The transatlantic data privacy framework : Schrems II, GDPR and American national security

Abstract

This dissertation assesses the problems of the EU-U.S. Transatlantic Data Privacy Framework in terms of Schrems II, the GDPR, and American National Security. Schrems II provided inadequate legal criteria for guidelines on U.S. mass surveillance. The GDPR, with Article 23, put Member States’ national security outside of its guidelines, which allows national security agencies to violate the privacy rights and data protections that are guaranteed under the GDPR. This creates a massive double standard with how the GDPR treats Member States and how it treats the United States on national security. American national security raises the problem of President Joe Biden’s legally ambiguous language in Executive Order 14086. The Executive Order uses the language of Schrems II, but in the context of the U.S. Constitution and U.S. law. The Commission accepted Executive Order 14086 at face value. There is a question of whether the United States is truly sincere or merely disingenuous on mass surveillance oversight and EU citizens’ rights for legal restitution. The research includes case studies of the foreign intelligence surveillance practices of Germany and France compared to the foreign intelligence surveillance practices of the United States. A qualitative analysis of the U.S. Department of Justice’s Implementing Decision, the European Court of Human Rights’ decisions on mass surveillance, the Commission’s Implementing Decision, President Joe Biden’s Executive Order 14086, and Harvard Law Review’s legal assessment of the Schrems II decision. Findings suggest that the Schrems II decision is incredibly vague allowing for the real possibility of Schrems III. President Biden’s Executive Order is probably sincere. The Department of Justice and the European Court of Human Rights agree on the existence of illegal mass surveillance by Member States. The German and French signal intelligence agencies operate outside of a legal framework much more than the United States’ signal intelligence agencies. Nevertheless, the United States and the European Union came to an important agreement on a Data Privacy Framework. When Max Schrems sues again, the Court of Justice of the European Union should respectfully decline the case. This study is dedicated in loving memory of my mother, Ruth E. Watry (1931-2015), who as the greatest teacher in my life encouraged me in my lifelong passion for learning.