On
February
14,
2023,
in
a
Draft
Motion
for
a
Resolution
on
the
adequacy
of
the
protection
afforded
by
the
proposed
EU-U.S.
Data
Privacy
Framework
(the
“Framework”),
the
European
Parliament’s
Committee
on
Civil
Liberties,
Justice
and
Home
Affairs
(the
“Committee”)
urged
the
European
Commission
not
to
adopt
adequacy
based
on
the
Framework,
on
the
basis
that
it
“fails
to
create
actual
equivalence”
with
the
EU
in
the
level
of
data
protection
that
it
provides.
A
full
Parliament
vote
on
the
Resolution
is
expected
in
the
coming
months,
but
even
if
passed
the
Resolution
will
not
be
binding
on
the
European
Commission
with
respect
to
its
adequacy
decision.
The
Committee
raised
various
objections
to
the
Framework,
including
that:
-
While
Executive
Order
14086
on
Enhancing
Safeguards
For
United
States
Signals
Intelligence
Activities
(the
“EO”,
which
provides
the
Framework)
makes
reference
to
principles
of
proportionality
and
necessity,
the
substantive
definitions
of
these
concepts
in
the
EO,
and
likely
interpretation
under
U.S.
law,
are
out
of
line
with
their
meaning
and
interpretation
in
the
EU; -
The
U.S.
President
retains
the
ability
to
amend
the
EO,
meaning
that
it
is
not
clear,
precise,
or
foreseeable
in
its
application; -
Decisions
made
by
the
Data
Protection
Review
Court
(“DPRC”)
will
not
be
made
public
or
available
to
complainants,
and
more
generally
that
the
DPRC
is
not
sufficiently
transparent,
independent
or
impartial,
in
part
due
to
the
fact
that
it
is
part
of
the
executive
branch
rather
than
the
judiciary;
and -
Unlike
other
recipients
of
an
adequacy
decision
from
the
European
Commission,
the
U.S.
does
not
have
a
federal
data
protection
law
in
place.
In
its
conclusions,
the
Committee
re-stated
its
prior
request
to
the
Commission
“not
to
adopt
any
new
adequacy
decision
in
relation
to
the
U.S.,
unless
meaningful
reforms
were
introduced,
in
particular
for
national
security
and
intelligence
purposes.”
About Author
