deepagopi2011 - Fotolia

Privacy Shield under threat by US non-compliance

The Privacy Shield framework that replaced the Safe Harbour agreement for personal data transfers between the EU and the US is under threat due to non-compliance by US firms

European parliamentarians have called for the suspension of the Privacy Shield framework for transatlantic personal data transfers if the US fails to comply fully by 1 September 2018.

The Civil Liberties Committee (LIBE) said in a resolution that the European Commission (EC) should suspend the agreement for as long as it takes for US authorities to comply with its terms to provide enough data protection for EU citizens.

Since 1 August 2016, US companies have been able to register for Privacy Shield, which was designed to replace the Safe Harbour agreement after it was declared invalid by the Court of Justice of the European Union (CJEU).

The latest move comes just over a year after Members of the European Parliament (MEPs) called on the EC to reassess Privacy Shield due to concerns over US privacy safeguards.

The MEPs raised concerns that US authorities were not fully adhering to the terms of the agreement and that the US administration, under president Donald Trump, was rolling back privacy safeguards and stepping up surveillance through executive orders.

Following the Facebook-Cambridge Analytica data scandal, MEPs said that now there is a need for better monitoring of the agreement, in light of the fact that both companies involved in the scandal are certified under Privacy Shield.

MEPs have called on the US authorities to act on such revelations without delay and, if needed, to remove companies that have misused personal data from the Privacy Shield list.

EU authorities should also investigate such cases and, if appropriate, suspend or ban data transfers under the Privacy Shield, they added.

MEPs are expressed concerns about the recent adoption of the Clarifying Lawful Overseas Use of Data (Cloud) Act, a US law that grants the US and foreign police access to personal data across borders.

They say the new US law could have serious implications for the EU and it could conflict EU data protection laws.

Civil Liberties Committee chair and rapporteur Claude Moraes of the UK said: “The LIBE committee today adopted a clear position on the EU US Privacy Shield agreement.

“While progress has been made to improve on the Safe Harbour agreement, the Privacy Shield in its current form does not provide the adequate level of protection required by EU data protection law and the EU Charter.

“It is therefore up to the US authorities to effectively follow the terms of the agreement and for the Commission to take measures to ensure that it will fully comply with the GDPR [General Data Protection Regulation],” he said.

The LIBE resolution was passed by 29 votes to 25, with 3 abstentions. The full house is expected to vote on the text in July.

Read more about EU-US Privacy Shield

  • MEPs call for European Commission to reassess Privacy Shield.
  • Ireland faces legal challenge over the independence of its data commissioner, in the wake of the scrap- ping of the Safe Harbour data protection agreement.
  • Dublin court case on the legality of Facebook’s data transfers to the US raises issues that affect US national security, claims US Department of Justice.
  • User demand for locally hosted cloud services prompts cloud firms and infrastructure providers to rapidly take up datacentre space in Europe, CBRE research shows.

Read more on Privacy and data protection