This thesis explores the complex balance between national security and privacy rights within the context of EU-US data transfers by assessing the previous and current legal frameworks, shaped by the Schrems I and II rulings and the European Commission’s Adequacy Decision of 10th July 2023. These judicial decisions, and the consequent bilateral efforts to build a safe data transfer system following the invalidation of previous frameworks, highlight the tension between the EU’s comprehensive General Data Protection Regulation and the US’s fragmented data protection approach.
As technology expands in all facets of life, so do national security concerns, leading states to enhance surveillance, which may often result in the compromising of individual privacy. US surveillance practices, in particular, have raised significant concerns, due to the wide powers afforded to US authorities to access data of non-US citizens. In light of these concerns, the CJEU invalidated the Safe Harbor and Privacy Shield Frameworks, due to a non-equivalent and thus inadequate standard of data protection in the US for EU citizens’ data, citing in particular the extended scope of US surveillance practices.
The new EU-US Data Protection Framework, which was adopted with the July 2023 Commission decision, aims to address these issues, but has already faced stark criticism for its limitations and potential inadequacies. These include the DPF’s reliance on self-certification, an insufficient oversight by US authorities, the limitations of Executive Order 14086 and a refusal to actuate a reform of Section 702 of FISA, among other concerns.
Internal EU challenges, such as divergent interpretations by EU Member States of national security and legitimate surveillance practices, complicate efforts to harmonize standards and maintain credibility in dictating data protection norms outside the EU.
Balancing national security and privacy rights is an ongoing challenge, influenced by political, legal, and geopolitical factors. This thesis calls for innovative legal and policy responses to balance these imperatives and protect individual rights in an interconnected world.