European Parliament Calls on US to Show Compliance with EU-US Privacy Shield Within Two Months
The European Parliament plenary adopted on 5 July 2018 the LIBE Committee’s Motion for Resolution on the EU-US Privacy Shield (‘Privacy Shield) indicating the general Parliament’s position towards its functioning. The non-binding resolution calls for the suspension of the Privacy Shield unless the US demonstrates compliance with its requirements by 1 September 2018. As per our previous post, the European Parliament considers that the personal data protection provided by the Privacy Shield is not adequate.
The day before the vote, a debate took place between the Members of the European Parliament (‘MEPs’) and the Commissioner for Justice, Consumers and Gender Equality, Vera Jourova. While some MEPs were adamant that the EU should suspend the Privacy Shield if the US does not demonstrate compliance by 1 September, Commissioner Jourova stressed that at this stage a suspension is not warranted.
Commissioner Jourova highlighted that the Privacy Shield framework has been functioning even if the system does not work to perfection. The Commission is committed to continuously monitoring the functioning of the Privacy Shield to guarantee the protection of European citizens’ data.
The Commissioner nevertheless welcomed the European Parliament’s insistence on proactive compliance monitoring of the functioning of the Privacy Shield. According to her statement, there is no doubt that the Privacy Shield could be and should be improved. The Commission will not hesitate to suspend the Privacy Shield if there are grounds to do so and commitments are not fulfilled. The European Commission expects the US authorities to fully focus on the day-to-day operation of the Privacy Shield.
As per the statement by Commissioner Jourova, open issues on the second annual review, including the US commitment to finding a solution on the Ombudsman, are expected to be resolved by 18 October 2018, the end of the second annual review process Under the relevant provisions of the GDPR (as under the prior directive), it is for the European Commission to assess and decide on the adequacy of the level of protection afforded by a third country.