Security News > 2022 > December > EU takes another step towards US data-sharing agreement
The signature of a US Executive Order by President Biden on 7 October 2022, along with the regulations issued by US Attorney General Merrick Garland, agreed that access to personal data from Europe by US intelligence agencies would be limited to what is necessary and proportionate to protect national security.
Under the Cloud Act, US law enforcement authorities can request personal data from US-based technology companies, regardless of the data's location, and this has been one of the key reasons data sharing with America is viewed as potentially not complying with EU privacy rules.
In the new Executive Order, the US also offered EU individuals the possibility to obtain redress regarding the collection and use of their data by US intelligence agencies before an independent and impartial redress mechanism, including a newly created Data Protection Review Court.
Austrian privacy activist Max Schrems brought the case - informally known as Schrems II - in 2015, complaining that Ireland's data protection agency did not stop Facebook in Ireland from sending data to the US, where spy agencies could gain access to it without legal redress from EU citizens.
Following the ruling, the European Commission - the EU's executive branch - began to work towards a framework for data sharing, a draft adequacy decision dubbed the EU-US Data Privacy Framework, designed to enable trans-Atlantic data flows and address the concerns of the CJEU. This week's draft decision follows the signature of a US Executive Order and new US regulations which built on the agreement in principle announced by EU president von der Leyen and Biden in March 2022.
Under the proposed arrangement, US companies will be able to join the EU-US Data Privacy Framework by committing to comply with privacy obligations, including a requirement to delete personal data when it is no longer necessary for the purpose for which it was collected, and to ensure continuity of protection when personal data is shared with third parties.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/12/14/eu_us_data_sharing_agreement/