Blog

Shanzay Pervaiz

An Exciting Season for Cross-Border Data Flows

This was an eventful summer for cross-border data flows. Three years ago, the Schrems II decision struck down Privacy Shield putting transatlantic data flows at risk. After many months of quiet negotiation, there was a succession of key events following the issuance of Executive Order 14086 last October.  On July 3rd, the Office of the … Continue reading An Exciting Season for Cross-Border Data Flows

Lauren Mantel

Opaque Notification: A Country-by-Country Review

At Privacy Across Borders, we have been researching how other countries contend with providing notification to individuals about whether they have been the target of surveillance by their country’s intelligence agencies. In "Without Confirming or Denying": Opaque Notification and National Security Redress, Alex Joel examines the opacity of notification under U.S. law and the practice’s … Continue reading Opaque Notification: A Country-by-Country Review

Alex Joel

Without Confirming or Denying

Executive Order (EO) 14086 establishes an innovative two-tier redress mechanism for individuals with “qualifying complaints” about U.S. signal intelligence activities. One aspect of this mechanism has generated controversy: notification. EO 14086 requires that notification be provided “without confirming or denying that the complainant was subject to United States signals intelligence activities” (section 3(c)(i)(E)). In addition, … Continue reading Without Confirming or Denying

Alex Joel

A System of Many Layers with Many Players

The European Data Protection Board is working on its advisory opinion regarding the European Commission’s draft adequacy decision on the EU-U.S. Data Privacy Framework. We at Privacy Across Borders are working on our own analyses of how well the executive order at the core of that framework—Executive Order 14086—hits the targets of necessity, proportionality, and … Continue reading A System of Many Layers with Many Players

Shanzay Pervaiz

A Busy—and Momentous—News Week at the Intersection of Privacy, National Security, and Data Flows

This was a busy week for those following developments in privacy and cross-border data flows! The European Commission released its highly anticipated draft adequacy decision on the EU-US Data Privacy Framework. The European Commission stated, “that the United States ensures an adequate level of protection for personal data transferred from the EU to US companies.” … Continue reading A Busy—and Momentous—News Week at the Intersection of Privacy, National Security, and Data Flows

Shanzay Pervaiz

Overview of Implementation Procedures for EO 14086

By: Alex Joel, Senior Project Director and Shanzay Pervaiz, Senior Researcher Submitting and Investigating Complaints under Executive Order 14086 As we laid out in What’s Next for the New Executive Order and the DPRC?, Executive Order 14086 assigns various tasks that must be completed within specified deadlines. One of those is for the Office of … Continue reading Overview of Implementation Procedures for EO 14086

Alexandra Cohen

Can a Federal District Court Review the Decisions of the New Data Protection Review Court?

By: Alex Joel, Senior Project Director, and Alexandra Cohen, Research Assistant When the Court of Justice of the European Union (CJEU) invalidated the European Commission’s adequacy decision for the EU-U.S. Privacy Shield framework, one ground for their decision was that, with regard to U.S. Government surveillance, “EU data subjects lack actionable judicial redress and, therefore, do not … Continue reading Can a Federal District Court Review the Decisions of the New Data Protection Review Court?

Sanghmitra Sahai

Data Localization and “Critical Personal Data” Under India’s Personal Data Protection Bill

On August 4th, 2022, the Indian Government withdrew the much debated Personal Data Protection Bill, 2019, after deliberating over it for more than two years and receiving comments from various experts and stakeholders across the country. Several recommendations were issued by the Joint Parliamentary Committee on the provisions of the Bill as well. Commentators have … Continue reading Data Localization and “Critical Personal Data” Under India’s Personal Data Protection Bill

Shanzay Pervaiz

What’s Next for the New Executive Order and the DPRC?

Now that the Executive Order (EO) and DOJ regulations on the EU-US Data Privacy Framework have been released, what do those instruments require the government to do next? There are a few components to think about. First, what is next for the conduct of signals intelligence (SIGINT), and second, what is next for redress? This … Continue reading What’s Next for the New Executive Order and the DPRC?