The MEPs of the committee on civil liberties of the European Parliament have diverging views on the progress reported in the application of the transatlantic data protection mechanism, Privacy Shield. This Thursday 12 April, these differences of opinion were visible during the examination of a draft resolution on the adequacy of the data protection the mechanism offers.
Overall, the draft resolution urges the Commission and the American authorities to resume discussions on the Privacy Shield and to set in place an action plan to remedy the shortcomings identified as quickly as possible.
It refers to several issues, such as the fact that no appointments have yet been made to the US Privacy and Civil Liberties Oversight Board or of a permanent ombudsman, or on the re-authorisation by Congress of section 702 on the American Foreign Intelligence Surveillance Act (FISA).
In one corner, there are optimists who consider that plenty of progress has been made. Daniel Dalton (ECR, UK), for instance, welcomed the Commission's first evaluation report (see EUROPE 11887), which concluded that the mechanism continued to offer an adequate level of data protection.
Axel Voss (EPP, Germany) considers that the draft resolution is too negative. “We have still managed to create something that goes in the right direction”, he said. He called for things to be put into perspective rather than simply dwelling on the first problems to arise. “It might not be a miracle solution from day one, but it will get better and better”, he concluded.
In the opposite corner, there are those who consider that progress is still unsatisfactory. Sophie in't Veld (ALDE, Netherlands) considers that the draft resolution is not critical enough of either the design of the mechanism or its implementation. “How many more resolutions will it take?”, she asked.
“Maybe we were not reading the same report”, said Cornelia Ernst (GUE/NGL, Germany), directed at the more optimistic members, stressing the shortcomings and lack of protection.
The crowd is also split over the tone of that should be taken. In't Veld argues that it is quite simply inappropriate, when an agreement is in place, to “ask the other party nicely whether they would be so kind as to consider sticking to it”. If the other side had not been the United States, the EU would not be as “gentle”, Ernst added.
Facebook's involvement in the Cambridge Analytica scandal (see EUROPE 11999) was also on everybody's mind. The resolution refers to recent revelations of the abusive use of personal data by Privacy Shield-certified companies such as Facebook and Cambridge Analytica and invites the American authorities to act without delay, withdrawing the certifications if necessary.
On Wednesday, the European Commissioner for Justice, Vera Jourova, reiterated that this abuse had taken place before the company had received Privacy Shield certification.
Voss considers that the Facebook effect is one of the reasons for the pessimism running through the resolution. “There may always be cases like that. No legislation can protect us from all abuse, just as criminal law does not prevent crimes, and no data protection legislation will completely prevent data theft”, he said.
The political groups have until 23 April to table amendments to this draft resolution. (Original version in French by Marion Fontana)