Biden Expected to Publish New Privacy Shield Agreement
As the world becomes increasingly more interconnected through digital and online communication, many nations around the world are considering enacting legislation that would serve to regulate the transmission of personal information between individuals residing in different countries. To this end, major news organizations across the U.S. have reported that “The White House is expected to publish its long-awaited executive order on transatlantic data transfers next week, according to three officials with knowledge of the matter. The order is designed to address European concerns over surveillance practices in the United States and may be signed by President Joe Biden and then published as early as October 3, 2022.”
For reference, the White House issued a press release on March 22 of this year that concerned the creation of a Trans-Atlantic Data Privacy Framework. This data privacy framework is reportedly designed to “foster trans-Atlantic data flows and address the concerns raised by the Court of Justice of the European Union when it struck down in 2020 the Commission’s adequacy decision underlying the EU-U.S. Privacy Shield framework.” This being the case, one of the primary issues that have been raised concerning this proposed Privacy Shield framework is the level to which U.S. officials would be permitted to implement surveillance within European nations.
Data privacy issues
To this last point, government officials within Brussels, Belgium, and Washington, D.C. agreed to a revamped Privacy Shield agreement in order to address the data privacy concerns that were raised when the idea was first introduced in 2020. Most notably, this new agreement will reportedly outline the specific forms of personal data that are deemed “necessary and proportionate” for government agencies as it relates to surveillance, and will stand to drastically change the manner in which the personal information of both Americans and citizens of EU members states can be used for national security purposes. Likewise, this new agreement represents two years of fierce negotiations between the U.S. government and the European Union.
Subsequently, President Biden has stated that the new framework would allow the EU “to once again authorize transatlantic data flows that help facilitate $7.1 trillion in economic relationships.” To this end, while standards regarding personal data were one major factor that prevented the adoption of the Trans-Atlantic Data Privacy Framework in 2020, another topic of discussion has been the role that such a framework would play in the ability of international businesses and organizations to conduct their respective operations. For example, a business that employs workers in both the U.S. and the EU would need to provide such employees with a wide range of personal data, including payroll and demographic data, among other things.
Nevertheless, the level of data protection that exists within the U.S. is extremely limited when compared to the laws and regulations that govern the EU. For instance, while the EU completely changed the personal data protection landscape worldwide with the enactment of the landmark General Data Protection Regulation (GDPR) in 2018, the U.S. has yet to even pass a federal data privacy law as of 2022, in spite of numerous laws and draft bills that have been proposed in the past 4 years alone. Understandably so, there were also concerns about the ways in which the personal data of EU citizens would be safeguarded within the confines of business operations, even when taking the topic of government surveillance into account.
A lengthy ratification process
In spite of the preliminary agreement that has been reached between the U.S. and the EU with respect to the new Privacy Shield, Biden’s executive order will still need to be ratified by the EU, in a process that could take as long as 6 months. With this being said, the new agreement may be finalized until March of next year, as government officials within the EU review the agreements and are assured that it adequately protects the personal data of the citizens that reside across Europe. As such, communications between the U.S. and the EU will continue to be governed by the GDPR within Europe, in addition to the various sector-specific data privacy laws that currently exist within the U.S. until an agreement is officially reached.
As the U.S. and EU are both politically and economically aligned, it is only fitting that they also align themselves as it relates to digital communications. Moreover, the creation of a Trans-Atlantic Data Privacy Framework also has the potential to influence the enactment of newfound data protection legislation within the U.S., as the EU’s GDPR law would come to impact American citizens in a manner that the regulation had not done previously. As a result, while many of the particulars of the new proposed Privacy Shield have yet to be revealed, the agreement will nevertheless be a positive development as it relates to data protection and personal privacy.