Balancing National Security and Data Protection: The Role of EU and US Policy‐Makers and Courts before and after the NSA Affair

Abstract: Based on the unparalleled number of recent data protection reforms triggered by Snowden's revelations on both sides of the Atlantic, this article aims to examine the interplay between the two main transatlantic actors striking the balance between national security and privacy, namely EU and US policy‐makers and courts. We argue, on the one hand, that the NSA affair has opened a window to policy‐makers to pursue reforms in order to attain a level of adequacy of their respective data protection legal regimes. On… Show more

“…Following this new US framework, international transfers of data from the EU (via US service providers) to the US will need to be conducted after such a CLOUD Act Agreement is adopted between the EU and the US. Official negotiations between the EU and US will only take place after the eEvidence package, which will regulate the LEA's access to electronic evidence directly from service providers United States v. Microsoft Corp., 138 S. Ct. 1186(2018 112…”

“…However, a closer look at the US-established framework on effective remedies in the context of the Judicial Redress Act (in particular when implementing Article 19 of the US-EU Umbrella Agreement on judicial redress) illustrates that the US did not establish fully aligned rules for the US and not US persons and 'the scope of the judicial redress in US legislation is not exactly equivalent to what US persons and residents enjoy under the Privacy Act'. 129 This way the Judicial Redress Act maintained the two-track system offering different judicial redress mechanisms for US and non-US persons 130 and it remains questionable whether the US regime would meet the EU standards for 'equivalent' protection. 132 One of the main focal points of the new framework is the right to redress and more concretely the creation of a 'new two-tier redress system to investigate and resolve complaints of Europeans on access of data by US Intelligence authorities, which includes a Data Protection Review Court'.…”

The Right to an Effective Remedy In International Data Transfers of Electronic Evidence: Past Lessons and Future Outlook

“…Following this new US framework, international transfers of data from the EU (via US service providers) to the US will need to be conducted after such a CLOUD Act Agreement is adopted between the EU and the US. Official negotiations between the EU and US will only take place after the eEvidence package, which will regulate the LEA's access to electronic evidence directly from service providers United States v. Microsoft Corp., 138 S. Ct. 1186(2018 112…”

“…However, a closer look at the US-established framework on effective remedies in the context of the Judicial Redress Act (in particular when implementing Article 19 of the US-EU Umbrella Agreement on judicial redress) illustrates that the US did not establish fully aligned rules for the US and not US persons and 'the scope of the judicial redress in US legislation is not exactly equivalent to what US persons and residents enjoy under the Privacy Act'. 129 This way the Judicial Redress Act maintained the two-track system offering different judicial redress mechanisms for US and non-US persons 130 and it remains questionable whether the US regime would meet the EU standards for 'equivalent' protection. 132 One of the main focal points of the new framework is the right to redress and more concretely the creation of a 'new two-tier redress system to investigate and resolve complaints of Europeans on access of data by US Intelligence authorities, which includes a Data Protection Review Court'.…”

The Right to an Effective Remedy In International Data Transfers of Electronic Evidence: Past Lessons and Future Outlook

“…The literature has acknowledged the increasingly active role of the EU in internet policies, as illustrated by recent regulatory and policy initiatives in the fields of data governance (Borgogno & Colangelo, 2019), privacy (Ochs et al, 2016;Bennett & Raab, 2020;Laurer & Seidl, 2020), copyright (Meyer, 2017;Schroff & Street, 2018) and cybersecurity (Christou, 2019). Recent research has also investigated the nature and determinants of a 'European approach' in regulating large internet companies and safeguarding competition (Radu & Chenou, 2015), in balancing competing policy objectives such as national security and data protection (Dimitrova & Brkan, 2018), or in promoting its 'digital sovereignty' (Pohle & Thiel, 2020). EU decisions have direct implications for member states, companies and citizens, but also for third countries (Bradford, 2020), as illustrated by the recent reform of the EU data protection framework (Bendiek & Römer, 2018).…”

A step back to look ahead: mapping coalitions on data flows and platform regulation in the Council of the EU (2016-2019)

Counter-Terrorism Resolutions and Initiatives by Regional Institutions: EU and European Court of Human Rights