The European Parliament has asked the Commission to reopen negotiations with the United States and shore up gaps in the Privacy Shield agreement.
A vast majority of MEPs approved a resolution today (26 May) that said the executive still needs to fix the data transfer deal, which allows US authorities to collect EU citizens’ data in bulk in some cases.
The Parliament’s opinion is not binding, but it does increase pressure on the Commission to boost privacy guarantees in the controversial agreement.
The executive came under fire after finishing negotiations over Privacy Shield in February. Critics say the deal will not stand up in the European Court of Justice, which knocked down the predecessor Safe Harbour agreement last October because it did not protect EU citizens’ data once it is sent to the US.
The executive is already running behind schedule – EU Justice Commissioner Vera Jourova and Digital Commissioner Günther Oettinger previously said they want the agreement to go into effect by the end of June. That can only happen after a group of diplomats from EU member states sign their approval.
EurActiv.com previously reported that the diplomats were supposed to vote on Privacy Shield last week. But the group put off its final verdict and scheduled a slew of new meetings through until the end of June.
The Commission says it has already finished negotiating the agreement with US government officials but is still asking for clarification on some points.
The EU executive faces an uphill task. MEPs singled out bigger issues in the agreement that likely cannot be changed quickly, like bulk collection of data and intelligence agencies’ access.
Commission spokesman Christian Wigand said the Parliament asked for realistic changes and not a drastic renegotiation of the agreement.
“We’re working on exactly that in the final stretches,” Wigand said.
But the Parliament’s resolution asked the executive to “fully” take on criticism from national privacy watchdogs in EU member states, who slammed the agreement last month and asked for tighter rules on when US authorities can collect personal data in bulk.
European privacy watchdogs gave a damning verdict of the Privacy Shield, the draft deal for data transfers from the EU to the US, and warned the European Commission to shore up gaps in the new agreement on national security agencies.
Jourova told MEPs the Commission is “clarifying” details to make sure the new privacy ombudsman in the US State Department is independent. The executive is also asking for changes on how long EU citizens’ can be stored in the US after legal advisors said the agreement was not clear enough.
Jourova said she wants to have Privacy Shield “up and running by the summer” – a less precise deadline than the Commission’s previous goal of the end of June.
German MEP Jan Philipp Albrecht (Green) said many of the Parliament’s demands would need US laws to be changed. With only a few months left before a new president takes office, big changes will not meet Jourova’s deadline.
Albrecht submitted an amendment to the Parliament’s resolution asking the Commission to include a sunset clause that would make the Privacy Shield expire after a few years. But the amendment was rejected by a majority of MEPs.
“The bigger groups don’t want to be the ones that are beaten up for this agreement not going into force,” Albrecht said.
The European Commission signed off on a new data transfer agreement with the US today (2 February) to replace the old Safe Harbour agreement.
The US-EU Safe Harbour agreement allowed over 4,000 companies to transfer data from the EU to the US - provided the companies guaranteed the data's security abroad. EU law considers data privacy protections to be inadequate in the US. In October 2015, the European Court of Justice (ECJ) ruled Safe Harbour to be invalid on grounds that government surveillance in the US threatens the privacy of EU citizens' data, and that there is no judicial redress for EU citizens whose data is accessed by state surveillance agencies in the US.
Since the ECJ decision, EU and US negotiators have sped up their talks to strike a new data transfer agreement. European data protection authorities from the 28 EU member states met after the ECJ decision, and asked the Commission to come up with a new deal by the end of January 2016. The data protection authorities are tasked with investigating and deciding on privacy complaints in their own member states.
- Summer 2016: EU Justice Commissioner Vera Jourova wants member states to approve the Privacy Shield agreement
- European Parliament: resolution on Privacy Shield (May 2016)