On March 23, 2017, with the first joint annual review of the Privacy Shield on the horizon, the European Parliament Civil Liberties, Justice and Home Affairs Committee narrowly adopted a resolution identifying “key deficiencies” in the E.U.-U.S. Privacy Shield. The resolution, which was passed by a vote of 29 in favor, 25 against and one abstention, details a number of deficiencies with the personal data transfer framework. In particular, while acknowledging improvement over the E.U.-U.S. Safe Harbor that was invalidated by the European Court of Justice in 2015, the resolution raises concerns regarding the lack of specific rules on automated decision-making and the general right to object to data transfers.
Additionally, in a show of skepticism of U.S. authorities, the resolution specifically notes the insufficient protections surrounding mass and indiscriminate collection of personal data despite assurances attached to the Privacy Shield by the U.S. Director of National Intelligence. The resolution also urged an immediate assessment of whether rules approved by the U.S. in early 2017 allowing the National Security Agency to share private data with other agencies are consistent with the U.S.’s responsibilities under the Privacy Shield. Finally, the lack of a judicial remedy for individuals in the European Union whose data is transferred under the Privacy Shield and processed by both private organizations and U.S. law enforcement agencies is yet another concern of the committee.
The resolution is expected to be voted on by the European Parliament as a whole in April.