Today the European Parliament has voted on a resolution concerning the “EU-US Privacy Shield”. This is a mess.
Transfer of personal data from the EU to the US used to be regulated under the so-called Safe Harbour Agreement, aiming at protecting our data when transferred to the US. But actually, this agreement was too vague, rather pointless and possible to circumvent. Finally, the European Court of Justice (ECJ) invalidated it, finding that it violated citizens right to privacy.
So work started to replace Safe Harbour with the EU-US Privacy Shield. In the process, the EU has stated that there is a new agreement, even though we are nowhere close to a final document. The EU and the US are very eager to push for this new agreement, to benefit Big Data in the US. But the concern is that this new agreement will not treat EU citizens personal data in a responsible way, disregard our right to privacy and that it might be Safe Harbour all over again.
One core question is if the US Patriot Act and the new USA Freedom Act should have precedence over EU data protection.
Today the European Parliament had a say, in a non-binding resolution. The press release:
In the resolution, passed by 501 votes to 119 with 31 abstentions, MEPs welcome the efforts of the Commission and the US administration to achieve “substantial improvements” in the Privacy Shield compared to the Safe Harbour decision which it is to replace.
However, they also voice concern about “deficiencies” in the proposed new arrangement negotiated by the Commission, notably:
• the US authorities’ access to data transferred under the Privacy Shield,
• the possibility of collecting bulk data, in some cases, which does not meet the criteria of “necessity” and “proportionality” laid down in the EU Charter of Fundamental Rights,
• the proposed US ombudsperson, a new institution that MEPs accept is a step forward, but believe to be neither “sufficiently independent”, nor “vested with adequate powers to effectively exercise and enforce its duty”, and
• the complexity of the redress mechanism, which the Commission and US administration need to make more “user-friendly and effective”, MEPs say.
Parliament stresses that the Privacy Shield framework gives EU member state’s data protection agencies a prominent role in examining data protection claims and notes their power to suspend data transfers. It also notes the obligation placed upon the US Department of Commerce to resolve such complaints.
Finally, MEPs call on the Commission to conduct periodic “robust reviews” of its decision that Privacy Shield protection is adequate, particularly in the light of experience with the new EU data protection rules which are to take effect in two years.
In other words, the EU and the US are far from a complete and acceptable agreement.
Green home affairs and data protection spokesperson Jan Philipp Albrecht said:
The proposed ‘Privacy Shield’ framework does not seem like a viable long-term solution. It seems highly questionable that this new framework addresses the concerns outlined by the European Court of Justice in ruling the Safe Harbour decision illegal. The European Commission cannot issue a blank check for the transfer of European citizens’ data to the US. Instead, it has to continue to insist on improvements to the level of data protection.
At the same time the centre-right group, EPP, is impatient to have a new agreement in place – seemingly without having the same concerns over privacy and data protection.
The EPP Group’s Spokesman on the issue, Axel Voss MEP, warned against any attempt to torpedo the finalisation of the Privacy Shield, listing benefits to European consumers and SMEs alike: “Free cross-border data flows between the EU and the US are of paramount importance for our economies, trade and investment. Data flows are a key element for the competitiveness of business. Therefore the EPP Group welcomes the conclusion of the negotiations between the EU and the US on this topic.”
Now, we will have to wait to see what the European Commission makes of this.
/ HAX
Links:
• European Parliament: EU-US “Privacy Shield” for data transfers: further improvements needed, MEPs say »
• Greens-EFA: EU-US ‘Privacy Shield’ data exchange »
• EPP: EU-US data flows: urgent implementation of Privacy Shield needed »
• Ars Technica: EU data protection chief: We have serious concerns about Privacy Shield »
Previous posts on The EU-US Privacy Shield: 1 | 2 | 3 | 4 | 5
See an interview with Max Scherms, who took Safe Harbour to the European Court of Justice »
No comments yet.