On 25 March 2022, President von der Leyen and President Biden announced that they had reached an agreement in principle on a new EU-US Data Privacy Framework. The Commission says that the framework will foster trans-Atlantic data flows and address the concerns raised by the Court of Justice of the European Union in the Schrems II decision of July 2020.

President Biden has now signed an Executive Order on “Enhancing Safeguards for United States Signals Intelligence Activities”. Along with the Regulations issued by the Attorney General, the Executive Order implements into US law the agreement in principle announced in March.

For Europeans whose personal data is transferred to the US, the new Executive Order provides for:

• binding safeguards that limit access to data by US intelligence authorities to what is necessary and proportionate to protect national security; and
• the establishment of an independent and impartial redress mechanism, which includes a new Data Protection Review Court (DPRC) to investigate and resolve complaints regarding access to their data by US national security authorities.

The Executive Order requires US intelligence agencies to review their policies and procedures to implement these new safeguards.

The Commission says that these are significant improvements compared to the Privacy Shield. The new safeguards in government access to data will complement the obligations that US companies importing data from EU will have to subscribe to.

The next steps are for the Commission to propose a draft adequacy decision and launch its adoption procedure, which involves, inter alia, obtaining an Opinion from the European Data Protection Board. The EU Parliament also has a right of scrutiny of adequacy decisions. To read the EU Commission’s press release in full and for further information on the new framework, click here. To read the press release from the White House, click here.