![European American Chamber of Commerce New York [EACCNY] | Your Partner for Transatlantic Business Resources](https://eaccny.com/wp-content/uploads/2020/06/eaccny-logo.png){kind=logo}
The proposed EU-U.S. Data Privacy Framework has come against some opposition recently, with MEPs producing a resolution against the drafted adequacy decision for personal data transfers. The EU-U.S. Privacy Framework aims to improve data movement across the Atlantic and address concerns following the ruling of the Schrems II case, also known as the Data Protection Commissioner v. Facebook Ireland and Maximillian Schrems case. In this case, the European Court of Justice ruled that US digital cloud providers must adhere to the data protection rules of the recipient country, record risk assessments and confer with its customers.
The European Commission launched a process to adopt an adequacy decision on the Framework on 13 December. An adequacy decision is warranted under the GDPR and assesses if personal data may be passed from the EU to another country on the condition that the receiving country has a comparable level of data protection. While the degree of protection does not need to be identical it must have an “essential equivalence.” When this adequacy decision is adopted, EU countries may transfer personal data to companies located in the United States without additional protection mechanisms. This Framework is largely based on the U.S. Executive Order signed by President Biden in October 2022. This Order enforces binding safeguards, enhanced oversight of U.S. intelligence services, and the establishment of a redress mechanism to investigate and resolve complaints.
The draft adequacy decision was passed to the European Data Protection Board (EDPB) and the Civil Liberties Committee in the European Parliament for their assessment. In their resolution released this week, however, MEPs on the Committee argue that the U.S. should not receive an adequacy decision. They believe that this new framework still allows for large collection of personal data and has no intelligible rules for data retention. MEPs also point to a lack of transparency in the processes of the would-be governing body, the Data Protection Review Court. While the EDPB welcomed substantial improvements made in the Commission draft, it expressed concerns over various issues, including certain rights of data subjects and onward transfers.
The resolution advocates for a more sustainable framework that meets the needs of the future and that acknowledges that the U.S. intelligence community has not yet changed its practices to abide by the Data Policy Framework. Lead negotiator in the European Parliament, also known as the Rapporteur, Spanish MEP, Juan Fernando López Aguilar believes that this framework makes some progress compared to previous versions but is “not convinced that this framework sufficiently protects personal data of citizens.” MEP López Aguilar has further called upon the Commission to continue working on the concerns raised, “even if it means reopening negotiations with the US”. The resolution was passed with 37 votes for, none against, and 21 abstaining. The resolution will now be tabled for a future plenary session in Strasbourg.
Compliments of Vulcan Consulting – a member of the EACCNY.