The European Parliament’s Committee on Civil Liberties, Justice and Home Affairs has recommended that the European Commission reject the proposed EU-US Data Privacy Framework, which would govern the way in which the personal information of EU citizens is handled by US companies.
The committee’s decision — formally, a draft motion for a resolution— represents a rejection of the European Commission’s recommendation, announced in December, that the data privacy framework should be adopted. The recommendation stated that US law now offers an “adequate” level of protection for the personal data of EU users of US companies’ services.
According to the parliamentary committee, however, the proposed data privacy framework doesn’t fully comply with the EU’s General Data Protection Regulation (GDPR), particularly in light of ongoing US policy that would allow for the large-scale, warrantless collection of user data for national security purposes.
An executive order issued by the Biden Administration, the committee said, is insufficient additional protection for several reasons, including the mutability of policy made by executive order — it can simply be reversed or amended by the president at any time — and the inadequacy of the safeguards it provides.
EU Parliament: Data pact with US is ‘vague’
In particular, the committee noted, the executive order is too vague, and leaves US courts — who would be the sole interpreters of the policy — wiggle room to approve the bulk collection of data for signals intelligence, and doesn’t apply to data accessed under US laws like the Cloud Act and the Patriot Act.
The parliamentary committee’s major points echoed those of many critics of the deal in the EU, as well as the criticsm of the American Civil Liberties Union (ACLU), which has said that the US has failed to enact meaningful surveillance reform.
The committee, in its motion for a resolution, said that “unlike all other third…
2023-02-18 18:00:03
Source from www.computerworld.com
Today, the European Parliament rejected a proposed EU-US Data Privacy Framework, a mechanism that aimed to ensure that companies adequately protect the personal data of EU citizens. This agreement was negotiated over the course of several months between the European Commission, the executive branch of the EU, and the United States government. The framework would have served to protect EU citizens from potential misuse of their personal data when transferred for commercial purposes to the United States.
Expectedly, the rejection by the European Parliament raises some questions about how to guarantee the continued protection of personal data. The agreement, first and foremost, would have mandated that EU citizens’ data be protected to the standards of the EU’s data protection policy when transferred to US companies. The US government also would have agreed to impose sanctions in the event of not fulfilling the agreement or deliberately disclosing or mishandling EU citizens’ data.
Nonetheless, members of the European Parliament felt that the proposed treaty did not provide enough guarantees when it came to protecting data privacy, especially in a digital age where it is perhaps the most valuable asset. MEPs expressed their concerns. The President of the Liberal ALDE group, Guy Verhofstadt, for example, stated that “the Commission should have done more work to defend [the] privacy rights of citizens,” particularly with regard to the US’ current inability to control potential misuse of data by companies.
In the wake of the rejection, European Commission representative Vera Jourova remarked that the proposals had been carefully reviewed, but acknowledged that its approval was not certain and that “the European Union is now considering other options to protect citizens’ personal data.”
Therefore, the future of data privacy regulations concerning transfers from the EU to the US remains uncertain, with both parties resuming negotiations and members of the Parliament standing firm on supported their stance. Ultimately, any new framework must demonstrate its commitment to protecting personal data while also ensuring the ability of companies to operate efficiently.