The Privacy Shield agreement – which governs the flow of personal data between America and Europe – should be suspended if the US doesn't comply by 1 September, the European Parliament has said.
At the plenary session of the European Parliament today, MEPs voted 303 to 223 in favour of a resolution that criticises the US and the European Commission's approach to ensuring compliance.
The move ramps up the pressure on the agreement, which is already facing legal challenges, with politicos saying that the commission needs to suspend the deal unless the US sorts its act out.
The resolution states that Privacy Shield has not provided the adequate level of protection required by EU laws or fundamental rights.
Issues with the deal, which was rushed through in summer 2016 after its predecessor Safe Harbor collapsed, were raised during the first annual review of Privacy Shield last year.
They included vacant posts on the Privacy and Civil Liberties Oversight Board, the lack of a permanent ombudsman, the impact of US President Donald Trump's executive orders on immigration, and attitudes towards security and privacy.
However, the European Parliament is unimpressed with the progress made to date.
Among issues listed in the resolution are the reauthorisation of section 702 of the Foreign Intelligence Surveillance Act for six more years, which "calls into question the legality of the Privacy Shield", and the way Facebook shifted non-EU users under the control of Facebook US, not Facebook Ireland.
The parliament said the US should be given until 1 September to fix the issues. If it doesn't, the commission must suspend the deal.
The MEPs also criticised the commission and its US counterparts for failing to take action sooner, pointing out that the EU's data protection watchdogs (formerly known as the Article 29 Working Party or WP29) had raised concerns about the deal's status six months ago.
The resolution read:
[The Parliament] deplores that the Commission and the competent US authorities did not restart discussions on the Privacy Shield arrangement and did not set up any action plan in order to address as soon as possible the deficiencies identified, as called for by the WP29 in its December report on the joint review; calls on the Commission and the competent US authorities to do so without any further delay.
The parliament's Committee on Civil Liberties, Justice and Home Affairs – which drafted and approved the resolution last month – has been told to monitor developments, including cases brought before the Court of Justice of the European Union that could affect the deal. ®