Privacy Shield Setback? European Parliament Asks to Revisit Negotiations
The saga continues on the quest to improve the EU-U.S. Privacy Shield Agreement (“Privacy Shield”), the framework that, if enacted, would permit transatlantic data flows from the EU to the U.S. Yesterday, the European Parliament approved a resolution asking the European Commission (the “Commission”) to (1) clarify the legal status of “written assurances” provided by the U.S., (2) implement the Article 29 Working Party (the “Working Party”) recommendations, and (3) revisit negotiations with the U.S. to improve Privacy Shield deficiencies.
In late February, the Commission issued a draft adequacy decision that formed the basis of Privacy Shield. The decision was criticized in an opinion by the Working Party, a group comprised of representative data protection authorities from each EU member country and the European Data Protection Supervisor. Yesterday’s European Parliament resolution calls for full implementation of the Working Party opinion recommendations and highlights several deficiencies of the draft decision, including the following:
- Bulk collection remains an issue: Under Presidential Policy Directive 28, bulk collection is still permitted and does not meet necessity and proportionality requirements of the Charter of Fundamental Rights of the European Union.
- Ombudsperson lacks independence and power: The Ombudsperson role envisioned in the Privacy Shield lacks sufficient independence and does not have adequate powers to exercise and enforce its duty.
- Legal uncertainty where rules are not clear and uniform. Legal certainty is essential for business development and growth. Without it, companies face legal uncertainty and serious impacts to operations, consumer trust, and the ability to conduct transatlantic business.