Foley & Lardner LLP looks beyond the law to focus on the constantly evolving demands facing our clients and their industries. With over 1,100 lawyers in 24 offices across the United States, Mexico, Europe and Asia, Foley approaches client service by first understanding our clients’ priorities, objectives and challenges. We work hard to understand our clients’ issues and forge long-term relationships with them to help achieve successful outcomes and solve their legal issues through practical business advice and cutting-edge legal insight. Our clients view us as trusted business advisors because we understand that great legal service is only valuable if it is relevant, practical and beneficial to their businesses.
The proposed EU-U.S. Data Privacy Framework (DPF) is starting to look dead on arrival. European MEPs voted 306 to 27 (with 231 abstaining) to accept a resolution that the European Commission should reject...
The proposed EU-U.S. Data Privacy Framework (DPF) is starting to
look dead on arrival. European MEPs voted 306 to 27 (with 231
abstaining) to accept a resolution that the European Commission
should reject granting the U.S. an adequacy decision for the
DPF.
While the MEPs recognized that the proposed DPF is an
improvement over the EU-U.S. Privacy Shield and its predecessor,
the U.S.-EU Safe Harbor, it still suffers from significant
problems. In order to provide certainty to organizations, the MEPs
believe that the DPF needs to be future-proof so it wont be
overturned in court as the Privacy Shield and Safe Harbor
frameworks were. Therefore, the assessment of adequacy needs to be
based on the practical implementation of the rules and the MEPs
feel that the proposed DPF doesn't meet those requirements.
Most notably, the MEPs pointed out that bulk collection of
personal information by law enforcement is still not subject to
independent prior authorization and there are few rules around data
retention.
It was also pointed out that the proposed creation of the Data
Protection Review Court (DPRC) is not adequate because its
decisions would be secret and EU citizens would not have the right
to access and rectify personal data about them. The MEPs also
pointed out that the DPRC would not be a truly independent judicial
body since the judges on the court serve at the pleasure of the
President and could be dismissed at any time. Plus, the President
can overrule the decisions of the DPRC, making its decisions
subject to the views of the President.
In a resolution adopted Thursday, MEPs
argue that the European Commission should not grant the United
States an adequacy decision deeming its level of personal data
protection essentially equivalent to that of the EU and allowing
for transfers of personal data between the EU and U.S. The text was
adopted with 306 votes in favour, 27 against, and 231 abstaining.
After the vote, rapporteur Juan Fernando López Aguilar
(S&D, ES) said: "We are discussing a privacy framework
with the U.S. for the third time, after previous regimes were
struck down by the European Court of Justice. This new proposal
contains significant improvements, but unfortunately, we are not
there yet. There are still missing elements on judicial
independence, transparency, access to justice, and
remedies."
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.