MEPs have slammed the new safe harbour data privacy agreement as ‘an affront to citizens across Europe’ and accused the EU Commission of naivety in dealings with US.
The European Commission and US authorities have concluded a new data transfer agreement, to replace the former ‘safe harbour’ deal. Safe harbour, set up in 2000 to make it easier for US companies to transfer people’s personal data from Europe to the US without breaking strict EU data privacy laws, was ruled invalid by the European Court of Justice (ECJ) last October.
The ECJ said in its opinion that; “National security, public interest and law enforcement requirements of the United States prevail over the safe harbour scheme, […] US undertakings are bound to disregard, without limitation, the protective rules laid down by that scheme where they conflict with such requirements.”
This came about after Austrian data privacy Max Schrems asked the Irish data protection authority to determine what information Facebook – which has its HQ in Dublin – was transferring out of the EU. When his request was denied, the case landed before the ECJ.
The Commission announced that the new pact, the ‘EU-US privacy shield’, will allow for improved data protection and place clear limitations on US public authorities’ access to personal data. The US will appoint a dedicated ombudsman to allow Europeans to raise concerns or complaints.
European Commission Vice-President for the digital single market, Andrus Ansip, said; “Our people can be sure that their personal data is fully protected. This decision helps us build a digital single market in the EU, a trusted and dynamic online environment; it further strengthens our close partnership with the US. We will work now to put it in place as soon as possible.”
European justice, consumers and gender equality Commissioner Vĕra Jourová added that; “The new EU-US privacy shield will protect the fundamental rights of Europeans when their personal data is transferred to US companies. For the first time ever, the United States has given the EU binding assurances that public authority access for national security purposes will be subject to clear limitations, safeguards and oversight mechanisms.”
“In the context of the negotiations for this agreement, the US has assured that it does not conduct mass or indiscriminate surveillance of Europeans. We have established an annual joint review in order to closely monitor the implementation of these commitments.”
Unfortunately, the announcement failed to convince most parliamentary groups – the EPP group seemed to be its lone supporter among MEPs. The centre-right group’s data protection spokesperson, Axel Voss, commented that; “This new arrangement is of paramount importance to our digital economy. It gives a clear and reasonable legal framework for the transatlantic transfer of data.”
The German deputy welcomed the appointment of an ombudsman, saying; “The Commission announcements are going in the right direction and will strengthen and reinforce EU citizens’ rights.”
S&D group spokesperson for civil liberties, justice and home affairs, Birgit Sippel, had a more measured reaction, saying; “It was good for European citizens and businesses that some form of agreement was reached between the US authorities and European Commission over the transfer of data. However, the agreement presented does not appear to rectify the problems with the previous system and unless significant improvements are made then it is unlikely to stand up in court.”
ALDE group First Vice-President Sophie in ‘t Veld was even more critical, arguing that, “it is highly implausible that an ombudsman will have sufficient powers to oversee US intelligence services.”
She called for, “a thorough legal appraisal of the safeguards offered by the US. The legal status of these safeguards is very unclear. It is highly doubtful that they offer meaningful protection to European citizens, or if they meet the standards set by the ECJ.”
The Dutch MEP also claimed that, “If the safeguards are insufficient there will be a multitude of court cases. This is not a serious way of upholding the law.”
Given this year’s US presidential elections, in ‘t Veld is worried that, “The assurances seem to rely exclusively on political commitment instead of legal acts. So any change in the political constellation in the US may undo the whole thing.”
GUE/NGL group MEP Cornelia Ernst accused the Commission of, “merrily letting data transfers to the US continue, as if last year’s Edward Snowden revelations, or the ECJ ruling in the Schrems case, where the original ‘safe harbour’ decision was declared invalid, had never even existed.”
“The European Commission, and Commissioner Jourová in particular, completely fail to take account of what has happened in data protection in recent years. I am even more frustrated by the Commission’s continued naivety when dealing with the US.”
“They promise that an ombudsman will be designated in the US to deal with complaints from users in Europe, but fail to specify what his or her competences will be, or whether they will be able to challenge data processing by the NSA.”
Greens/EFA group MEP Jan Albrecht – Parliament’s rapporteur on the EU general data protection regulation currently in trilogues – slammed the privacy shield, deeming it, “little more than a reheated serving of the pre-existing safe harbour decision.”
“The Commission’s proposal is an affront to the ECJ, which deemed safe harbour illegal, as well as to citizens across Europe, whose rights are undermined by the decision. The proposal foresees no legally binding improvements.”
“Instead, it merely relies on a declaration by the US authorities on their interpretation of the legal situation regarding surveillance by US secret services, as well as the creation of an independent but powerless ombudsman, who would assess citizens’ complaints. This is a sell-out of the fundamental EU right to data protection.”