- LIBE recommends denying the adequacy of the Privacy Shield by a narrow majority.
- Lack of rules on automated decision-making, right to object and application to data processors.
- Concerns about possible mass surveillance in the name of national security.
- Inadequate effective remedies and lack of independence of the US Ombudsman mechanism.
The LIBE, the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs, voted last Thursday by 29 votes to 25 (with one abstention) to deny adequacy to the Privacy Shield, the successor to the Safe Harbor agreement (Media release). The European Parliament is expected to decide on this in April.
In doing so, the LIBE noted the following concerns:
Among the remaining concerns that MEPs list are:
- the lack of specific rules on automated decision-making or the general right to object, and the lack of clear principles on how the Privacy Shield Principles apply to data processors,
- that “bulk surveillance” remain possible as regards national security and surveillance,
- that neither the Privacy Shield Principles nor letters from the US administration demonstrate the existence of effective judicial redress rights for individuals in the EU whose personal data are transferred to the US, and
- the Ombudsperson mechanism set up by the US Department of State is not sufficiently independent and is not vested with sufficient effective powers to carry out its duties.
MEPs also express alarm at recent revelations about surveillance activities conducted by a US electronic communications service provider at the request of the NSA and FBI as late as 2015, one year after the Presidential Policy Directive 28 was adopted, and insist that the Commission seeks full clarification from the US authorities.