European Parliament Votes to Suspend EU-U.S. Privacy Shield
By Matthew Majkut
On July 5, 2018, the Members of European Parliament (MEP) passed a non-binding resolution, 303 to 223 votes, with 29 abstentions to suspend the
The EU-U.S. Privacy Shield Framework was designed by the U.S. Department of Commerce and the European Commission to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union to the United States. Privacy Shield came into force in 2016 after replacing the
Since its passage, Privacy Shield has drawn controversy as not providing an “adequate level of protection” under applicable EU data protection laws. British MEP Claude Moraes, chair of the EU Parliament’s Civil Liberties Committee, was a primary driver behind the resolution to suspend EU-U.S. Privacy Shield. On July 5th, Moraes stated, “This resolution makes clear that the Privacy Shield in its current form does not provide the adequate level of protection required by EU data protection law and the EU Charter. Progress has been made to improve on the Safe Harbor agreement but this is insufficient to ensure the legal certainty required for the transfer of personal data. The law is clear and, as set out in the GDPR, if the agreement is not adequate, and if the US authorities fail to comply with its terms, then it must be suspended until they do.”
Critics of Parliament’s resolution question whether renegotiation of the Privacy Shield between the EU and the U.S. by September 1 is feasible given the short timeline and potential complexity. Moreover, the criticisms of Privacy Shield apply with virtually equal force to the other principal mechanism authorizing data transfer, the Standard Contractual Clauses (or “model contracts”).
Parliament's resolution is non-binding but nonetheless striking in its call for suspension. Observers on both sides of the Atlantic will be watching the Commission’s (and the Trump Administration’s) reactions closely.