President Biden’s Executive Order on U.S. Signals Intelligence Activities
Linda V. Priebe, JD, CIPP/E is Partner and Chair of Culhane Meadows
About this talk
President Biden’s Executive Order on U.S. Signals Intelligence Activities for EU-U.S. Data Transfers: Is it Adequate for the EU?
Since the EU-U.S. Privacy Shield data privacy/protection compliance framework for EU-U.S. personal data transfers/access/data flows was declared invalid by the Court of Justice of the European Union (CJEU) in its Schrems II decision in July 2020, GDPR compliance has been in turmoil and much more difficult for U.S. companies, especially small and medium sized companies. But a few weeks ago in October 2022, and over 2 years after the Schrems II ruling, President Biden’s new Executive Order (EO) creating the EU-U.S. Data Privacy Framework has given over 6,000 previously U.S. Privacy Shield certified companies hope that their EU-U.S. Personal Data Flows compliance may finally be streamlined once again and achieve legal adequacy under the EU/EEA/Swiss/UK General Data Protection Regulation(s)(GDPR).
The Biden EO is designed to resolve European legal concerns regarding use of U.S. based service providers resulting from U.S. intelligence agencies’ potential access to EU-U.S. transfers of EU personal data following the Schrems II decision. In response to Schrems II there has been a non-stop parade of European legal determinations ranging from recommended supplemental security measures to prevent U.S. law enforcement access to European personal data to declaring complete illegality of using certain U.S. service providers, to findings that use of U.S. service providers does not inherently violate the GDPR. The whiplash of European legal developments has resulted in much frustration and fear that EU-U.S. data flows will be stifled impairing bilateral EU-U.S. trade in services which amounted to over 500 billion Euros in 2021.
ISSA is the community of choice for international cybersecurity professionals dedicated to advancing individual growth, managing technology risk and protecting critical information and infrastructure.…