— last modified 31 May 2016
The European Parliament has adopted a Resolution on the “Privacy Shield”. This is the new agreement to permit data to be transferred from the EU to the USA. The previous agreement – “Safe Harbour” – was overturned by the European Court of Justice in October 2015.
“The Parliament’s resolution confirms that the new agreement has no chance of being upheld, if challenged at the Court of Justice of the European Union”, said Joe McNamee, Executive Director of European Digital Rights. “It questions the legal meaning of the assurances received from the USA. It points out that indiscriminate (“bulk”) surveillance is still possible and the new Ombudsman role is inadequate.”
The Parliament adopted a similar resolution in 2000, when the illegal Safe Harbour agreement was adopted, but its recommendations were ignored for 15 years. The Parliament failed to demand meaningful improvements before adoption. This means that the USA will have no incentive to make any concessions. Incomprehensibly the Parliament voted against a sunset clause that could have been a means to inspire a meaningful renegotiation. This means that the fundamental rights of European Citizens will be undermined until Privacy Shield is overturned. This means that European businesses can have no legal certainty if they rely on this agreement, which is broken by design.
Under EU data protection rules, personal data can only be transferred outside the EU under certain circumstances. The EU negotiated “Safe Harbour” as a special arrangement for the USA in 2000. After the Snowden revelations in 2013, the European Commission recognised that the arrangement was inadequate. It spent two years trying and failing to bring the deal into line with the EU’s legal framework. Then, in October 2015, the framework was overturned. The “Privacy Shield” is meant to replace the “Safe Harbour”.