Access Alert: US Department of Commerce Publishes White Paper in Response to Schrems II

Access Alert: US Department of Commerce Publishes White Paper in Response to Schrems II

On September 28, in response to the Schrems II ruling, the US Department of Commerce, Department of Justice, & Office of the Director of National Intelligence published a White Paper on the US privacy safeguards relating to intelligence agencies’ access to data. According to Deputy Assistant Secretary James Sullivan, “While the White Paper can help organizations make the case that they should be able to send personal data to the United States using EU-approved transfer mechanisms, it is not intended to provide companies with guidance on EU law or what positions to take before EU regulators or courts.”

The White Paper, Information on US Privacy Safeguards Relevant to Standard Contractual Clauses (SCCs) and Other EU Legal Bases for EU-U.S. Data Transfers after Schrems II, notes that:

  1. Most US companies do not deal with data of any interest to US intelligence agencies and are not engaging in data transfers that present the type of privacy risks raised in Schrems II.
  2. Companies transferring personal data from the EU to the US may choose to rely on SCCs, which the Court of Justice of the European Union expressly upheld in Schrems II, with the caveat that companies determine whether the law of the US ensures adequate protection as afforded under EU law.
  3. The US Foreign Intelligence Surveillance Court’s role in authorizing and supervising Section 702 of the Foreign Intelligence Surveillance Act (FISA) targeting decisions compares favorably with intelligence programs in the EU.
  4. Unlike Section 702 of FISA, however, Executive Order 12333 does not authorize the US government to require any company or person to disclose data. Any requirement that a company in the United States disclose data to the government for intelligence purposes must be authorized by statute and must be targeted at specific persons or identifiers.
  5. Numerous additional privacy safeguards have been added to Section 702 of FISA since Decision 2016/1250, which approved the Privacy Shield framework for US-EU personal data transfers, was issued in July 2016.
  6. Several US statutes authorize individuals of any nationality to seek redress in US courts through civil lawsuits for violations of FISA, including violations of Section 702.

Related Articles

Access Alert: Maximising opportunities for the tech industry in a new era of EU competitiveness

Access Alert: Maximising opportunities for the tech industry in a new era of EU competitiveness

The Draghi report, published on 9 September 2024, presents a strategic roadmap for Europe to regain its global competitiveness. It...

11 Sep 2024 Opinion
旅客輸送サービスの現状調査:人口減少下の課題と展望

旅客輸送サービスの現状調査:人口減少下の課題と展望

Read the content in English 著者: Abhineet Kaul (Access Partnership), Swee Cheng Wei (Access Partnership), Chailyn Ong (Access Partnership) アドバイザー:...

30 Aug 2024 General
Passenger Transportation in Japan: Challenges and outlook with ongoing societal changes in less connected areas

Passenger Transportation in Japan: Challenges and outlook with ongoing societal changes in less connected areas

投稿を日本語で読む Authors: Abhineet Kaul (Access Partnership), Swee Cheng Wei (Access Partnership), Chailyn Ong (Access Partnership) Advisors: Dr. Tomoaki Watanabe (GLOCOM),...

30 Aug 2024 General
Access Alert: Update on Mexico’s Regulatory Reforms: What You Need to Know

Access Alert: Update on Mexico’s Regulatory Reforms: What You Need to Know

In recent developments, Mexico is moving forward with a constitutional reform aimed at dissolving several key autonomous agencies, including the...

28 Aug 2024 General