Restrictions on National Security Agency's surveillance capabilities tightened by the recently passed USA Freedom Act
In a series of recent developments, the United States has seen changes to its data privacy framework, particularly regarding the National Security Agency (NSA) and cellphone and Internet data collection. These amendments, known as the RISAA reforms, have expanded government surveillance powers under Section 702 of the Foreign Intelligence Surveillance Act (FISA), while also introducing enhanced privacy safeguards.
The RISAA reforms have expanded the definition of "foreign intelligence information," increased FBI training, and heightened oversight of sensitive queries, including those involving political and media figures. However, critics argue that oversight remains flawed, with calls for stronger congressional and judicial review before Section 702's expiration in 2026.
These U.S. surveillance developments have significant implications for the European Union's data privacy regime. The EU's General Data Privacy Regulation (GDPR) mandates stringent privacy protections and only allows personal data transfers to countries that uphold equivalent privacy safeguards. The EU has consistently expressed concerns about U.S. intelligence access to European data and has previously invalidated transatlantic data transfer frameworks such as Safe Harbor and Privacy Shield due to insufficient U.S. protections.
The recent U.S. legislative adjustments to NSA surveillance do increase privacy oversight but have not fundamentally resolved EU concerns about government access to personal data. This continues to impact transatlantic data flows and legal privacy regimes.
Meanwhile, the EU's Highest Court has invalidated the EU-US Safe Harbor, adding to the pressure on the U.S. to tighten up its privacy laws. The case in the Irish High Court in Dublin is part of a saga in European courts over whether Europeans' personal information is adequately protected when moved to the U.S. by companies like Facebook and Google.
In a separate development, Edward Snowden, a former NSA contractor, has been granted Russian citizenship by President Putin. This decision will put more pressure on the U.S. to address its privacy concerns, as Snowden's case is part of a broader debate about US privacy protections and surveillance policies.
While the USA Freedom Act, signed by President Obama on Tuesday, bans bulk collection of U.S. cellphone and Internet data by the NSA, it does not address the NSA's collection of foreign Internet data from U.S. sources. The fragmented nature of U.S. state privacy laws contrasts with the EU's unified GDPR, complicating U.S.-EU privacy alignment amid NSA surveillance issues.
In summary, the U.S. NSA data collection reforms (RISAA) add safeguards but expand surveillance powers under FISA Section 702 with imperfect oversight, pending further congressional action by 2026. The EU's GDPR enforces strict data protections and limits transfers to countries with equivalent privacy standards; longstanding concerns over U.S. government data access persist, influencing EU data transfer approvals and regimes. Fragmented U.S. state privacy laws contrast with the EU's unified GDPR, complicating U.S.-EU privacy alignment amid NSA surveillance issues.
- The recent U.S. policy-and-legislation changes, such as the RISAA reforms and the USA Freedom Act, have introduced enhanced privacy safeguards but have not completely addressed EU concerns about government access to personal data, which significantly impacts transatlantic data flows and legal privacy regimes.
- The ongoing debate about US privacy protections and surveillance policies, exemplified by the Snowden case and the fragmented nature of state privacy laws, puts pressure on the U.S. to align with the European Union's general-news regulations like the GDPR, which enforces strict data protections and limits transfers to countries with equivalent privacy standards.
