Friday

24th Sep 2021

MEPs: 'Mass surveillance' still possible under US privacy deal

  • Facebook, a signatory to the Privacy Shield, confirmed that 2.7m European citizens’ profiles were among those improperly used in the Cambridge Analytica scandal (Photo: Ann Wuyts)

A delegation of MEPs from the parliament's civil liberties committee (LIBE) have voiced their concerns over the remaining "deficiencies" of the EU-US 'privacy shield' framework, after examining the data agreement with American authorities last week.

In 2016, the EU and the US adopted an agreement to share personal data for commercial purposes, under certain conditions.

Read and decide

Join EUobserver today

Become an expert on Europe

Get instant access to all articles — and 20 years of archives. 14-day free trial.

... or subscribe as a group

However, this deal has repeatedly received criticism from civil society and MEPs, who believe European citizens' rights might be not fully protected.

"We have raised our concerns with US authorities regarding the remaining deficiencies with the EU-US privacy shield," said the chair of LIBE and head of the delegation, MEP Juan Fernando López Aguilar.

"More needs to be done to provide the adequate level of data protection for EU citizens," he warned.

Last October, the European Commission gave the greenlight to the agreement in its third annual review, while ensuring that it was necessary to have a mechanism in place to protect EU citizens when their data was transferred to the US.

However, the majority of MEPs who travelled to the US (23-28 February) to assess the state of play of deal remain sceptical.

"Every review that was undertaken by the commission since 2017 revealed serious deficiencies. Despite some improvements in certain areas the main questions have not been solved, for example how to protect EU citizens from mass surveillance," said socialist MEP Birgit Sippel.

"Any EU decision has to protect the essence of the right to the protection of personal data and privacy, but I have serious doubts that this is the case for the shield," she added.

Calls for suspension

In June 2018, the parliament called on the commission to suspend the EU-US data transfer pact - something that might happen due to the so-called "Schrems II" and "La Quadrature de Net" ongoing cases before the European Court of Justice.

According to German MEP Patrick Breyer (Greens/EFA), the EU-US privacy shield does not provide adequate protection for EU citizens because "it does not even attempt to prevent mass surveillance".

Similarly, the socialist MEP Marina Kaljurand believes that there are still "significant legal questions" about this agreement, including the risk of bulk data collection, the safety of onward transfers to third countries or the lack of having an effective "judicial remedy."

Kaljurand also said that there have been some positive steps since 2018, which include the appointment of the ombudsperson and an increase in random checks.

However, the European Data Protection Board does not consider the 'ombudsperson mechanism' to be equal to an effective judicial remedy, an open question to be answered by the Court of Justice of the European Union. (EUCJ)

"One part is crystal clear. We - the EU and the US - need an effective and efficient mechanism for the exchange of personal data based on international law and GDPR," Kaljurand told EUobserver.

Cambridge Analytica example

In 2018, it was reported how Facebook profiles were harvested by London-based elections consultancy Cambridge Analytica without users' consent and used for political advertising.

Facebook, a signatory to the privacy shield, confirmed that 2.7m European citizens' profiles were among those improperly used by Cambridge Analytica.

The same year, the parliament approved a resolution which stressed that the Cambridge Analytica scandal "highlights the need for proactive oversight and enforcement actions with systematic checks of the practical compliance of privacy policies with the privacy shield principles".

Following Facebook's non-compliance with the privacy shield, the delegation of MEPs who recently assessed the agreement regretted that the EU did not impose a fine on Facebook.

According to Estelle Massé from NGO Access Now, "by maintaining the privacy shield, the commission weakens Europe's data protection framework and risks undermining its global leadership role in advancing human rights".

Privacy Shield less relevant given GDPR, says data chief

Giovanni Buttarelli, the European data protection supervisor, says the EU-US data sharing pact known as Privacy Shield will play an increasingly minor role given the general data protection regulation.

Will US privacy-lite hollow out GDPR?

Some say GDPR is the most developed data protection law in the world, but the US has opted for a very different approach - a "voluntary tool" based on privacy risk management.

Stakeholders' Highlights

  1. Nordic Council of MinistersNATO Secretary General guest at the Session of the Nordic Council
  2. Nordic Council of MinistersCan you love whoever you want in care homes?
  3. Nordic Council of MinistersNineteen demands by Nordic young people to save biodiversity
  4. Nordic Council of MinistersSustainable public procurement is an effective way to achieve global goals
  5. Nordic Council of MinistersNordic Council enters into formal relations with European Parliament
  6. Nordic Council of MinistersWomen more active in violent extremist circles than first assumed

Latest News

  1. Activists: 'More deaths' expected on Polish-Belarus border
  2. EU unveils common charger plan - forcing Apple redesign
  3. Central Europe leaders rail against 'new liberal woke virus'
  4. Yemen's refugees in 'appalling conditions', says UN agency
  5. VW emissions software was illegal, top EU lawyer says
  6. Sexism and the selection of the European Parliament president
  7. More French names linked to Russia election-monitoring
  8. Negotiations set for new, tougher, EU ethics body

Join EUobserver

Support quality EU news

Join us