The European Parliament’s Committee on Civil Liberties (LIBE) adopted, on Tuesday 20 April, a draft report calling on the European Commission to issue clear guidelines on the transfer of personal data to the United States.
The 53 MEPs who voted in favour of this clarification (1 vote against and 12 abstentions) believe that the EU should not conclude any new adequacy decisions with non-Member States without taking into account the implications of previous rulings of the Court of Justice of the European Union (CJEU).
The Commission has ruled twice in the past - in October 2015 with the Safe Harbour scheme (see EUROPE 11407/2), then in July 2020 with the Privacy Shield scheme (see EUROPE 12529/2) - that the personal data transfer regimes between the EU and the United States were not compliant with the General Data Protection Regulation (GDPR), thus invalidating previous Commission decisions.
“The Parliament demands that when the Commission negotiates any new personal data transfer agreements with the US, it ensures compliance with GDPR and every aspect of the CJEU rulings”, summarised rapporteur Juan Fernando López Aguilar (S&D, Spain) in a statement.
In addition, LIBE Committee MEPs also point the finger at the various national data protection authorities - led by the Irish DPC - which, according to MEPs, have failed to take meaningful remedial decisions.
The draft non-legislative resolution will be debated and voted on at a forthcoming plenary session of the Parliament. (Original version in French by Thomas Mangin)