The White House is expected to publish an executive order on international data transfers next week, reports Politico. The order is designed to “address European concerns over surveillance practices in the United States,” Politico explains.
Since 2016, the European Union and the U.S. have operated under what is known as the Privacy Shield agreement. The agreement is intended to give companies in the United States and in Europe the ability to “comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce.” In July 2020, the EU’s top court struck down the Privacy Shield agreement over fears that European data was not safe from access by American agencies.
Politico reports that the executive order will include new legal protections for both European and American citizens regarding how U.S. national security agencies can access and use their data.
Peter Swire, a former Clinton administration chief counselor for privacy and current professor at Georgia Tech, believes the U.S. Department of Justice will create an independent court to address U.S. national security agencies’ ability to access European data. “Step one is independent adjudication with the Department of Justice, step two is the executive order requiring intelligence agencies to follow the decisions of those judges,” Swire told Politico.
Experts also believe that the executive order will not fully resolve issues related to the privacy Shield agreement. “Signing the executive order doesn’t mean that we will immediately have an adequacy decision for the Privacy Shield that would legitimize transfers of personal data from the EU,” said Dr. Gabriela Zanfir-Fortuna, vice-president of global policy at Future of Privacy Forum, a Washington, DC-based think tank and data privacy advocacy group. “The process is still long and it will require several months for the European Commission to adopt an adequacy decision,” Zanfir-Fortuna added.
Kirk Nahra, a privacy attorney and co-chair of the cybersecurity and privacy practice at international law firm WilmerHale, agrees that hurdles remain in the EU. “We expect that any new program will both need to be approved by the EU and then will be challenged [in court] even if approved,” said Nahra.