Iubenda logo
Start generating

Documentation

Table of Contents

Biden Signs Executive Order to Implement the EU-US Framework

President Biden has signed an Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities to meet the obligations of the EU-U.S. Data Privacy Framework.

The Executive Order could be the solution to providing greater protection for the personal data sent between the US and the EU and will provide the European Commission with a basis for adopting a new adequacy decision, which will restore a valid data transfer mechanism. Keep reading for the latest on the EU-U.S Data Privacy Framework.

In short: 

  1. Why is the EU-U.S. Data Privacy Framework important? 
  2. A Quick Overview of the Executive Order
  3. What does this mean for your Business?
    • What do you need to do now?

Why is the EU-U.S. Data Privacy Framework important? 

Cross-border data flows are essential for U.S. and EU businesses of all sizes to engage in the digital economy.

As stated by the Whitehouse in their latest factsheet, the EU-U.S. economy is worth $7.1 trillion and depends on the transatlantic data flows to function. The Data Privacy EU-U.S. Framework will reestablish a fundamental legal basis for transatlantic data flows. 

🚀 The EU-US Data Privacy Framework symbolizes the strength of the long-lasting partnership between the EU and the US based on shared values that will restore trust and stability to transatlantic data flows. See our previous article here for more information on Transatlantic Data Privacy flows. 

📌 A Quick Overview of the Executive Order

The Executive Order is set to strengthen a stringent set of civil rights and privacy protections for American signals intelligence activities and ease the concerns by highlighting a number of important framework components, such as:

👉 additional safeguards, including a requirement that the US signals intelligence activities only be carried out in the service of clearly specified national security goals;

👉 guidelines for how to handle personal data gathered as part of US signals intelligence activities and assigns legal, supervisory, and compliance personnel the duty of enforcing compliance;

👉 addressing the lack of access for data subjects to seek legal assistance when their personal data is intercepted in US intelligence efforts. 

👉 establishing a multi-layered procedure for residents of qualified states and regional economic integration organizations to seek independent and legally-binding examination and remedy of claims that the United States improperly collected/handled their personal information obtained by U.S. signals intelligence, including the improved protections in the executive order.

👉 ensuring policies and practices of the Intelligence Community are in line with the EU-US Data Privacy Framework.

💡 For further information on how the new framework might affect things, see the FACT SHEET: President Biden Signs Executive Order to Implement the European Union-U.S. Data Privacy Framework.

What does this mean for your Business? 

Businesses would be able to have an established framework to rely on for EU-U.S. transfers for the first time since the privacy shield was struck down. Making it easier for this type of extra-territorial transfer as businesses won’t have to spend more time scrambling through various ambiguous rules and will increase legal certainty for businesses that use standard contractual clauses and binding corporate rules.

With the US now having issued its Executive Order, the European Commission will be able to issue an ‘adequacy decision’, which may legitimize data transfers between the EU and the US. The decision-making process could take up to six months. 

💡 Businesses should keep in mind that transfers from the EU to other third countries will still require a Transfer Impact Assessment (TIA). It is crucial to keep data records updated in order to comply with the GDPR.

What do you need to do now?

💡For now, your business can keep relying on the following:

Standard Contractual Clauses (SCCs) 
Transfer Impact Assessment (TIA) – Businesses should keep in mind that transfers from the EU to other third countries will still require a TIA. It is crucial to keep data records updated in order to comply with the GDPR.
Disclosing any overseas data transfers within your privacy policy.

👋

Please note, Even if you have a data agreement in place, don’t forget that you need to disclose data transfers, click here to see how!