US government surveillance in the context of EU data protection law

read titleRead full title
Published on LexisPSL on 12/11/2020

The following Risk & Compliance Q&A provides comprehensive and up to date legal information covering:

  • US government surveillance in the context of EU data protection law
  • Section 702 of FISA
  • EO 12333
  • Legal challenges to Section 702 of FISA
  • Transparency reports

In Data Protection Commissioner v Facebook Ireland and Maximillian Schrems, Case C-311/18 (Schrems II), the Court of Justice of the European Union (CJEU) invalidated the EU-US Privacy Shield based on the potential interference with data subject rights caused by US government surveillance carried out under Section 702 of Foreign Intelligence Surveillance Act (FISA) and Executive Order 12333 (EO 12333). In its decision, the CJEU also referred to PRISM and UPSTREAM, two surveillance programs revealed following Edward Snowden’s leaks in 2013. This Q&A, by Richard Lawne, associate in the Privacy, Security and Information team at Fieldfisher, provides a brief overview of the surveillance regimes referred to by the CJEU in its decision. It does not address all of the surveillance activities carried out by the US government or the laws governing law enforcement requests (like the CLOUD Act).

Section 702 of FISA

The Foreign Intelligence Surveillance Act (FISA) was enacted in 1978 to regulate US governmental electronic and physical surveillance of communications for foreign intelligence purposes. It has been amended, strengthened and reformed a number of times, including by the USA Patriot Act, the FISA Amendments Act and the USA FREEDOM Act.

FISA authorises government surveillance through various means: electronic surveillance, physical searches, pen register and trap and trace surveillance and business record searches. All FISA activities are overseen by the Foreign Intelligence Surveillance Court (FISC), which sits

Related documents:

Popular documents