Suspend EU-US data exchange deal, unless US complies by 1 September, say MEPs

 Jul 7, 2018 9:00 AM
by Derek Lackey

MEPs call on the EU Commission to suspend the EU-US Privacy Shield as it fails to provide enough data protection for EU citizens.

The data exchange deal should be suspended unless the US complies with EU data protection rules by 1 September 2018, say MEPs in a resolution passed on Thursday by 303 votes to 223, with 29 abstentions. MEPs add that the deal should remain suspended until the US authorities comply with its terms in full.

Data breaches and the Privacy Shield

Following the Facebook-Cambridge Analytica data breach, MEPs emphasize the need for better monitoring of the agreement, given that both companies are certified under the Privacy Shield.

MEPs call on the US authorities to act upon such revelations without delay and if necessary to remove companies that have misused personal data from the Privacy Shield list. EU authorities should also investigate such cases and if appropriate, suspend or ban data transfers under the Privacy Shield, they add.

MEPs are worried that data breaches may pose a threat to democratic processes if data is used to manipulate political opinion or voting behaviour.

Concern over new US law 

MEPs are also worried about the recent adoption of the Clarifying Lawful Overseas Use of Data Act (CLOUD Act), a US law that grants the US and foreign police access to personal data across borders.

They point out that the US law could have serious implications for the EU and could conflict with EU data protection laws.

Quotes 

Civil Liberties Committee Chair and rapporteur Claude Moraes (S&D, UK) said: "This resolution makes clear that the Privacy Shield in its current form does not provide the adequate level of protection required by EU data protection law and the EU Charter. Progress has been made to improve on the Safe Harbor agreement but this is insufficient to ensure the legal certainty required for the transfer of personal data.”

"In the wake of data breaches like the Facebook and Cambridge Analytica scandal, it is more important than ever to protect our fundamental right to data protection and to ensure consumer trust. The law is clear and, as set out in the GDPR, if the agreement is not adequate, and if the US authorities fail to comply with its terms, then it must be suspended until they do.”

Background

The Privacy Shield is...

Read The Full Release

REPORT FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL on the first annual review of the functioning of the EU–U.S. Privacy Shield