Cybersecurity EU-US Data Sharing Deal Is Signed Off – But May Face Further Challenges Emma Woollacott Senior Contributor Opinions expressed by Forbes Contributors are their own. Following New! Follow this author to stay notified about their latest stories. Got it! Oct 10, 2022, 05:28am EDT | New! Click on the conversation bubble to join the conversation Got it! Share to Facebook Share to Twitter Share to Linkedin Global communication network concept.
getty US president Joe Biden has signed an executive order limiting the ability of US national security agencies to access European citizens’ personal information, as part of a data-sharing deal with the EU. The order sets out how the US will implement the deal agreed earlier this year, addressing concerns raised by the European Court of Justice (CJEU). It limits data access by US intelligence authorities to what is necessary and proportionate to protect national security, and establishes a new Data Protection Review Court (DPRC) to investigate and resolve complaints.
“This is a culmination of our joint efforts to restore trust and stability to transatlantic data flows, and is a testament to the enduring strength of the US-EU relationship and our shared values,” says US commerce secretary Gina Raimondo. “The EU-US data privacy framework will provide a durable and reliable legal foundation and certainty for transatlantic data flows, and create greater economic opportunities for companies and citizens on both sides of the Atlantic. ” The deal follows a 2020 ruling that the US was insufficiently protecting the data of European individuals, prompted by complaints from noyb, a campaign group founded by Austrian lawyer Max Shrems.
MORE FOR YOU They Inherited Billions Upon Billions: Meet America’s Richest Heirs Predictable Juventus Lose To AC Milan: How Much Longer Can This Continue? Rooms For Art: Frieze Art Fairs X Four Seasons Park Lane Shrems, however, is dubious about certain aspects of the deal. For a start, he says, the terms ‘necessary’ and ‘proportionate’ do not have the same legal meaning in the US as in the EU. “The EU and the US now agree on use of the word ‘proportionate’ but seem to disagree on the meaning of it.
In the end, the CJEU’s definition will prevail – likely killing any EU decision again,” he says. “The European Commission is again turning a blind eye on US law, to allow continued spying on Europeans. ” He also challenges the definition of the new DPRC, claiming that it will not be a ‘court’ under the normal legal definition, but a body within the US government’s executive branch more equivalent to an ombudsman.
“We have to study the proposal in detail, but at first glance, it is clear that this ‘court’ is simply not a court,” he says. “The Charter has a clear requirement for ‘judicial redress’ – just renaming some complaints body a ‘court’ does not make it an actual court. The details of the procedure will also be relevant to see if this can satisfy EU law.
” He says nyob plans to analyze the deal, and may well bring another challenge before the CJEU. The European Commission will now draft an adequacy decision under Article 45 of the GDPR, after input from the European Data Protection Board (EDPB) and member states. The process is likely to take around six months.
In the meantime, says the Commission, companies may use Standard Contractual Clauses in their commercial contracts to transfer data from the EU. “All the safeguards that the Commission has agreed with the US Government in the area of national security (including the redress mechanism) will be available for all transfers to the US under the GDPR, regardless of the transfer tool used,” says the Commission. Follow me on Twitter .
Emma Woollacott Editorial Standards Print Reprints & Permissions.
From: forbes
URL: https://www.forbes.com/sites/emmawoollacott/2022/10/10/eu-us-data-sharing-deal-is-signed-offbut-may-face-further-challenges/