GDPR, US and the thing about law versus US Executive Orders
In the democratic structure of the European Union, the introduction of the General Data Protection Regulation (GDPR) was achieved through legal means. Its significance cannot be undermined, and any amendments to this legislation must be made with utmost diligence. This is why meticulous attention should de paid when assessing the adequacy of a non-EU country's ability to ensure safe data transfer under the GDPR framework. In July, the European Commission endorsed its adequacy decision in support of the EU-US Data Privacy Framework. Subsequently, this permits the unencumbered movement of personal data from the EU to American companies enrolled in the Data Privacy Framework.
The Commission elucidated, “The adequacy decision followed the adoption of Executive Order on ‘Enhancing Safeguards for United States Signals Intelligence Activities’ by US President Biden on 7 October and a Regulation issued by the US Attorney General.”
Similar decisions have been made previously and faced rejection, and this decision too will be legally challenged and likely overruled. The cause behind this stems from the inconsistency of the system of US President's Executive Orders with EU standards. These Executive Orders do not bear the force of law and can be altered with little to no prior notice or any substantial appeal process. Current or succeeding US Presidents hold the authority to amend or revoke preceding Executive Orders, and history suggests that such events have transpired and are liable to recur. Consequently, an adequacy decision founded on Executive Orders fails to align with the EU's perception of GDPR as a reliable, solid foundation for managing personal data. Companies and organizations constructing systems and relationships upon such an adequacy decision should be prepared for its potential annulment without forewarning. The unpredictability and risks associated with this approach make it unfeasible for business operations, potentially leading to substantial costs. It raises a critical question: How can data be safely retracted once shared, if the legal basis for sharing has been revoked?
There are glaring disparities between US law, Executive Orders, and European values. A recent instance highlighting these differences is the US's stance against allowing its citizens to be prosecuted by the International Criminal Court (ICC). The ICC, governed by the international treaty known as the Rome Statute, serves as a final resort to try individuals accused of severe international crimes, including genocide, war crimes, and crimes against humanity. However, the US, despite contributing to the court's creation, voted against the Rome Statute in 1998 alongside six other nations.
The American Service-Members' Protection Act, colloquially known as the Hague Invasion Act, enacted in 2002, authorizes the President to use military force to protect or liberate American officials and military personnel from prosecution or imprisonment. Furthermore, this act obstructs any cooperation between US entities and the ICC. The European Parliament resolution of July 4, 2002, officially denounced this act.
Subsequently, former US President Donald Trump issued Executive Order 13928 on June 11, 2020, barring ICC employees and their families from entering the US, citing the investigation or prosecution of US personnel by the ICC as a national threat. However, the precarious nature of Executive Orders was evident when President Biden revoked this order on April 1, 2021. Advocates applauded the revocation but called for a continuation of investigations into war crimes and crimes against humanity in Palestine and Afghanistan. They urged the United States to reevaluate its relationship with the ICC and matters related to justice in general.
领英推荐
Not only EU citizens data are at risk. From a recent declassified document: "The FBI improperly spied on a US senator, a state senator, and a state-level judge, among others, according to a previously secret court opinion released Friday afternoon.
The freshly declassified April 11 Foreign Intelligence Surveillance Court (FISC) opinion concerns the controversial Section 702 of the Foreign Intelligence Surveillance Act (FISA), which allows the Feds to?snoop?on foreigners' electronic communications."
Some sources: