On Thursday 20 May, MEPs adopted (541 votes in favour, 1 against, 151 abstentions) a resolution calling on the European Commission to publish clear guidelines for compliance with the transfer of personal data to the United States.
In recent opinions, the Court of Justice of the European Union has found that the transfer of data across the Atlantic was incompatible with the General Data Protection Regulation (GDPR).
MEPs also believe that the Commission should not conclude any new adequacy decisions with third countries without taking into account the Court’s rulings, and they argue - for the sake of autonomy - that the EU should develop its own data storage capacities.
“The Commission must not repeat the same mistakes in negotiating data transfer agreements with the US. We do not want to see a ‘Schrems III’ case”, said rapporteur Juan Fernando López Aguilar (S&D, Spain) after the vote. He was referring to the ‘Schrems I’ and ‘Schrems II’ judgments of the Court of Justice, which had ruled that the Safe Harbor (see EUROPE 11407/2) and Privacy Shield (see EUROPE 12529/2) arrangements for transferring data to the United States were not compliant with the GDPR.
Finally, MEPs expressed their disappointment that the Irish Data Protection Commission (DPC) chose to take Austrian lawyer Max Schrems (see EUROPE 12636/28) and Facebook to court instead of independently initiating enforcement proceedings based on the GDPR rules.
The long delays in processing by the CPD were also singled out by the European Parliament, which called on the Commission to launch infringement proceedings against Ireland for failing to effectively implement the GDPR.
See Parliament’s resolution: https://bit.ly/3hU250f (Original version in French by Thomas Mangin)