EU lawmakers Advise Against signing US Data Pact

upnorth

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,457
Lawmakers in the European Parliament have urged the European Commission not to issue the "adequacy decision" needed for the EU-US Data Privacy Framework (DPF) to officially become the pipeline for data to freely flow from the EU to the States.

It almost goes without saying that the current operation of the technology sector in Europe would not work without US tech companies' services – so data transfers to these American corporations cannot practicably be avoided. However, European rules around privacy, data collection, and data subjects' rights are considerably stronger than those in America, hence the need for rules of engagement that make US companies' treatment of EU data as good as what they'd get at home. The DPF was announced in March last year and is meant to address concerns raised by the EU's Court of Justice in Schrems II, a 2020 case that struck down the so-called Privacy Shield data protection arrangements between the political bloc and the US.

EU president Ursula von der Leyen and US president Joe Biden said they'd reached an agreement in principle on the framework for transatlantic data flows at the time, with Biden signing an executive order (EO) on the matter in October last year.But the European Parliament's Committee on Civil Liberties, Justice and Home Affairs (LIBE) is still not happy with what it sees, and has put out a nonbinding draft opinion [PDF] on how adequate it thinks the protection given by the proposed cross-border data rules is. In short: it ain't.

According to the motion filed this week, the latest Data Privacy Framework still falls far short of the General Data Protection Regulation standard EU residents could expect from companies that are regulated within the bloc. The Committee says that "unless meaningful reforms were introduced," the Commish shouldn't proceed. Tech lawyer Neil Brown of decoded.legal told The Register that "In other words... no amount of paperwork will overcome what they perceive to be aspects of US law which they consider to be incompatible with the EU GDPR."
 

upnorth

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,457
European Parliament doesn't want to be looking at yet another draft law regulating EU-US data flows, saying the proposed Privacy Framework is not "future-proof" enough.

Basically, MEPs' advice - and they voted 306-27 on this - is that they don't want the European Commission, the executive arm of the EU, to grant the US the adequacy decision that would trigger the implementation of the new deal. You can't blame them, seeing as it's now Take 3 on an easy mechanism to regulate data processing between the US and after both Safe Harbor and Privacy Shield (Take 2, not to be confused with Privacy Framework, Take 3) were both ruled invalid.

The Parliament said it "emphasises that adequacy decisions must include clear and strict mechanisms for monitoring and review in order to ensure that decisions are future proof or repealed or amended as necessary, and that EU citizens' fundamental right to data protection is guaranteed at all times." It also reiterated there is no federal privacy and data protection legislation in the US, therefore a "comprehensive assessment of how these principles are implemented in the US legal order might not be possible due to a lack of transparency in Data Protection Review Court procedures." The Data Protection Review Court is a mechanism put into place by the US to give European citizens the same right of redress they'd have at home.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top