Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

EU-US Privacy Shield not up to snuff, data tap should be turned off – MEPs

Civil liberties committee votes: US has until Sept to comply

The deal governing transatlantic data flows doesn't properly protect European Union citizens and should be suspended unless the United States complies with its terms, MEPs have said.

The Privacy Shield agreement, which aims to protect personal data transferred from the EU to the US, was set up after a legal challenge by privacy activist Max Schrems ruled its predecessor, Safe Harbor, invalid.

The new deal was agreed in summer 2016, and underwent its first annual review last September, when the European Commission deemed it adequate – despite raising a number of concerns.

These included vacant posts on the Privacy and Civil Liberties Oversight Board (PCLOB), the lack of a permanent ombudsman, the impact of US President Donald Trump's executive orders on immigration, and attitudes towards security and privacy.

However, almost a year later, MEPs on the civil liberties committee (LIBE) have warned that a number of issues are still not resolved – which they say means the US is not compliant with the terms of the deal, or EU data protection laws.

In a close-run vote last night – passed by 29 to 25, with three abstentions – the committee adopted a motion for a resolution that calls on the Commission to suspend the deal unless the US is compliant by 1 September.

"While progress has been made to improve on the Safe Harbor agreement, the Privacy Shield in its current form does not provide the adequate level of protection required by EU data protection law and the EU Charter," said Claude Moraes, chair of LIBE.

"It is therefore up to the US authorities to effectively follow the terms of the agreement and for the Commission to take measures to ensure that it will fully comply with the [General Data Protection Regulation]."

The committee also pointed out that both Facebook and Cambridge Analytica – the firms at the centre of the data scandal of the year – are both certified under the Privacy Shield.

It called on US authorities to act on these revelations "without delay", and "if needed, to remove such companies from the Privacy Shield list"; their EU counterparts should also investigate and, where appropriate, suspend or prohibit data transfers under the deal.

Similarly, the US Department of Commerce should carry out more proactive and regular compliance checks, to ensure that companies – which are allowed to self-certify – are falling in line with Privacy Shield.

Elsewhere in the motion, the committee did acknowledge that some progress had been made – for instance, the appointment of a chair for PCLOB – but noted that the delay had prevented the group from drawing up various reports.

They added that the delay in choosing an ombudsman "is not contributing to mutual trust" and said that the role's powers in relation to the intelligence community needed to be clarified.

Meanwhile, the group expressed regret that the US hadn't embedded Presidential Policy Directive 28 (PDF) – which states surveillance activities need to safeguard personal information regardless of where the person resides – into the Foreign Intelligence Surveillance Act when it was re-authorised at the end of last year.

It called for evidence ensuring that data collection under FISA 702 isn't indiscriminate and isn't conducted in a generalised, bulk manner – which would run against the EU Charter on Fundamental Rights.

The group also raised concerns that the US's new snooping law, the CLOUD (Clarifying Lawful Overseas Use of Data) Act – which obliges US companies to hand over content to authorities even if it is held on servers overseas – could conflict with EU data protection laws.

The committee said a "more balanced solution" would have been to strengthen existing Mutual Legal Assistance instruments, which the group said respect the laws of the country in which the data is located.

Moreover, the committee said US authorities should have provided the Commission with "timely and comprehensive" information about the new law, as it was relevant to the Privacy Shield, but failed to do so.

The motion is expected to be put to a vote in the full House in July. ®

Similar topics

TIP US OFF

Send us news


Other stories you might like