Go back to the Europarl portal

Choisissez la langue de votre document :

  • bg - български
  • es - español
  • cs - čeština
  • da - dansk
  • de - Deutsch
  • et - eesti keel
  • el - ελληνικά
  • en - English (Selected)
  • fr - français
  • ga - Gaeilge
  • hr - hrvatski
  • it - italiano
  • lv - latviešu valoda
  • lt - lietuvių kalba
  • hu - magyar
  • mt - Malti
  • nl - Nederlands
  • pl - polski
  • pt - português
  • ro - română
  • sk - slovenčina
  • sl - slovenščina
  • fi - suomi
  • sv - svenska
Parliamentary questions
PDF 101kWORD 24k
18 March 2016
Question for written answer E-002302-16
to the Commission
Rule 130
Sophia in 't Veld (ALDE)

 Subject:  EU-US Privacy Shield framework and processing for incompatible purposes
 Answer in writing 

The current Data Protection Directive (95/46/EC) lists unambiguous consent as one of the legal bases for processing personal data for a specific purpose. Further processing for incompatible purposes would require a new legal basis. The EU-US Privacy Shield Principles offer (in 2a on Choice) the possibility of further incompatible processing on the basis of an opt-out. Under the future General Data Protection Regulation (GDPR), unambiguous consent can no longer be fulfilled by an opt-out, owing to the requirement of ‘affirmative action’.

Does the Commission agree that an opt-out will not suffice to establish consent under the future GDPR? If not, why not?

Does it consider the Privacy Shield Principles on Choice allowing for an opt-out for further incompatible processing to be a lower threshold compared with the GDPR requirements for further incompatible processing for non-Privacy Shield companies?

Does it consider that this situation creates a loophole for Privacy Shield companies to avoid the stricter rules under the GDPR? If not, why not? If so, why would that be justified?

Legal notice - Privacy policy