Iubenda logo
Start generating


Table of Contents

Biden Signs Executive Order to Implement the EU-US Framework

📢 Important Update: EU-US Data Privacy Framework Agreement Reached! 🌍🤝

In light of this significant development, we have updated our coverage to reflect the latest information. To stay up-to-date on the new EU-US Data Privacy Framework agreement and its implications, we invite you to read our latest article on the topic.

🔍 Discover the latest: EU to USA Personal Data Transfers Now Approved

Thank you for your continued support and trust in our coverage of important global issues!

President Biden has signed an Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities to meet the obligations of the EU-U.S. Data Privacy Framework.

The Executive Order could be the solution to providing greater protection for the personal data sent between the US and the EU and will provide the European Commission with a basis for adopting a new adequacy decision, which will restore a valid data transfer mechanism. Keep reading for the latest on the EU-U.S Data Privacy Framework.

In short: 

  1. Why is the EU-U.S. Data Privacy Framework important? 
  2. A Quick Overview of the Executive Order
  3. What does this mean for your Business?
    • What do you need to do now?

UPDATE February 2023:

The European Parliament has concluded that the “EU-US Data Privacy Framework fails to create actual equivalence in the level of protection”, pointing out, among others:

  • the lack of federal privacy and data protection legislation in the United States;
  • the different meaning that the “principles of proportionality and necessity” have under Executive Order 14086 on “Enhancing Safeguards For the United States Signals Intelligence Activities”, compared to the “EU law and their interpretation by the CJEU”;
  • that the “Decisions of the Data Protection Review Court (‘DPRC’) will be classified and not made public or available to the complainant“, concluding that, for this and other reasons, the DPRC does not meet the standards of independence and impartiality of Article 47 of the Charter;

The EP, therefore, “urges the Commission not to adopt the adequacy finding”.

Access the full draft here.

Disclaimer: please note that the article, published October 2022, describes the progression status of the EU-US Framework at that time. Therefore, the current text is not final and may be subject to significant changes due to further developments of the matter.

As always, we will monitor this closely and update accordingly.

Why is the EU-U.S. Data Privacy Framework important? 

Cross-border data flows are essential for U.S. and EU businesses of all sizes to engage in the digital economy.

As stated by the Whitehouse in their latest factsheet, the EU-U.S. economy is worth $7.1 trillion and depends on the transatlantic data flows to function. The Data Privacy EU-U.S. Framework will reestablish a fundamental legal basis for transatlantic data flows. 

🚀 The EU-US Data Privacy Framework symbolizes the strength of the long-lasting partnership between the EU and the US based on shared values that will restore trust and stability to transatlantic data flows. See our previous article here for more information on Transatlantic Data Privacy flows. 

📌 A Quick Overview of the Executive Order

The Executive Order is set to strengthen a stringent set of civil rights and privacy protections for American signals intelligence activities and ease the concerns by highlighting a number of important framework components, such as:

👉 additional safeguards, including a requirement that the US signals intelligence activities only be carried out in the service of clearly specified national security goals;

👉 guidelines for how to handle personal data gathered as part of US signals intelligence activities and assigns legal, supervisory, and compliance personnel the duty of enforcing compliance;

👉 addressing the lack of access for data subjects to seek legal assistance when their personal data is intercepted in US intelligence efforts. 

👉 establishing a multi-layered procedure for residents of qualified states and regional economic integration organizations to seek independent and legally-binding examination and remedy of claims that the United States improperly collected/handled their personal information obtained by U.S. signals intelligence, including the improved protections in the executive order.

👉 ensuring policies and practices of the Intelligence Community are in line with the EU-US Data Privacy Framework.

💡 For further information on how the new framework might affect things, see the FACT SHEET: President Biden Signs Executive Order to Implement the European Union-U.S. Data Privacy Framework.

What does this mean for your Business? 

Businesses would be able to have an established framework to rely on for EU-U.S. transfers for the first time since the privacy shield was struck down. Making it easier for this type of extra-territorial transfer as businesses won’t have to spend more time scrambling through various ambiguous rules and will increase legal certainty for businesses that use standard contractual clauses and binding corporate rules.

With the US now having issued its Executive Order, the European Commission will be able to issue an ‘adequacy decision’, which may legitimize data transfers between the EU and the US. The decision-making process could take up to six months. 

💡 Businesses should keep in mind that transfers from the EU to other third countries will still require a Transfer Impact Assessment (TIA). It is crucial to keep data records updated in order to comply with the GDPR.

What do you need to do now?

💡For now, your business can keep relying on the following:

Standard Contractual Clauses (SCCs) 
Transfer Impact Assessment (TIA) – Businesses should keep in mind that transfers from the EU to other third countries will still require a TIA. It is crucial to keep data records updated in order to comply with the GDPR.
Disclosing any overseas data transfers within your privacy policy.


Please note, Even if you have a data agreement in place, don’t forget that you need to disclose data transfers, click here to see how!