On October 7th, President Joe Biden signed an Executive Order on ‘’Enhancing Safeguards for United States Signals Intelligence Activities” which implements the agreement reached in March 2022 for the new Trans-Atlantic Data Privacy Framework into U.S. law.
The Executive Order implements, in particular, the following:
- Further safeguards which are limiting U.S. intelligence activities to the extent necessary and proportionate in order to protect national security;
- Extended responsibilities of legal, oversight and compliance officials for ensuring compliant processing of personal data collected through intelligence activities;
- Requirements for U.S. intelligence agencies to update their policies and procedures to implement the new safeguards;
- A two-tier redress system for investigation and resolving complaints concerning access to European’s data by U.S. authorities.
- The first layer consists of an initial investigation conducted by the Civil Liberties Protection Officer (CLPO) whether the safeguards were violated and to determine a remedy for the violations.
- The second layer consists of an independent review of the decisions of the CLPO by the Data Protection Review Court (DPRC), the judges of which will be appointed from outside of the US Government. The decisions and the remediations will be binding. The Courts’ review will be further enhanced by selection of a special advocate who will ensure that the complainants’ interests are represented before the Court.
- Review of the intelligence agencies’ policies and procedures as well as their compliance with the decisions of the CLPO and DPRC by the Privacy and Civil Liberties Oversight Board.
What is next?
The European Commission will now carry out its adequacy assessment, propose a draft adequacy decision and launch its adequacy process which consists of several steps including obtaining an opinion from the European Data Protection Board and approval from the EU Member States. Once the final adequacy decision is adopted, data can flow freely between the EU and U.S. companies that joined the framework.
Impact on cleversoft services
cleversoft services run mostly on cloud services provided by U.S. based companies. Therefore, we are very pleased that the EU-U.S. relations strengthen the data privacy framework which allows our services to keep leveraging state-of-the-art cloud technology and to be at the forefront of innovation.
We, at cleversoft, monitor data protection laws and regulations closely and will keep you informed about further developments.