The European Commission is facing challenges on another EU-US data sharing deal: the Parliament legal service and MEPs argued the so-called Umbrella Agreement doesn’t comply with EU law.
A European Parliament legal advisor expressed doubts yesterday evening (15 February) about the Commission’s pending Umbrella Agreement on personal data transfers to the US for law enforcement purposes.
MEPs in the Civil Liberties, Justice and Home Affairs (LIBE) Committee also criticised the agreement, which has been awaiting a green light from the Commission and the US government since the two sides struck a deal last September.
The Commission is already under pressure for its EU-US Privacy Shield, a separate privacy agreement for transferring commercial data to the US. Critics have vowed to challenge that deal in the European Court of Justice, which knocked down its predecessor, the Safe Harbour agreement four months ago.
The Umbrella Agreement was set up to allow data to be transferred from the EU to the US government for law enforcement use.
Parliament legal advisor Dominique Moore told LIBE MEPs yesterday that there is “clearly a gap between what EU law requires” and the data protection guarantees offered by the Umbrella Agreement.
The executive has held off on rubber stamping the Umbrella Agreement until the Judicial Redress Act was passed by the US Congress. Judicial Redress, another piece of the Commission’s multi-pronged data transfer package with the US, would give EU citizens the right to challenge how their data is used in US courts. That deal was passed by the US Senate last week.
The criticism from the Parliament comes as a last-ditch warning before the Commission could sign off on the new data sharing agreement for law enforcement.
An opinion from the Parliament’s legal service called the Umbrella Agreement “not compatible with primary EU law and the respect for fundamental rights”, according to the version leaked yesterday by NGO Statewatch.
Moore told LIBE MEPs that the Umbrella Agreement would act as a kind of adequacy agreement with the US and could therefore override secondary EU legislation, including the new EU-wide data protection laws that were passed in December.
The agreement would break EU law by only guaranteeing citizens of member states the right to legal redress if US law enforcement agencies misuse their data, Moore argued.
Francisco J. Fonseca Morillo, Deputy-Director General of DG Justice, dismissed that claim. Morillo called the Judicial Redress Act an “unprecedented act by the US Congress” and said “to consider the extent of such an improvement as not the maximum and thus make the Umbrella Agreement illegal is difficult to understand”.
Officials clashed over the details of the Umbrella Agreement in an hour-long debate, with European Data Protection Supervisor Giovanni Buttarelli, rebuffing the European Commission’s argument that all EU residents could have judicial redress as too ambiguous.
“Everyone in the EU should have the right to judicial redress. Not only EU nationals,” Buttarelli told MEPs.
A Commission source told EURACTIV the EU executive is not considering making changes to the Umbrella Agreement since it was initialed by EU and US lawmakers last year.
Several MEPs blasted the agreement for not safeguarding the right of all EU residents—including those who are not EU citizens—to challenge how their data is handled in the US.
“With the kind of candidates and the appointments of a new Supreme Court judge, I want 100% reassurance for the rights of my citizens,” said Dutch ALDE MEP Sophie in ‘t Veld (D66), referring to the US presidential campaign that is now underway.
German S&D MEP Birgit Sippel (SPD) said, “I’m not convinced that this text does not lead to a kind of adequacy ruling.”
