Members of the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE) discussed, on Tuesday 9 November, the findings of a study on exchanges of personal data following the Schrems II judgment by the Court of Justice of the European Union (CJEU) on 16 July 2020 (see EUROPE 12529/2). The decision invalidated the EU-US Privacy Shield, finding that US surveillance programmes were not sufficiently robust to provide sufficient security for non-US citizens.
The study, carried out by thee European Parliament’s Policy Department for Citizens’ Rights and Constitutional Affairs, stresses in particular the remaining differences between the European rules and those in force in the United States, which are considered “more permissive”.
In addition, the paper calls on the European Union - led by the Parliament - to “defend the Rule of law” on data protection, and suggests that the EU should work on a treaty with the ‘Group of Five’, consisting of the US, Canada, Australia, the UK and New Zealand.
Some MEPs also returned to the issue of stopping data transfers until the adequacy of data processing is achieved.
“The European Commission must assume its geopolitical ambitions. The interruption of the data flow would be a disaster for us, but also for the Americans. Negotiations must be conducted on an equal footing, with European law as the basis: You want data exchange with us, you have to adapt your law”, commented Sophie in ‘t Veld (Renew Europe, Netherlands).
Auto-certification
Several MEPs of the Parliament’s LIBE Committee also expressed reservations about one of the approaches proposed by the study, based on a self-certification system in which a US company signing up would have to comply with all aspects of the General Data Protection Regulation (GDPR).
“This system should apply to all the standards of the GDPR rather than to a selection of documents that vaguely represent European standards”, said Professor Douwe Korrf who participated in the study.
This is not entirely reassuring for all MEPs, some of whom worry about a repeat of the problems encountered with the Privacy Shield, which was invalidated by the CJEU.
“I don’t quite understand how we can see improvements. Are the Americans ready to do it or are we talking to walls?”, asked Cornelia Ernst (The Left, Germany).
“How can we prevent this scheme from being misused, as was the case with Cambridge Analytica? The Americans must reform their surveillance system, otherwise any successor to the shield will not be worth the paper it was written on”, concluded Birgit Sippel (S&D, Germany). See the study: https://bit.ly/30bHj5u (Original version in French by Thomas Mangin)