European Parliament questions adequacy of EU-U.S. Privacy Shield

On 11 June, the European Parliament’s Civil Liberties (LIBE) Committee adopted a motion for a Resolution on the adequacy of the protection afforded by the EU-US Privacy Shield.

Context of political tension

This motion for a resolution is a direct response to the Facebook-Cambridge Analytica data breach, and MEPs are calling on the US authorities to act upon such revelations without delay and (if need be) remove companies that have misused personal data from the Privacy Shield list.

Content of the Resolution

• calls for the EU Commission to take the necessary measures to ensure that the Privacy Shield fully complies with the obligations laid down in the GDPR.
• calls for the EU Commission and US competent authorities to address deficiencies within the Privacy Shield.
• considers that unless the USA is fully compliant by 1 September 2018, the EU Commission will have failed to act in accordance with Article 45(5) GDPR, and would therefore call on the Commission to suspend the Privacy Shield until the US authorities comply with its terms.

The Resolution also states that EU authorities should investigate such cases and if appropriate, suspend or ban data transfers under the Privacy Shield.

Key take-aways

• The motion for a Resolution is expected to be voted in the European Parliament’s July Plenary session (2-5 July). If adopted, it will become a Resolution of the European Parliament and will be sent to the EU Commission.
• The next annual review of the EU-US Privacy Shield will take place in Autumn 2018, which creates momentum for the European institutions to raise concerns. 

What is the value of a Resolution?

A Resolution from the Parliament is not legally binding, it is rather a political push from the Parliament to the EU Commission to act on a specific matter. When the Commission receives a Resolution, it has three months to get back to the European Parliament and explain what the Commission is doing/or planning to do in that area of concern.