- Jul 27, 2015
Lawmakers in the European Parliament have urged the European Commission not to issue the "adequacy decision" needed for the EU-US Data Privacy Framework (DPF) to officially become the pipeline for data to freely flow from the EU to the States.
It almost goes without saying that the current operation of the technology sector in Europe would not work without US tech companies' services – so data transfers to these American corporations cannot practicably be avoided. However, European rules around privacy, data collection, and data subjects' rights are considerably stronger than those in America, hence the need for rules of engagement that make US companies' treatment of EU data as good as what they'd get at home. The DPF was announced in March last year and is meant to address concerns raised by the EU's Court of Justice in Schrems II, a 2020 case that struck down the so-called Privacy Shield data protection arrangements between the political bloc and the US.
EU president Ursula von der Leyen and US president Joe Biden said they'd reached an agreement in principle on the framework for transatlantic data flows at the time, with Biden signing an executive order (EO) on the matter in October last year.But the European Parliament's Committee on Civil Liberties, Justice and Home Affairs (LIBE) is still not happy with what it sees, and has put out a nonbinding draft opinion [PDF] on how adequate it thinks the protection given by the proposed cross-border data rules is. In short: it ain't.
According to the motion filed this week, the latest Data Privacy Framework still falls far short of the General Data Protection Regulation standard EU residents could expect from companies that are regulated within the bloc. The Committee says that "unless meaningful reforms were introduced," the Commish shouldn't proceed. Tech lawyer Neil Brown of decoded.legal told The Register that "In other words... no amount of paperwork will overcome what they perceive to be aspects of US law which they consider to be incompatible with the EU GDPR."