#PrivacyShield does not provide adequate data protection for EU citizens

On 5 July 2018 MEPs passed a resolution (303 votes to 223, 29 abstentions) to suspend Privacy Shield starting from 1 September 2018 until the United States is in full compliance with the terms of the agreement.
Members of the European Parliament in doing so have called upon US authorities to remove companies that misuse personal data from the registry and have suggested that EU authorities carry out investigations and suspend or even forbid transfers of personal data in cases when it is determined that data protection is not adequate.
In addition to determining that  the level of personal data protection provided by  Privacy Shield is inadequate, using the Facebook-Cambridge Analytica data breach as proof and emphasising the importance of  more effective monitoring of the agreement, MEPs have expressed concern over the US adoption of the Clarifying Lawful Overseas Use of Data Act (CLOUD Act) and more generally, about the risks that data breaches can place on democracy when data is used to influence voting behaviour and/or to political opinion. 

 Claude Moraes, Civil Liberties Committee Chair and rapporteur, has stated  “This resolution makes clear that the Privacy Shield in its current form does not provide the adequate level of protection required by EU data protection law and the EU Charter. Progress has been made to improve on the Safe Harbor agreement but this is insufficient to ensure the legal certainty required for the transfer of personal data.

In the wake of data breaches like the Facebook and Cambridge Analytica scandal, it is more important than ever to protect our fundamental right to data protection and to ensure consumer trust. The law is clear and, as set out in the GDPR, if the agreement is not adequate, and if the US authorities fail to comply with its terms, then it must be suspended until they do.”

You can read the official press release from the EP here.

Comments are closed.