Privacy Shield is the deal between the EU and the US that is supposed to safeguard all personal data on EU citizens held on computer systems in the US from being subject to mass surveillance by the US National Security Agency (NSA). The data can refer to any transaction — web purchases, cars or clothing — involving an EU citizen whose data is held on US servers.
However, members of the EU Civil Liberties, Justice and Home Affairs Committee (LIBE), said that the agreement — although signed July 2016 — still does not give watertight guarantees that EU citizens' data will not be compromised or be gathered by US intelligence agencies as "bulk data."
LIBE's latest report — adopted by the EU Parliament, April 6, made clear MEPs's concerns about recent changes in US legislation by the Trump administration that makes it possible for private companies to purchase individuals' browsing histories without their explicit consent.
The report calls for the Commission to look at the possible implications this has for EU citizens in its review of the whole agreement.
"The direction that the Trump administration is taking on data protection issues is very concerning. The European Commission needs to look urgently at the effect of the reversal of an Obama era law that prevents selling users' data without their explicit consent. This must be part of a wide review of the privacy shield agreement to ensure that EU citizens' data is effectively protected and that the US is keeping up its side of the bargain," said Socialists and Democrats (S&D) MEP and chair of LIBE, Claude Moraes.
Adoption of the motion resolution on the adequacy of the protection afforded by the EU-US #PrivacyShield #EPlenary https://t.co/Iw68W9v4gM pic.twitter.com/0JSQmEdtKE
— Sébastien Duplan (@sebastienduplan) April 6, 2017
"There are still large concerns over the legality and effectiveness of the privacy shield agreement. This uncertainty is damaging for everyone involved — companies cannot take decisions if they are unsure about the foundations they are building on," S&D spokesperson for Civil Liberties, Justice and Home Affairs, Birgit Sippel, said.
"They can have my data. I have nothing to hide."? Popular misconception! See why high #dataprotection standards matter. @TheProgressives TS pic.twitter.com/L5yJfwnqn9
— Birgit Sippel MEP (@BirgitSippelMEP) 21 February 2017
The report said that it still remains unclear whether Privacy Shield prevents mass surveillance — which ultimately led to the downfall of the previous Safe Harbor agreement, which the European Court of Justice ruled, October 2015, was invalid. The issue arises from the strict EU laws — enshrined in the Charter of Fundamental Rights of the European Union — to the privacy of their personal data.
Facebook Case
The case arose when Maximillian Schrems, a Facebook user, lodged a complaint with the Irish Data Protection Commissioner, arguing that — in the light of the revelations by ex-CIA contractor Edward Snowden of mass surveillance by the NSA — the transfer of data from Facebook's Irish subsidiary onto the company's servers in the US do not provide sufficient protection of his personal data.
The court ruled that: "the Safe Harbor Decision denies the national supervisory authorities their powers where a person calls into question whether the decision is compatible with the protection of the privacy and of the fundamental rights and freedoms of individuals."