This post was originally published by about:intel, and is reprinted here with the permission of same. 11. June 2021 Recent reports of Danish intelligence cooperating with the U.S. National Security Agency in monitoring undersea cables in 2012-14 have briefly pushed Edward Snowden’s revelations back into the news, but the more significant development is change in the legal landscape for bulk surveillance on both sides of the Atlantic.  While the United States government has definitively discontinued a controversial telecommunications metadata collection program exposed by Snowden, European governments have received a mostly green light from the Court of Justice of the European Union (CJEU) to continue their own bulk metadata programs for national security purposes.  With transatlantic commercial data transfers endangered by the CJEU’s Schrems II judgment on U.S. surveillance law last year, it’s time to ask whether the transatlantic gulf in this area is still as big as commonly thought.

This post was originally published by the Atlantic Council in its New Atlanticist blog, and is reprinted here with the permission of the Council: Do continued EU data flows to the United Kingdom offer hope for the United States? - Atlantic Council. As the Biden administration and the European Commission “intensify” negotiations to re-establish a stable transatlantic data-transfer framework, Brussels separately is moving ahead to enable unrestricted data flows with two other major trading partners: the United Kingdom and the Republic of Korea.

Data localization was a prominent theme among the nearly 200 comments submitted to the European Data Protection Board (EDPB) in response to its November, 2020 draft Guidance (the “Guidance”) about transferring personal data from the EU to third countries.[1] Based on a review of all the comments,[2] approximately 25% of the nearly 200 comments submitted to the EDPB expressed concern that the Draft Guidance would result, in practice, in data localization. Slightly more than 10% of the comments spoke explicitly to the concern that the application of the EDPB Draft Guidance released in 2020 would result in data localization, in law, in practice, or both. Nearly an additional 15% of the submissions include language describing similar concepts without using the term data localization – such as return the EU commerce and society to a “pre-internet era,” [3] transform the EU into a “digital island,” [4] and “balkanize global data flows.”[5]

Part 2: On Double Standards and the Way Forward In Part 1 of this article, published here, I explained how the US government tries to exclude Executive Order 12333 and international surveillance from the scope of the EU/US adequacy negotiations and I presented four possible responses to the US arguments. In this second Part, I will enter into a critical approach of the EU position on the relevance of the ECHR and I will argue that the US could reasonably put forward an equally strong and legitimate number of counter-arguments. I will also present a series of thoughts and proposals that could help to get out of this mess without endangering the continuity of protection of EU personal data required by the GDPR.

Part 1: Countering the U.S. Arguments As the United States (US) and the European Union (EU) “intensify” negotiations to reach a new adequacy decision following the invalidation of Privacy Shield by the Court of Justice of the European Union (CJEU) in its July 16, 2020 Schrems II judgment (discussed here, here and here), one pressing question is what should be included and what should be excluded from the scope of the negotiations. It went unnoticed, but the US submissions to two recent European public consultations (one by the European Commission and another one by the European Data Protection Board (EDPB)) on post-Schrems II developments provide a glimpse of what could become a thorny issue during the ongoing EU-US negotiations for a successor to Privacy Shield.

The Cross-Border Data Forum is pleased to announce the appointment of Kenneth Propp as a Senior Fellow. Kenneth Propp teaches European Union Law at Georgetown University Law Center.  He also serves as a Senior Fellow with the Europe Center at the Atlantic Council in Washington, D.C., specializing in transatlantic digital policy issues.   From 2016-2018, Mr. Propp was director of trade policy for BSA | The Software Alliance, an association of major software companies.  From 2011-2015, he served as Legal Counselor at the U.S. Mission to the European Union in Brussels, Belgium, where he led local engagement with the EU on digital and privacy matters, including the General Data Protection Regulation and the U.S-EU Privacy Shield negotiations.  Prior to that, he served as a senior lawyer in the Office of the Legal Adviser, U.S. Department of State, where he negotiated a series of U.S.-EU data transfer agreements ranging from mutual legal assistance to passenger name records to financial transaction data.