In September, the US Department of Commerce published a White Paper on "Information on U.S. Privacy Safeguards Relevant to SCCs and Other EU Legal Bases for EU-U.S.Data Transfers after Schrems II". In view of the issues of concern to the CJEU in Schrems II (decision of 16 July 2020 in case C-311, CRi 2020, p. 109-121), this White Paper provides not only a concise discussionof the complex area of U.S. law and practice relating to government access to data for national security purposes, but also some initial observations concerning its relevance for a company's analysis.

Key Points:

"(1) Most U.S. companies do not deal in data that is of any interest to U.S. intelligence agencies, and have no grounds to believe they do. They are not engaged in data transfers that present the type of risks to privacy that appear to have concerned the ECJ in Schrems II.

(2) The U.S. government frequently shares intelligence information with EU Member States, including data disclosed by companies in response to FISA 702 orders, to counter threats such as terrorism, weapons proliferation, and hostile foreign cyber activity. Sharing of FISA 702 information undoubtedly serves important EU publicinterests by protecting the governments and people of the Member States.

(3) There is a wealth of public information about privacy protections in U.S. law concerning government access to data for national security purposes, including information not recorded in Decision 2016/1250, new developments that have occurred since 2016, and information the ECJ neither considered nor addressed. Companies may wish to take this information into account in any assessment of U.S. law post-Schrems II."

Table of Contents:

1. Companies Not Disclosing Data to U.S. Intelligence Agencies ... p. 2

2. Companies Relying on the GDPR’s “Public Interest” Derogation ... p. 3

3. Companies Relying on Standard Contract Clauses ... p. 6

4. FISA 702 ... p. 6

• The Supervisory Role of the FISC over Individual Targeting Decisions ... p. 6
• Individual Redress for Violations of FISA 702 ... p. 12
• FISA 702 Privacy Safeguards Added Since 2017 ... p. 14
• “Essential Equivalence" ... p. 15

5. Executive Order 12333 ... p. 16

6. Conclusion ... p. 22

U.S. Department of Commerce, "Information on U.S. Privacy Safeguards Relevant to SCCs and Other EU Legal Bases for EU-U.S.Data Transfers after Schrems II", White Paper, September 2020

U.S. Department of Commerce, "Letter from Deputy Assistant Secretary James Sullivan on the Schrems II Decision", September 2020