News

Biden's Trans-Continental Data Policy Enters European Review

Looking to address privacy and legal due process complaints regarding data sharing, the Biden administration on Friday announced an executive order implementing a "European Union-U.S. Data Privacy Framework."

The executive order currently requires European Commission review and confirmations. It stems from an agreement in principle reached between the White House and the European Commission back in March. The executive order an attempt to address complaints that led to the gutting of an earlier U.S. Privacy Shield proposal for ensuring data privacy, when U.S. organizations access the data of EU denizens.

The Privacy Shield proposal had been on hold since the European Union (EU) Court of Justice's Schrems II decision of July 2020, which found that Privacy Shield didn't meet the EU's General Data Protection Regulation stipulations.

At stake in the review is the "$7.1 trillion" trans-Atlantic data commerce trade, according to Biden's announcement.

European Commission Review
The new U.S. executive order does contain safeguards that will place a "substantive limitation on US national security authorities' access to data (necessity and proportionality) and the establishment of the new redress mechanism," the European Commission contended, in a Friday Q&A announcement. It'll address Schrems II concerns, the Q&A suggested.

Highlights of the executive order, according to the Q&A, include:

  • Ability to lodge a complaint with a "so-called 'Civil Liberties Protection Officer' of the US intelligence community"
  • The complainant will have representation by "a special advocate"
  • An appeals process at a new Data Protection Review Court, with court members consisting of "members chosen from outside the US Government."

The European Commission's next steps will be to propose an "adequacy decision," based on the executive order. The agreement won't be in effect until the
European Commission gets opinions on the adequacy decision from the European Data Protection Board and EU member states.

After that vetting process, the European Commission will issue a "final adequacy decision," the Q&A noted:

Only after that, the European Commission can adopt the final adequacy decision in relation to the US. From that moment on, data will be able to flow freely and safely between the EU and US companies certified by the Department of Commerce under the new framework. US companies will be able to join the framework by committing to comply with a detailed set of privacy obligations.

In the meantime, organizations can agree to data transfers using "model clauses" in their commercial contracts, the Q&A indicated.

The Biden administration suggested that the executive order and a finalized agreement with the European Commission would add "greater legal certainty for companies using Standard Contractual Clauses and Binding Corporate Rules to transfer EU personal data to the United States."

Objections
Schrems II complainant Maximillian Schrems, though, didn't seem appeased by this latest data privacy proposal.

He suggested in Friday posts that an "executive order for US surveillance is probably not enough." Moreover, the executive order failed to address rulings of European Court of Justice on both rights and judicial remedies, per a translation by Google Translate.

"There is still US mass surveillance and a 'court' that is not a court," Schrems indicated.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

  • Image of a futuristic maze

    The 2024 Microsoft Product Roadmap

    Everything Microsoft partners and IT pros need to know about major Microsoft product milestones this year.

  • Microsoft, Oracle Announce Updates to Joint Database IaaS Service

    The Oracle Database@Azure infrastructure-as-a-service offering from Oracle and Microsoft is getting new capabilities, including integrations with key Microsoft data and security services.

  • 2025 Support Cliffs Approaching for Exchange 2016, Dynamics 365 PSA

    Microsoft recently sounded the warning bell for two of its products, Exchange Server 2016 and Dynamics 365 Project Service Automation (PSA), both of which are set to reach end-of-support milestones next year.

  • Windows Recall To Finally See Daylight in October Preview

    After postponing the public debut of its controversial Windows Recall AI feature, Microsoft is has finally settled on releasing it as a broad preview in October.