London
83 Baker St, London, W1U 6AG, England
Charlotte
The Hurt Hub @Davidson College, 210 Delburg St, 28036
Joe Biden’s Executive Order aims to make room for the EU-US Data Privacy Framework by addressing two primary concerns in the Schrems II court case (which famously ruined the Privacy Shield program that many US-based SaaS or consumer internet companies adhered to):
As expected, Max Schrems (of CJEU fame) was quick to point out that neither of those would suffice.
At the core of his arguments: The US Fourth Amendment keeps making a distinction between US citizens and aliens when shielding people from government-sponsored surveillance (whereas EU law considers privacy a “fundamental human right” regardless of nationality).
As a consequence, when it comes to the solutions provided by the Joe Biden’s Executive Order and Department of Justice Regulations:
The best hope for the Data Privacy Framework’s success seems to lie now in the upcoming renewal of Section 702 FISA (Foreign Intelligence Surveillance Act) – a key piece of the puzzle, allowing US spies to freely collect data pertaining to non-US citizens.
No matter what, the Brussels hallways will take months to digest the Data Privacy Framework, and then all EU capitals will take their turn.
If we had to find an immediate positive impact, Transfer Impact/Risk Assessments tied to the use of Standard Contract Clauses (an alternative personal data transfer vehicle severely wounded by the Schrems II decision) are likely to require a lower bar. The same could be said of “supplementary measures” equally required in the use of SCCs (these being dependent on the specific risks associated with surveillance practices in place at the country of destination). Most US-based Marketing Technology solutions have been relying on this instrument for the past few months.
(Photo by Ximena Pineda on Unsplash)