The Congressional Research Service ('CRS') released, on 26 August 2022, a report entitled 'The EU-U.S. Data Privacy Framework: Background, Implementation, and Next Step'. In particular, the report explains the background of the signing, on 7 October 2022, of the Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities ('the EO') by U.S President, Joseph Biden, as a consequence of the Court of Justice of the European Union ('CJEU') ruling in Data Protection Commissioner v. Facebook Ireland Limited, Maximillian Schrems (C-311/18) ('Schrems II Case'). Furthermore, the report highlights one outstanding question on which exact obligations will govern commercial entities. Additionally, the CRS noted that as the CJEU's decision rejecting the Privacy Shield relied on the insufficiency of safeguards in connection with US intelligence operations, rather than obligations imposed on commercial entities, the Privacy Shield's obligations will likely remain in place for commercial participants, with the White House and Department of Commerce both indicating as much.

Lastly, the report explains that the EO and implementation of the new European Union - U.S. Data Privacy Framework may raise several issues of potential congressional interest, and that the CJEU may determine that the safeguards provided for in the EO are insufficient to satisfy the court's concerns with US surveillance.

You can read the report here.