EU parliamentary committee says ‘no’ to EU-US data privacy framework
The
European
Parliament’s
Committee
on
Civil
Liberties,
Justice
and
Home
Affairs
has
recommended
that
the
European
Commission
reject
the
proposed
EU-US
Data
Privacy
Framework,
which
would
govern
the
way
in
which
the
personal
information
of
EU
citizens
is
The
European
Parliament’s
Committee
on
Civil
Liberties,
Justice
and
Home
Affairs
has
recommended
that
the
European
Commission
reject
the
proposed
EU-US
Data
Privacy
Framework,
which
would
govern
the
way
in
which
the
personal
information
of
EU
citizens
is
handled
by
US
companies.
The
committee’s
decision
—
formally,
a
draft
motion
for
a
resolution—
represents
a
rejection
of
the
European
Commission’s
recommendation,
announced
in
December,
that
the
data
privacy
framework
should
be
adopted.
The
recommendation
stated
that
US
law
now
offers
an
“adequate”
level
of
protection
for
the
personal
data
of
EU
users
of
US
companies’
services.
According
to
the
parliamentary
committee,
however,
the
proposed
data
privacy
framework
doesn’t
fully
comply
with
the
EU’s
General
Data
Protection
Regulation
(GDPR),
particularly
in
light
of
ongoing
US
policy
that
would
allow
for
the
large-scale,
warrantless
collection
of
user
data
for
national
security
purposes.
An
executive
order
issued
by
the
Biden
Administration,
the
committee
said,
is
insufficient
additional
protection
for
several
reasons,
including
the
mutability
of
policy
made
by
executive
order
—
it
can
simply
be
reversed
or
amended
by
the
president
at
any
time
—
and
the
inadequacy
of
the
safeguards
it
provides.
EU
Parliament:
Data
pact
with
US
is
‘vague’
In
particular,
the
committee
noted,
the
executive
order
is
too
vague,
and
leaves
US
courts
—
who
would
be
the
sole
interpreters
of
the
policy
—
wiggle
room
to
approve
the
bulk
collection
of
data
for
signals
intelligence,
and
doesn’t
apply
to
data
accessed
under
US
laws
like
the
Cloud
Act
and
the
Patriot
Act.
The
parliamentary
committee’s
major
points
echoed
those
of
many
critics
of
the
deal
in
the
EU,
as
well
as
the
criticsm
of
the
American
Civil
Liberties
Union
(ACLU),
which
has
said
that
the
US
has
failed
to
enact
meaningful
surveillance
reform.
The
committee,
in
its
motion
for
a
resolution,
said
that
“unlike
all
other
third
countries
that
have
received
an
adequacy
decision
under
the
GDPR,
the
US
still
does
not
have
a
federal
data
protection
law.”
In
short,
the
committee
said
that
US
domestic
law
is
simply
incompatible
with
the
GDPR
framework,
and
that
no
agreement
should
be
reached
until
those
laws
are
more
in
alignment.
The
committee’s
negative
response
this
week
to
the
proposed
data
privacy
framework,
however,
was
a
nonbinding
draft
resolution
and
though
it
is
a
sticking
point,
does
not
put
a
formal
halt
to
the
adoption
process,
as
its
approval
was
not
required
to
move
the
agreement
along.
It’s
not
a
surprise
that
the
committee
issued
a
negative
recommendation,
according
to
Lartease
Tiffith,
executive
vice
president
for
public
policy
at
the
Interactive
Advertising
Bureau,
which
has
supported
the
draft
framework.
“It
has
a
particular
point
of
view
on
all
issues
related
to
privacy
and
civil
liberties,”
he
said.
“We
will
have
to
see
what
the
[European
Commission]
decides.”
About Author
