According to the 12 June 2018 European Parliament press release, the Civil Liberties Committee (LIBE Committee) has called on the European Commission to suspend the EU-U.S. Privacy Shield on the grounds that it fails to provide sufficient data protection for EU Citizens.

In the press release, the MEPs stated that data transfers between the EU and the US should be suspended unless the US complies fully with the terms of the Privacy Shield by 1 September 2018.

The position of the MEPs is based largely on the fact that both companies involved in the Facebook-Cambridge Analytica data breach were certified under the Privacy Shield.  This indicates a clear need for better monitoring of the agreement and its participiants.

MEPs have called on the US authorities to take immediate action against such disclosures of personal data, and, where appropriate, to remove companies from the list that have been found to have improperly processed personal data. EU authorities have also been called upon to investigate such cases and, if necessary, suspend or prohibit such Privacy Shield based data transfers.

The recently passed Clarifying Lawful Overseas Use of Data Act (CLOUD Act), which grants both US police and foreign police access to personal data, is also cited as worrying.

Civil Liberties Committee Chair and rapporteur Claude Moraes stated: “The LIBE committee today adopted a clear position on the EU US Privacy Shield agreement. While progress has been made to improve on the Safe Harbor agreement, the Privacy Shield in its current form does not provide the adequate level of protection required by EU data protection law and the EU Charter. It is therefore up to the US authorities to effectively follow the terms of the agreement and for the Commission to take measures to ensure that it will fully comply with the GDPR.”

The European Parliament will decide on this issue in July.

We will continue to monitor and report on the developments of this matter.