have since resorted to legally unsafe workarounds to keep data flowing in the hope that both sides could come up with something stronger in the long run.
The conclusion of a new agreement “is of great importance,” said Christian Borggreen, senior vice president in Europe for the Big Tech Lobby, the Computer & Communications Industry Association.
“It will support transatlantic trade, strengthen data protection and bring legal clarity to EU-US data transfers,” he said.
– “Robust Commitments” –
Raimondo expressed confidence that the new agreement, which builds on an agreement in principle announced in March, will survive the intense legal scrutiny that began following revelations by former National Security Agency contractor Edward Snowden about mass digital espionage by US agencies .
“The EU-US data protection framework includes robust privacy and civil liberties-enhancing commitments for signals intelligence that ensure the protection of EU personal data,” she said.
The executive order requires US signals intelligence activities to be conducted “only in pursuit of defined national security objectives.”
US agencies must also “respect the privacy and civil liberties of all individuals,” regardless of nationality or country of residence.”
It also creates an independent court for EU citizens “to seek redress if they believe they are unlawfully targeted by US intelligence activities”.
Judges on the newly created court will be appointed from outside the US government and will “review cases independently,” the White House said.
Your decisions are binding.