Reaching the EU-US Data Privacy Framework: First reactions to Executive Order 14086

Briefing 14-12-2022

This briefing examines the US Executive Order 14086 and its accompanying regulation as the first building block of a new EU-US data transfer framework. After the Court of Justice of the European Union declared invalid parts of the predecessor framework on account of extensive US intelligence powers and insufficient redress mechanisms, data transfers from the EU to the US became subject to serious compliance risks. The new US framework aims to enhance the level of privacy and data protection for EU data subjects to match, in essence, that of the EU and thereby meet EU requirements for data transfers. Views on the new US amendments diverge. Critics submit that the requirements used to limit signals intelligence activities are susceptible to liberal interpretation and, in parts, open to secret amendments by the President. They also call into question the independence and effectiveness of the redress mechanism on account of its integration with the executive branch and transparency deficits.