At Privacy Across Borders, we have been researching how other countries contend with providing notification to individuals about whether they have been the target of surveillance by their country’s intelligence agencies. In "Without Confirming or Denying": Opaque Notification and National Security Redress, Alex Joel examines the opacity of notification under U.S. law and the practice’s … Continue reading Opaque Notification: A Country-by-Country Review
Without Confirming or Denying
Executive Order (EO) 14086 establishes an innovative two-tier redress mechanism for individuals with “qualifying complaints” about U.S. signal intelligence activities. One aspect of this mechanism has generated controversy: notification. EO 14086 requires that notification be provided “without confirming or denying that the complainant was subject to United States signals intelligence activities” (section 3(c)(i)(E)). In addition, … Continue reading Without Confirming or Denying
A System of Many Layers with Many Players
The European Data Protection Board is working on its advisory opinion regarding the European Commission’s draft adequacy decision on the EU-U.S. Data Privacy Framework. We at Privacy Across Borders are working on our own analyses of how well the executive order at the core of that framework—Executive Order 14086—hits the targets of necessity, proportionality, and … Continue reading A System of Many Layers with Many Players
A Busy—and Momentous—News Week at the Intersection of Privacy, National Security, and Data Flows
This was a busy week for those following developments in privacy and cross-border data flows! The European Commission released its highly anticipated draft adequacy decision on the EU-US Data Privacy Framework. The European Commission stated, “that the United States ensures an adequate level of protection for personal data transferred from the EU to US companies.” … Continue reading A Busy—and Momentous—News Week at the Intersection of Privacy, National Security, and Data Flows
Overview of Implementation Procedures for EO 14086
By: Alex Joel, Senior Project Director and Shanzay Pervaiz, Senior Researcher Submitting and Investigating Complaints under Executive Order 14086 As we laid out in What’s Next for the New Executive Order and the DPRC?, Executive Order 14086 assigns various tasks that must be completed within specified deadlines. One of those is for the Office of … Continue reading Overview of Implementation Procedures for EO 14086
Can a Federal District Court Review the Decisions of the New Data Protection Review Court?
By: Alex Joel, Senior Project Director, and Alexandra Cohen, Research Assistant When the Court of Justice of the European Union (CJEU) invalidated the European Commission’s adequacy decision for the EU-U.S. Privacy Shield framework, one ground for their decision was that, with regard to U.S. Government surveillance, “EU data subjects lack actionable judicial redress and, therefore, do not … Continue reading Can a Federal District Court Review the Decisions of the New Data Protection Review Court?
Data Localization and “Critical Personal Data” Under India’s Personal Data Protection Bill
On August 4th, 2022, the Indian Government withdrew the much debated Personal Data Protection Bill, 2019, after deliberating over it for more than two years and receiving comments from various experts and stakeholders across the country. Several recommendations were issued by the Joint Parliamentary Committee on the provisions of the Bill as well. Commentators have … Continue reading Data Localization and “Critical Personal Data” Under India’s Personal Data Protection Bill
What’s Next for the New Executive Order and the DPRC?
Now that the Executive Order (EO) and DOJ regulations on the EU-US Data Privacy Framework have been released, what do those instruments require the government to do next? There are a few components to think about. First, what is next for the conduct of signals intelligence (SIGINT), and second, what is next for redress? This … Continue reading What’s Next for the New Executive Order and the DPRC?
Breaking New Ground
Like much of the privacy community, we at Privacy Across Borders are closely studying the executive order to see whether it will hit the redress and necessity and proportionality targets laid out in the Schrems II ruling. We will soon post our initial impressions on the specific parts of the order that are aimed at … Continue reading Breaking New Ground
Will the TADPF Executive Order Hit the Target?
By: Alex Joel, Senior Project Director and Shanzay Pervaiz, Senior Researcher With the new executive order for the Trans-Atlantic Data Privacy Framework (TADPF) expected soon, now is a good time to revisit the goal that it is intended to achieve: satisfying the legal requirements set out by the Schrems II decision. These are typically thought of as … Continue reading Will the TADPF Executive Order Hit the Target?