“Who guards the guards” is a critical question in any civil society, and no issue captures this concern more, at least at this point in history, than skepticism over surveillance by the United States government. The purpose of this white paper is not to argue for the validity or invalidity of any particular surveillance mechanism, but rather to provide a neutral, unclassified summary of the law and authorities in this area.

The purpose of this is twofold. First, the “Schrems II” decision focuses more attention on the surveillance activities of the U.S. government, and as companies assess the adequacy of data transfers to the U.S., they should try to understand the law of surveillance, which was an important consideration in the case. This analysis is all the more important in light of the recent FAQ document issued by the European Data Protection Board.

Second, as the U.S. and European Union consider how to address the broader policy issues of data transfers, given the critical nature of the trans-Atlantic data flow, removing confusion and having clarity about the U.S. surveillance regime can only help the process try to avoid creating a mechanism that will only later be invalidated.