US and EC Forge Trans-Atlantic Data Privacy Framework

On March 25, the White House and the European Commission announced they had agreed to a new Trans-Atlantic Data Privacy Framework which addresses the EU Court of Justice’s concerns.

The United States has committed to reform the manner in which it conducts U.S. signals intelligence activities to ensure privacy safeguards are in place. The White House statement noted that these safeguards will “ensure the signals surveillance activities are necessary and proportionate in the pursuit of defined national security objectives, [and] establish a two-level independent redress mechanism with binding authority to direct remedial measures.”

The European Commission’s president Ursula von der Leyen, in a statement to U.S. president Biden, said she believed the trans-Atlantic partnership was stronger than ever. She continued, “And we also need to continue adapting our own democracies to a changing world. This is particularly true when it comes to digitalization, in which the protection of personal data and privacy has become so crucial. Therefore, I am very pleased that we have found an agreement in principle on a new framework for transatlantic data flows. This will enable predictable and trustworthy data flows between the EU and US, safeguarding privacy and civil liberties.” In conclusion, von der Leyen noted, “This is another step in strengthening our partnership. We managed to balance security and the right to privacy and data protection.”

Inside the Guts of the Framework

The White House’s fact sheet highlighted the meat and potatoes of the new framework, centered around the “shared commitment to privacy, data protection, the rule of law, and our collective security as well as our mutual recognition of the importance of trans-Atlantic data flows to our respective citizens, economies and societies.”

What the framework does not do is provide a road map for participating companies to avoid the Privacy Shield principles and the requirement to self-certify through the Department of Commerce. That will remain, and EU citizens/individuals will continue to enjoy avenues of recourse.

What’s next for the framework?

The U.S. government and the European Commission will now, working jointly, turn the framework into legal documents. The White House notes, “These U.S. commitments will be included in an Executive Order that will form the basis of the Commission’s assessment in its future adequacy decision.”

The U.S. intelligence community will do the heavy lifting here, as they work to ensure that their actions adequately protect the United States and its citizens while at the same time making the necessary adjustments to meet the new standard outlined in the framework.

Companies will want to monitor the implementation to ensure their data flows are in compliance.

Christopher Burgess

Christopher Burgess (@burgessct) is a writer, speaker and commentator on security issues. He is a former Senior Security Advisor to Cisco and served 30+ years within the CIA which awarded him the Distinguished Career Intelligence Medal upon his retirement. Christopher co-authored the book, “Secrets Stolen, Fortunes Lost, Preventing Intellectual Property Theft and Economic Espionage in the 21st Century”. He also founded the non-profit: Senior Online Safety.

burgesschristopher has 186 posts and counting.See all posts by burgesschristopher