New rules allowing the US National Security Agency (NSA) to share private data with other US agencies without court oversight, recent revelations about surveillance activities by a US electronic communications service provider and vacancies on US oversight bodies are among the concerns raised by MEPs in a resolution passed on Thursday.
In the resolution, adopted by 306 votes to 240, with 40 abstentions, MEPs call on the EU Commission to conduct a proper assessment and ensure that the EU-US “Privacy Shield” for data transferred for commercial purposes provides enough personal data protection for EU citizens to comply with the EU Charter of Fundamental Rights and new EU data protection rules. The first annual review of the Privacy Shield framework is expected in September.
"This resolution aims to ensure that the Privacy Shield stands the test of time and that it does not suffer from critical weaknesses”, said Civil Liberties Committee Chair Claude Moraes (S&D, UK). “We acknowledge the significant improvements made compared to the former EU-US Safe Harbour, but there are clearly deficiencies that remain to be urgently resolved to provide legal certainty for the citizens and businesses that depend on this agreement”, he added.
MEPs are particularly worried about:
The Privacy Shield is the successor to the 2000 Safe Harbour decision, which was invalidated by an EU Court of Justice ruling of 6 October 2015 (Schrems case).
The EU Commission responded by negotiating the new Privacy Shield arrangement to ensure “adequate” protection of personal data transferred and stored by companies in the US. This new framework for EU-US data transfers was adopted in July 2016. So far, more than 1,900 companies have joined the scheme.
Procedure: non-legislative resolution