President Biden issued an executive order (EO) increasing protections and safeguards for personal data subject to signals intelligence activities. It also establishes a redress mechanism for residents of qualifying states who allege they were harmed by U.S. signals intelligence activity conducted in violation of U.S. law. The EO is intended to address perceived deficiencies in U.S. surveillance law identified by the Court of Justice of the European Union (CJEU) in its July 16, 2020 judgment (Schrems II) and to establish protections under U.S. law for personal data equivalent to those provided by the European General Data Protection Regulation (GDPR). The EO has been expected since the United States and the European Commission entered into an agreement on a Trans-Atlantic Data Privacy Framework in March of 2022. It places EU-to-U.S. data transfers on more solid footing under European Union (EU) law and is expected to support a new finding by the European Commission that the United States is among the handful of jurisdictions globally that provides adequate protection to personal data transferred from the EU.

Click here to read the full update.