President Joe Biden signed an executive order Friday designed to allay European concerns that U.S. intelligence agencies are illegally spying on them. It promises strengthened safeguards against data collection abuses and creates a forum for legal challenges.
The order builds on a preliminary agreement Biden announced in March with European Commission President Ursula von der Leyen in a bid to end a yearslong battle over the safety of EU citizens’ data that tech companies store in the U.S.
The reworked Privacy Shield “includes a robust commitment to strengthen the privacy and civil liberties safeguards for signals intelligence, which should ensure the privacy of EU personal data,” Commerce Secretary Gina Raimondo told reporters.
“It also requires the establishment of a multilayer redress mechanism with independent and binding authority for EU individuals to seek redress if they believe they are unlawfully targeted by U.S. intelligence activities,” she added.
Washington and Brussels have long been at odds over the friction between the EU’s stringent digital privacy rules and the comparatively lax regime in the U.S., which lacks a federal privacy law. That has created uncertainty for tech giants including Google and Facebook’s parent company Meta, raising the prospect that U.S. tech firms might need to keep European data out of the U.S.
Friday’s order narrows the scope of intelligence gathering—regardless of a target’s nationality—to “validated intelligence priorities,” fortifies the mandate of the Civil Liberties Protection Officer in the Office of the Director of National Intelligence and directs the attorney general to establish an independent court to review related activities.
Europeans can petition that Data Protection Review Court, which is to be composed of judges appointed from outside the U.S. government.
The next step: Raimondo’s office was to send a series of letters to the 27-member EU that its officials can assess as the basis of a new framework.
She said the new commitments would address European Union legal concerns covering personal data transfers to the U.S. as well as corporate contracts. A revived framework “will enable the continued flow of data that underpins more than $1 trillion in cross-border trade and investment every year,” Raimondo said.
Twice, in 2015 and again in 2020, t he European Union’s top court has struck down data privacy framework agreements between Washington and Brussels. The first legal challenge was filed by Austrian lawyer and privacy activist Max Schrems, who was concerned about how Facebook handled his data in light of 2013 revelations about U.S. government cyber-snooping from former U.S. National Security Agency contractor Edward Snowden.