President Biden has officially signed an executive order that protects the data transfers between the US and the European Union. The executive order is meant for implementing the EU-US Data Privacy Framework or.
According to Engadget, addressing national security concerns which should be clearly defined, will require privacy and civil liberties to be taken into consideration when seeking data. On top of that, intelligence gatherers must update their policies for data handling.
Why is this Important?
The economic relationship between the European Union and the US is worth $7.1 trillion. Transatlantic data flows are important for enabling the said relationship. The Data Privacy Framework between the EU and US will restore a significant legal basis for data flows.
The executive order will address concerns raised by the Court of Justice of the European Union about striking down the prior EU-US Privacy Shield Framework as a "valid data transfer mechanism" under EU law, as mentioned in the official website of the White House.
Individuals in qualifying states will also be able to seek redress if they believe that their personal data is being taken through the US signals intelligence, if it violates applicable US law.
What Does the Executive Order Do?
Safeguards will be put into place so intelligence activities will only be conducted when necessary to advance a validated intelligence priority, limiting it in a manner proportionate to that priority.
Personal information collected through signals intelligence activities will now require handling requirements. For appropriate actions taken to remediate incidents of non-compliance, the mandate extends to the responsibilities of legal, oversight, and compliance officials.
To reflect the new privacy and civil liberties safeguards in the Executive Order, policies and procedures must be updated, keeping in mind that the updates will now require US Intelligence Community elements.
To ensure that concerned parties are consistent with the Executive Order and conduct an annual review of the redress process, the Privacy and Civil Liberties Oversight Board will be called upon. They will review Intelligence Community policies and procedures. The Executive order will make sure the Intelligence Community fully complied to the determinations made by the CLPO and DPRC.
Multi-Layer Mechanism
The mechanism is for individuals who claim that their personal information was collected or handled by the US in violation of applicable US law, granted that they are from qualifying states and regional economic integration organizations.
Firstly, the Civil Liberties Protection Officer in the Office of the Director of National Intelligence (CLPO) will be conducting an initial investigation of complaints received to determine whether the Executive Order's safeguards were violated.
Second, The Executive Order will authorize and direct the Attorney General who will then establish a Data Protection Review Court or DPRC which will provide a binding review of the CLPO's decisions.
Judges from outside the US government will be appointed for the DPRC. They must have relevant experience in the matter of the field of data privacy and national security.
Related Article : Why Data Security is More Important Than Ever