US President Joe Biden signed an executive order on Friday that would limit the ability of US national security agencies to access individuals’ personal information under a transatlantic data-sharing agreement with the European Union.
The executive order follows lengthy negotiations between the US and EU after the bloc’s top court ruled in 2020 that Washington had failed to sufficiently protect Europe’s data when it was transferred across the Atlantic. . The judges’ concerns centered on how US surveillance programs lacked proper measures for European citizens to deal with how the government was collecting their data.
The order will create a new body within the US Department of Justice that will oversee how US national security agencies can access and use EU and US citizens’ information. It will also give new powers to civil liberties officials in the US Office of the Director of National Intelligence, a body that oversees the work of agencies, to investigate possible violations of people’s privacy rights.
When established, the so-called Data Protection Review Court within the Ministry of Justice will allow individuals to sue through a so-called “special advocate” to challenge the how their data is used by these agencies, marking a potentially significant boundary on how people like the National Security Agency operate.
The tribunal’s decisions are intended to be independent and binding, Commerce Secretary Gina Raimondo said during a briefing on Thursday.
“These commitments fully respond to the Schrems II 2020 decision of the Court of Justice of the European Union and will cover transfers of personal data to the United States under EU law,” Raimondo told reporters.
Biden’s executive order will require US intelligence agencies to collect data only for specific and defined national security purposes, and in a manner that is necessary and proportionate. US intelligence agencies are required to update their policies and procedures to align with the order’s guidelines.
The executive order is the next step in creating a new transatlantic data-sharing agreement needed by thousands of companies – from Google to General Electric – to transfer data between two of the world’s largest economies. The decree will now be sent to Brussels where the European Commission – alongside input from privacy agencies and politicians across the bloc, as well as EU countries – will transpose the text into its own rules.
This process is expected to take approximately six months and will lead to the publication of a final pact around March 2023.
Senior Biden administration officials, who spoke on condition of anonymity because they were not authorized to speak publicly, said they were confident the White House executive order and the news Department of Justice regulations would address the Commission’s concerns. More importantly, officials said they believe the new framework will also withstand any legal challenges that would force the US government back to the drawing board.
“We expect there to be a decent chance that someone will try to challenge this in Europe and I think what the courts will see is that we have really offered a framework which is fundamentally different from what that was in place before,” said one of those officials. during a Thursday briefing.