This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.
| 1 minute read

MEPs in Europe vote against approving proposed EU-U.S. Data Protection Framework

The proposed EU-U.S. Data Privacy Framework (DPF) is starting to look dead on arrival. European MEPs voted 306 to 27 (with 231 abstaining) to accept a resolution that the European Commission should reject granting the U.S. an adequacy decision for the DPF. 

While the MEPs recognized that the proposed DPF is an improvement over the EU-U.S. Privacy Shield and its predecessor, the U.S.-EU Safe Harbor, it still suffers from significant problems. In order to provide certainty to organizations, the MEPs believe that the DPF needs to be future-proof so it wont be overturned in court as the Privacy Shield and Safe Harbor frameworks were. Therefore, the assessment of adequacy needs to be based on the practical implementation of the rules and the MEPs feel that the proposed DPF doesn't meet those requirements. 

Most notably, the MEPs pointed out that bulk collection of personal information by law enforcement is still not subject to independent prior authorization and there are few rules around data retention. 

It was also pointed out that the proposed creation of the Data Protection Review Court (DPRC) is not adequate because its decisions would be secret and EU citizens would not have the right to access and rectify personal data about them. The MEPs also pointed out that the DPRC would not be a truly independent judicial body since the judges on the court serve at the pleasure of the President and could be dismissed at any time. Plus, the President can overrule the decisions of the DPRC, making its decisions subject to the views of the President. 

In a resolution adopted Thursday, MEPs argue that the European Commission should not grant the United States an adequacy decision deeming its level of personal data protection essentially equivalent to that of the EU and allowing for transfers of personal data between the EU and U.S. The text was adopted with 306 votes in favour, 27 against, and 231 abstaining. After the vote, rapporteur Juan Fernando López Aguilar (S&D, ES) said: "We are discussing a privacy framework with the U.S. for the third time, after previous regimes were struck down by the European Court of Justice. This new proposal contains significant improvements, but unfortunately, we are not there yet. There are still missing elements on judicial independence, transparency, access to justice, and remedies."


privacy, cybersecurity, gdpr, data protection, innovative technology