On 6th April, 2017, the European Parliament adopted a resolution stating that there are deficiencies in the EU-US data transfer accord Privacy Shield which must be “urgently resolved” in order to give citizens and companies legal certainty. MEPs called on the EU Commission to conduct an assessment and to ensure that the Privacy Shield complies sufficiently with the EU Charter of Fundamental Rights and new EU data protection rules. According to the resolution or related press release, MEPs are particularly concerned about:
- “[R]ecent revelations about surveillance activities conducted by a US electronic communications service provider on all emails reaching its servers, upon request of the National Security Agency (NSA) and the FBI, as late as 2015, i.e. one year after Presidential Policy Directive 28 was adopted…”;
- “[T]he ‘Procedures for the Availability or Dissemination of Raw Signals Intelligence Information by the National Security Agency under Section 2.3 of Executive Order 12333’, approved by the Attorney General on 3 January 2017, [which the MEPs interpret to permit] the NSA to share vast amounts of private data gathered without warrants, court orders or congressional authorisation with 16 other agencies”;
- That the Ombudsperson mechanism set up by the US Department of State is “not sufficiently independent and is not vested with sufficient effective powers to carry out its duties and provide effective redress”;
- The MEPs perceived lack of “effective judicial redress rights for individuals in the EU whose personal data are transferred to a US organization under the Privacy Shield Principles and further accessed and processed by US public authorities for law enforcement and public interest purposes,” in either the Privacy Shield Principles or letters from the US administration;
- The rejection, in March, of the FCC Broadband Privacy Rules to heighten protections for the privacy of broadband customers; and
- The purportedly diminishing authority of the Privacy and Civil Liberties Oversight Board.
The adoption of this resolution follows comments by the EU Justice Commissioner, Vera Jourova, at the end of March 2017, whereby she told Bloomberg that the US must, if it wishes to keep a European Union-U.S. cross border data transfer program in place, satisfy the EU that it will continue to be faithful to appropriate limitations on surveillance and privacy protection policies. Jourova, who stated that “privacy is valued highly and in a different way [in EU countries] than in the U.S.” has also said that, President Donald Trump “understands the economic importance” of the Privacy Shield and that there has been little reason to date “to doubt the commitment of the new government.”