The EU Commission must ensure that the EU - US Privacy Shield for data transfers for commercial purposes provides sufficient personal data protection to comply with the Charter of Fundamental Rights and the new EU data protection rules, said Civil Liberties Committee MEPs voting a resolution on Thursday. The first joint annual review of the Privacy Shield framework is expected this summer.
“The Civil Liberties Committee resolution adopted today sends a clear message that, while the Privacy Shield contains significant improvements compared to the former EU-US Safe Harbour, key deficiencies remain to be urgently resolved”, said Civil Liberties Committee Chair Claude Moraes after the vote.
“Both citizens and tech companies relying on transatlantic data flows need the certainty of a robust legal framework and our text calls on the Commission to conduct a proper assessment to ensure this certainty”, he added.
Among the remaining concerns that MEPs list are:
- the lack of specific rules on automated decision-making or the general right to object, and the lack of clear principles on how the Privacy Shield Principles apply to data processors,
- that “bulk surveillance” remain possible as regards national security and surveillance,
- that neither the Privacy Shield Principles nor letters from the US administration demonstrate the existence of effective judicial redress rights for individuals in the EU whose personal data are transferred to the US, and
- the Ombudsperson mechanism set up by the US Department of State is not sufficiently independent and is not vested with sufficient effective powers to carry out its duties.
MEPs also express alarm at recent revelations about surveillance activities conducted by a US electronic communications service provider at the request of the NSA and FBI as late as 2015, one year after the Presidential Policy Directive 28 was adopted, and insist that the Commission seeks full clarification from the US authorities.
The Commission should also immediately assess whether new US rules approved in January 2017 allowing the NSA to share vast amounts of private data, gathered without warrant, court orders or congressional authorisation, with 16 other agencies, including the FBI, are compatible with the commitments made by US authorities under the Privacy Shield, they say.
The resolution was passed by 29 votes to 25, with 1 abstention.
The resolution is expected to be voted by Parliament as a whole in April.