Investigator:
Nikolaos Theodorakis

Abstract:
On October 7, 2022, President Biden signed an Executive Order on ‘Enhancing Safeguards for United States Signals Intelligence Activities’. The Executive Order addresses the concerns raised by the Court of Justice of the European Union (CJEU) when it invalidated the Privacy Shield in 2020, the previous framework that several companies relied to when transferring personal data from the EU to the US. The Executive Order, known as the Data Privacy Framework, includes enhanced safeguards that are designed to limit access to data by US intelligence authorities to what is necessary and proportionate to protect national security. Further, the Data Privacy Framework establishes a new redress mechanism, including the Data Protection Review Court (DPRC), which will resolve complaints from individuals regarding access to their data by US national security authorities.

The European Commission issued a draft adequacy decision on December 13, 2022, recognizing that the Data Privacy Framework provides comparable safeguards to those in the EU. The draft adequacy decision has been transmitted to the European Data Protection Board (EDPB) for its opinion, after which point the European Commission will decide whether to grant the US an adequacy finding. If so, the Data Privacy Framework will be the new path for transatlantic data transfers, after the invalidation of the EU-US Safe Harbor and the EU-US Privacy Shield. The working paper will discuss the particulars of the Data Privacy Framework, and the consequences it will have for the EU-US transatlantic data transfers.