Since a European court invalidated an earlier version in 2020, the new framework significantly closes a gap in data protections on both sides of the Atlantic. The court determined that the U.S. had an excessive amount of power to monitor European data transferred under the previous arrangement.
The court case, known as Schrems II, “created enormous uncertainty about the ability of companies to transfer personal data from the European Union to the United States in a manner consistent with EU law,” then-Deputy Assistant Commerce Secretary James Sullivan wrote in a public letter shortly after the decision. The result increased business complexity by requiring U.S. corporations to use several "EU-approved data transmission protocols" on an as-needed basis, according to Sullivan.
The so-called Privacy Shield 2.0 seeks to address European concerns about possible surveillance by U.S. intelligence agencies. In March, after the U.S. and EU agreed in principle to the new framework, the White House said in a fact sheet that the United States is “committed to implement new safeguards to ensure that signals intelligence activities are necessary and proportionate in the pursuit of defined national security objectives.”
With the new system, EU citizens will have access to a Data Protection Review Court (DPRC) that is independent of the U.S. government and composed of members from other countries. According to the March fact sheet, the committee "would have complete authority to adjudicate allegations and direct remedial steps as needed."
The civil liberties protection officer in the Office of the Director of National Intelligence will also carry out an initial inquiry of complaints before a matter reaches the DPRC. Its judgments are final and enforceable, subject to review by the impartial body.
The executive order instructs the American intelligence community to change its policies and practices to conform to the framework's new privacy protections. It gives the independent Privacy and Civil Liberties Oversight Board instructions to go over these revisions and undertake an annual evaluation of the intelligence community's compliance with binding redress rulings.
“The EU-U.S. Data Privacy Framework includes robust commitment to strengthen the privacy and civil liberties safeguards for signals intelligence, which will ensure the privacy of EU personal data,” Commerce Secretary Gina Raimondo told reporters Thursday.