Civil Liberties MEPs want EU-US Privacy Shield suspended by September

MEPs want the European Commission to suspend the Privacy Shield agreement by 1 September unless the Trump administration introduces new data protection safeguards. British Socialist MEP Claude Moraes authored a resolution that passed the house's Civil Liberties Committee (LIBE) on Monday (11 June). [European Parliament]

MEPs in the European Parliament’s powerful Civil Liberties Committee (LIBE) want the European Commission to suspend its Privacy Shield agreement with the United States unless the Trump administration introduces data protection safeguards by 1 September, in a move that comes amid mounting transatlantic political tensions.

A thin majority of MEPs voted on Monday evening (11 June) to give the Commission less than three months to secure a tougher deal with Washington. The Parliament resolution is not legally binding but adds pressure to the Commission’s dealings with the US over privacy issues.

Since the agreement took effect in 2016, more than 3,000 companies have signed up in order to transfer their customers’ personal data from the EU to the US.

The EU executive will send a group of experts to the American capital in the autumn for a legal review of the Privacy Shield deal.

But MEPs and the EU’s data protection regulators are losing patience. They have insisted that the Commission require Trump to name a permanent ombudsman to be in charge of responding to EU citizens’ complaints over how their personal data is handled under the agreement. The US administration has so far kept an interim official in that position.

On top of the friction over Privacy Shield, the Commission is currently attempting to negotiate a separate arrangement with the US Department of Justice that would give European and American prosecutors quick access to data from digital service providers like email hosts and communication apps including WhatsApp, regardless of whether the data is held in the US or in an EU country.

MEPs argue that the Commission must discontinue the Privacy Shield deal because the US has failed to meet requirements in the GDPR, the strict new EU data protection regulation that took effect on 25 May. The law specifies that special data sharing arrangements with countries outside the EU can only remain in place if those countries have independent authorities overseeing how Europeans’ data is handled once it moves abroad.

Claude Moraes, the British Socialist MEP who authored the committee’s report, said, “the Privacy Shield in its current form does not provide the adequate level of protection required by EU data protection law and the EU Charter”.

“It is therefore up to the US authorities to effectively follow the terms of the agreement and for the Commission to take measures to ensure that it will fully comply with the GDPR,” he added.

Commission conducting review of all foreign data transfer deals

The European Commission is reviewing the 12 data transfer agreements it has with countries outside the bloc, as part of a scrutiny process that could potentially result in the deals being axed.

It was a close vote on Monday evening, with 29 MEPs approving the deal, 25 against and 3 who abstained.

Sophie in ‘t Veld, a Dutch Liberal MEP, lodged the amendment calling for the 1 September cutoff on the deal.

But MEPs from the centre-right European People’s Party (EPP), the Parliament’s largest political group, rejected the resolution because they do not want the Commission to suspend the Privacy Shield deal.

Axel Voss, a German EPP lawmaker, said in a statement on Tuesday morning, “With such a text, the Socialists, Greens and Liberals are undermining the essential basis for the functioning of a tool which benefits thousands of European companies and protects the data of European citizens. The question we must ask is: would revoking the Privacy Shield really benefit anyone?”

Commission legal experts met with US officials last October for the first review of the agreement, which took effect in summer 2016. The EU executive vowed to conduct a similar assessment with their American counterparts every year.

EU Justice Commissioner Vera Jourová said after the October meeting that there were enough privacy safeguards for the deal to remain in effect. But she also listed a number of concerns and said she would prefer if the Trump administration created binding legislation spelling out limitations for government surveillance programmes.

Commission spokesman Christian Wigand said on Tuesday in response to the Parliament vote, “The Commission is working with the US administration and expects them to address the EU concerns. Commissioner Jourová was in the U.S. last time in March to engage with the U.S. government on the follow-up and discussed what the U.S. side should do until the next annual review in autumn”.

“Commissioner Jourová also sent letters to US State Secretary Pompeo, Commerce Secretary Ross and Attorney General Sessions urging them to do the necessary improvements, including on the Ombudsman, as soon as possible. We will continue to work to keep the Privacy Shield running and ensure European’s data are well protected,” Wigand added.

The Privacy Shield agreement has remained at the centre of controversy since before it was approved in 2016—after its predecessor, the Safe Harbour agreement, was knocked down by a bombshell European Court of Justice decision the year before. Privacy campaign groups have already filed complaints against the new agreement with the top court.

Tech industry slams data watchdogs over damning privacy shield report

A major technology industry association has lashed out at national data protection regulators for a critical report on the EU’s privacy shield data agreement with the United States.

Subscribe to our newsletters