European Parliament issues negative opinion on the EU-US data transfer arrangement

European Parliament issues negative opinion on the EU-US data transfer arrangement

The European Parliament LIBE Committee has urged the European Commission not to issue an adequacy decision for the EU-US Data Privacy Framework (the “Framework”) – which would allow the free flow of personal data between the EU and US. An adequacy decision means that the EU has assessed and recognises that a country provides an equivalent level of protection for personal data as the EU does.

 

MEPs state that the Framework does not provide sufficient protections and have called for continued negotiations. The Parliament’s concerns include:

 

  • The lack of prohibition on the bulk collection of data;
  • The list of legitimate security objectives, which can override an individual’s privacy rights by allowing for signal intelligence, can be expanded without any additions being subject to public scrutiny and at the President’s discretion;
  • Unlike other third countries, the US does not have a federal data protection regime offering a consistent level of protection for data across the country;
  • Lack of transparency requirements on what personal data is processed which undermines an individual’s right to access or rectification; and
  • The US Data Protection Review Court is part of the executive branch, not the judiciary which raises concerns over the impartiality of such proceedings.

 

The latest development from the European Parliament will come as a blow to many European and American businesses. Many had been hoping that the updates made to the U.S. security regime last year would mean an adequacy decision was forthcoming, allowing for an easing of administrative requirements to satisfy when transferring data between the two jurisdictions.

 

Companies in the UK should keep a close eye on whether the Framework receives an adequacy decision from the European Commission later this year, especially if they have group companies based in the EU. Whilst UK based companies would not be able to rely on an adequacy decision to transfer data to the US a favourable decision for the US would encourage the same approach being taken in the UK who is separately negotiating a US-UK data transfer agreement. If the Framework is not agreed then the UK will likely be more cautious in depending on the US’s apparent protections when looking at whether to make an adequacy decision of its own.

 

See the full draft opinion here.

Recent posts

Previous
Next
Unable to row the distance: No copyright in a rowing machine as a work of artistic craftsmanship (WaterRower v Liking)
Read more
The wait is over – Sky v SkyKick decision handed down today
Read more
Autumn Budget 2024: Headlines
Read more
The Final Word
Read more
The UK's new Data (Use and Access) Bill has been introduced into Parliament
Read more
New reforms but a long wait for change: government publishes Employment Rights Bill draft
Read more
The UK's Data Protection Regulator begins its modernisation plans
Read more
A cautionary tale of lessons learnt in cases involving crypto fraud from D'Aloia v Persons Unknown Category A & Ors [2024]
Read more
‘This is a true story’: A lesson learnt from ‘Baby Reindeer’ for shows dramatising the lives of real people
Read more
Tougher protection on its way for victims of revenge porn
Read more

More from this author

Previous
Next
What businesses should consider before implementing monitoring
Read more
Take note: new guidance on the ICO’s penalties and fines
Read more
Content moderation: the ICO's guide
Read more
ICO focusses on child protection in latest guidance to the games industry
Read more
Government to replace the UK GDPR
Read more

Share this page