Members of the European Parliament (MEPs) are calling on the European Commission to block the proposed EU-U.S. Data Privacy Framework, citing concerns about the U.S. government’s surveillance practices and its data protection regime. The proposed agreement is intended to replace the invalidated Safe Harbor and Privacy Shield agreements, which had allowed for the transfer of personal data between the two jurisdictions.
In a draft opinion, the Parliamentary Committee on Civil Liberties, Justice and Home Affairs expressed concerns about the U.S. government’s collection and processing of personal data, including its use of mass surveillance, and the lack of effective redress mechanisms for individuals. The resolution also criticized the U.S. for failing to provide adequate protection for the personal data of non-U.S. citizens.
The opinion calls on the European Commission to ensure that any future data transfer agreement with the U.S. provides “adequate and enforceable” protections for the privacy and data protection rights of EU citizens, and that the U.S. is held to the same standards as the EU in this regard.
The context
Safe Harbor and Privacy Shield were two data transfer agreements that allowed for the transfer of personal data between the EU and the U.S. These agreements were designed to ensure that personal data was protected when it was transferred across borders, and to provide a legal framework for businesses to transfer data between the two regions.
The Safe Harbor agreement was in place from 2000 to 2015, when it was invalidated by the European Court of Justice (ECJ) due to concerns about the U.S. government’s surveillance practices and the lack of effective legal remedies for EU citizens whose data had been misused. The ECJ ruled that Safe Harbor did not provide adequate protection for personal data, particularly with respect to the U.S. government’s surveillance practices.
Privacy Shield was intended to replace Safe Harbor and was in place from 2016 to 2020, when it was also invalidated by the ECJ for similar reasons. The ECJ found that Privacy Shield did not provide adequate protection for personal data when it was transferred to the U.S. and did not ensure that individuals had effective legal remedies if their data was misused.
Effect on businesses
The invalidation of these agreements left many businesses in a difficult position, as they had relied on them to transfer personal data between the EU and the U.S. The two superpowers have been working to establish a new data transfer agreement that meets the requirements of the EU’s General Data Protection Regulation (GDPR) and provides adequate protection for personal data.
The MEPs’ opposition adds to the challenges facing the EU and U.S. as they seek to establish a new data transfer agreement. Negotiations are ongoing, with both sides expressing a desire to find a solution that meets the needs of both individuals and businesses on both sides of the Atlantic. It remains to be seen how the European Commission will respond to the MEPs’ draft opinion and what impact it will have on the negotiations.