Regarding the Data Protection Review Court

The U.S. Department of Justice, in November:

Last October, the Attorney General issued regulations creating the DPRC [Data Protection Review Court] within the Office of Privacy and Civil Liberties at the Department of Justice. The DPRC serves as the second level of the new redress process established by the President through Executive Order 14086, which also strengthened other safeguards for U.S. signals intelligence activities. […]

This court was established after the U.S. passed the CLOUD Act in early 2018, just before the E.U.’s GDPR was to take effect. This was pointed out in a July 2020 Forbes article by Robert E.G. Beens, CEO of Startpage, who goes on to write:

The U.S. economic center of gravity is Silicon Valley. When you think about all the personal data that big tech companies can provide to U.S. government intelligence agencies, it’s not surprising that there was a “long history of close cooperation” between them and intelligence agencies’ offices.

I believe many big tech companies have an immense economic interest in making sure any online privacy regulations are weak and do not limit their business models too much because knowledge, to them, can also equal power.

I stumbled upon this article via a February 2023 Lawfare piece by Paul Rosenzweig, who linked to it in this paragraph:

The DPRC addresses a long-standing grievance among Europeans, who for years have said that they lack an adequate review and redress process for alleged privacy violations by the U.S. government and, most particularly, by the intelligence community. Though many think those complaints overstated, Biden’s executive action nonetheless constituted an effort to mitigate the charge.

Clearly, that is not Beens’ perspective, and a gross distortion of what was argued in that Forbes piece. Nevertheless, Rosenzweig does write about a curious consequence of the DPRC and which complaints against intelligence gathering operations it allows:

A fair assessment of the DPRC must also recognize that, in at least one way, its status as an executive body may be a net benefit to European complainants. This is because Europeans will have standing to bring their challenges and have them heard on the merits. Americans in American courts will not.

Rosenzweig cites Clapper v. Amnesty International establishing the inability to find standing for Americans to sue over mass surveillance by the U.S. government. You can learn more about that case over on the Five–Four podcast.

Alfred Ng and John Sakellariadis, Politico:

The court’s location is a secret, and the Department of Justice will not say if it has taken a case yet, or when it will. Though the court has a clear mandate — ensuring Europeans their privacy rights under U.S. law — its decisions will also be kept a secret, from both the EU residents petitioning the court and the federal agencies tasked with following the law. Plaintiffs are not allowed to appear in person and are represented by a special advocate, appointed by the U.S. attorney general.


“90 percent of the cases will never even see that court,” [Max] Schrems said of the DPRC. “If [intelligence agencies] do their jobs well, no one is even going to bring a case because they wouldn’t know they’re under surveillance.”

The secrecy of this court is, much like that of the Foreign Intelligence Surveillance Court, a legal and civil rights nightmare waiting to happen. I cannot see that it matters whether one is more worried about the implications it may have on U.S. law or E.U. citizens, the secrecy is the problem.