Preferences
Close Cookie Preference Manager
Cookie Settings
By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage and assist in our marketing efforts.
View privacy policy.
Strictly Necessary (Always Active)
Cookies required to enable basic website functionality.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

U.S. Executive Order on new EU-U.S. Data Privacy Framework: What does it mean for the transatlantic data flows?

On October 7th, President Joe Biden signed an Executive Order on ‘’Enhancing Safeguards for United States Signals Intelligence Activities” which implements the agreement reached in March 2022 for the new Trans-Atlantic Data Privacy Framework into U.S. law.

Sibel Hanuschek
October 12, 2022

On October 7th, President Joe Biden signed an Executive Order on ‘’Enhancing Safeguards for United States Signals Intelligence Activities” which implements the agreement reached in March 2022 for the new Trans-Atlantic Data Privacy Framework into U.S. law.

The Executive Order implements, in particular the following:

  • Further safeguards which are limiting U.S. intelligence activities to the extent necessary and proportionate in order to protect national security;
  • Extended responsibilities of legal, oversight and compliance officials for ensuring compliant processing of personal data collected through intelligence activities;
  • Requirements for U.S. intelligence agencies to update their policies and procedures to implement the new safeguards;
  • A two-tier redress system for investigation and resolving complaints concerning access to European’s data by U.S. authorities.

             .First layer consists of an initial investigation conducted by the Civil Liberties Protection Officer (CLPO) whether the safeguards were violated and to determine a               remedy for the violations.

             .Second layer consists of an independent review of the decisions of the CLPO by the Data Protection Review Court (DPRC), the judges of which will be appointed               from outside of the US Government. The decisions and the remediations will be binding. The Courts’ review will be further enhanced by selection of a special               advocate who will ensure that the complainants’ interests are represented before the Court.

  • Review of the intelligence agencies’ policies and procedures as well as their compliance with the decisions of the CLPO and DPRC by the Privacy and Civil Liberties Oversight Board.

What is next?  

The European Commission will now carry out its adequacy assessment, propose a draft adequacy decision and launch its adequacy process which consists of several steps including obtaining opinion from the European Data Protection Board and approval from the EU Member States. Once the final adequacy decision is adopted, data can flow freely between the EU and U.S. companies that joined the framework.

Impact on cleversoft services

cleversoft services run mostly on cloud services provided by U.S. based companies. Therefore, we are very pleased that the EU-U.S. relations strengthen the data privacy framework which allows our services to keep leveraging state-of-the-art cloud technology and to be at the forefront of innovation.

We, at cleversoft, monitor data protection laws and regulations closely and will keep you informed about further developments.