ARTICLE
22 May 2023

MEPs In Europe Vote Against Approving Proposed EU-U.S. Data Protection Framework

FL
Foley & Lardner

Contributor

Foley & Lardner LLP looks beyond the law to focus on the constantly evolving demands facing our clients and their industries. With over 1,100 lawyers in 24 offices across the United States, Mexico, Europe and Asia, Foley approaches client service by first understanding our clients’ priorities, objectives and challenges. We work hard to understand our clients’ issues and forge long-term relationships with them to help achieve successful outcomes and solve their legal issues through practical business advice and cutting-edge legal insight. Our clients view us as trusted business advisors because we understand that great legal service is only valuable if it is relevant, practical and beneficial to their businesses.
The proposed EU-U.S. Data Privacy Framework (DPF) is starting to look dead on arrival. European MEPs voted 306 to 27 (with 231 abstaining) to accept a resolution that the European Commission should reject...
Worldwide Privacy

The proposed EU-U.S. Data Privacy Framework (DPF) is starting to look dead on arrival. European MEPs voted 306 to 27 (with 231 abstaining) to accept a resolution that the European Commission should reject granting the U.S. an adequacy decision for the DPF.

While the MEPs recognized that the proposed DPF is an improvement over the EU-U.S. Privacy Shield and its predecessor, the U.S.-EU Safe Harbor, it still suffers from significant problems. In order to provide certainty to organizations, the MEPs believe that the DPF needs to be future-proof so it wont be overturned in court as the Privacy Shield and Safe Harbor frameworks were. Therefore, the assessment of adequacy needs to be based on the practical implementation of the rules and the MEPs feel that the proposed DPF doesn't meet those requirements.

Most notably, the MEPs pointed out that bulk collection of personal information by law enforcement is still not subject to independent prior authorization and there are few rules around data retention.

It was also pointed out that the proposed creation of the Data Protection Review Court (DPRC) is not adequate because its decisions would be secret and EU citizens would not have the right to access and rectify personal data about them. The MEPs also pointed out that the DPRC would not be a truly independent judicial body since the judges on the court serve at the pleasure of the President and could be dismissed at any time. Plus, the President can overrule the decisions of the DPRC, making its decisions subject to the views of the President.

In a resolution adopted Thursday, MEPs argue that the European Commission should not grant the United States an adequacy decision deeming its level of personal data protection essentially equivalent to that of the EU and allowing for transfers of personal data between the EU and U.S. The text was adopted with 306 votes in favour, 27 against, and 231 abstaining. After the vote, rapporteur Juan Fernando López Aguilar (S&D, ES) said: "We are discussing a privacy framework with the U.S. for the third time, after previous regimes were struck down by the European Court of Justice. This new proposal contains significant improvements, but unfortunately, we are not there yet. There are still missing elements on judicial independence, transparency, access to justice, and remedies."

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More