Months after reaching a deal, the White House has taken official steps to protect data transfers between the US and European Union. President Biden has signed an executive order directing the government's efforts to implement the EU-US Data Privacy Framework. The approach mainly requires that intelligence agencies "take into consideration" privacy and civil liberties before seeking data, and only conduct surveillance when there's a clearly defined need to address national security concerns.
Intelligence gatherers will also need to update their policies on elements like data handling, with reviews keeping them in line. There will also be a "multi-layer" review process for EU residents' privacy violation complaints. The Office of the Director of National Intelligence (DNI) will investigate possible lawbreaking through its civil liberties officer, while the Attorney General will use a new Data Protection Review Court to review the results of those investigations and make binding rulings.
The Data Privacy Framework is a response to the EU Court of Justice striking down the Privacy Shield agreement in 2020. The court found that the pact gave the US too much leeway to surveil EU data, and wasn't consistent with privacy requirements effectively equal to European law. The US balked at this rejection, arguing that it cast doubt on companies' ability to legally transfer data.
The European Commission will still need to examine the framework to determine if it offers enough protection. Between this and law enforcement-oriented agreements with countries like Australia and the UK, though, the US is quickly firming up its approach to international data sharing — albeit with concerns that spies might still have too much power.