Miguel Recio
The European Commission´s proposal for an adequacy decision on the EU-US Data Privacy Framework, which is in the process of being adopted, has been deemed unsatisfactory by the European Parliament´s Committee on Civil Liberties, Justice and Home Affairs. The European Commission will have to move forward to address concerns raised and even consider reopening negotiations with the United States (U.S.), creating a scenario of uncertainty about the future of the EU-U.S. Data Privacy Framework.
During the meeting of the Committee on Civil Liberties, Justice and Home Affairs, which took place on 13 April 2023, the Committee voted against the proposal for an adequacy decision on the EU-U.S. Data Privacy Framework, considering that it does not provide the necessary safeguards for individuals whose personal data are processed. In doing so, MEPs do not believe the European Commission is granting an adequate level of data protection through the EU-US Data Privacy Framework.
The proposal for an adequacy decision, which was submitted by the European Commission on 13 December 2022, is currently in the adoption phase and has therefore been subject to review by the European Data Protection Board, which also opposed it in its opinion 5/2023 of 28 February, despite noting progress compared to previous adequacy decisions that were annulled by the Court of Justice of the European Union. It will also soon be submitted to obtain the green light from a committee of representatives of the EU Member States.
The vote against by the Committee on Civil Liberties, Justice and Home Affairs follows the publication on 14 February 2023 of a draft motion for a resolution concluding that the proposed adequacy decision “fails to create an actual equivalence in the level of protection” and “urges the Commission not to adopt the adequacy decision”. In addition, ninety-two (92) amendments to the draft resolution were published on 9 March 2023 and have been voted on with a view to the adopting the final Resolution.
The reasons that have led the Committee on Civil Liberties, Justice and Home Affairs to consider that the draft adequacy decision is not enough are as follows.
First, the proposed adequacy decision does not include sufficient safeguards as (i) it allows for the bulk collection of personal data in certain cases; (ii) such collection of personal data is not subject to independent prior authorisation; and (iii) it does not provide clear rules on the retention of personal data.
Second, although the EU-U.S. Data Privacy Framework creates the Data Protection Review Court (“DPRC”) in order to provide a redress mechanism for Europeans whose personal data are processed, its decisions are classified. The Committee on Civil Liberties, Justice and Home Affairs considers that the classified nature of this authority´s decisions violates the right of citizens to access and rectify their data. It also highlights the lack of independence of this Court, as its judges can be dismissed, and its decisions overturned by the President of the U.S.
Third, the assessment of the adequacy of the EU-U.S. Data Privacy Framework requires attention to the implementation in practice of its rules. The Committee on Civil Liberties, Justice and Home Affairs highlights that the U.S. Intelligence Community s are still in the process of bringing their practices in line with the proposed adequacy decision, so it is not yet possible to assess its impact.
And fourthly, the Chair of the Committee on Civil Liberties, Justice and Home Affairs considers that, despite the progress that has been made with respect to the previously overturned adequacy decisions, the current version may not pass a test or the scrutiny of the Court of Justice of the European Union.
In addition, the Chair of the Committee on Civil Liberties, Justice and Home Affairs urges the European Commission to address the outlined concerns and perhaps even reopen negotiations if necessary. Obviously, this could delay the adoption of a mechanism for international data transfers with the U.S. and have a considerable economic impact, although there is also hope that the EU-U.S. Data Privacy Framework will provide the necessary safeguards to ensure that it is robust and provides the legal certainty required in this area.
This article does not represent legal advice by its author(s). If you would like to regularly receive our Referencias Jurídicas CMS, which provide an insight into current legal and case law topics of interest, please fill in the form found here.
_840x420.jpg?v=3)
(W).jpg?v=1)
Social Media cookies collect information about you sharing information from our website via social media tools, or analytics to understand your browsing between social media tools or our Social Media campaigns and our own websites. We do this to optimise the mix of channels to provide you with our content. Details concerning the tools in use are in our privacy policy.