Privacy Shield should be suspended, say MEPs

Committee cites Cambridge Analytica scandal and CLOUD Act as obstacles

Privacy Shield, the agreement underpinning data transfers from Europe to America, must be suspended if the US does not fully meet its obligations come 1 September, MEPs voted last night.

The Civil Liberties (Libe) Committee's decision isn't binding, but puts pressure on the European Commission to ensure the data-transfer arrangement is being honoured by US authorities.

Drawn up to replace the abandoned Safe Harbor agreement in 2016 after that deal was brought down by a legal challenge, Privacy Shield now faces obstacles of its own.

Designed to extend EU-like data protection to European residents' data transferred to the US, now the Libe Committee believes the new agreement fails to provide that protection as well.

"While progress has been made to improve on the Safe Harbor agreement, the Privacy Shield in its current form does not provide the adequate level of protection required by EU data protection law and the EU Charter," said Libe Committee member Claude Moraes.

"It is therefore up to the US authorities to effectively follow the terms of the agreement and for the Commission to take measures to ensure that it will fully comply with the GDPR."

MEPs raised their concerns following the Cambridge Analytica scandal affecting Facebook, about which the social network's CEO, Mark Zuckerberg, gave evidence to the European Parliament recently.

While the incident pre-dates Privacy Shield, it was concerned about US authorities' ability to monitor US firms' compliance with the agreement, given both Cambridge Analytica's affiliate company, SCL Elections, and Facebook are both still listed on Privacy Shield.

SCL Elections still listed on Privacy Shield

MEPs also said they're concerned about a new US law called the CLOUD Act, which gives US authorities the right to access data stored in foreign locations, as long as the organisation storing it is American.

The Libe Committee said this could clash with EU law on data protection.

Picture: Bigstock

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Security best practices for PostgreSQL

Securing data with PostgreSQL

Download now

Transform your MSP business into a money-making machine

Benefits and challenges of a recurring revenue model

Download now

The care and feeding of cloud

How to support cloud infrastructure post-migration

Watch now

Recommended

The definitive guide to IT security
Whitepaper

The definitive guide to IT security

9 Apr 2021
Ubiquiti insider says the company downplayed the severity of a major breach
data breaches

Ubiquiti insider says the company downplayed the severity of a major breach

31 Mar 2021
Forex broker FBS leaves millions of customer records exposed
data breaches

Forex broker FBS leaves millions of customer records exposed

25 Mar 2021
Performance benchmark: PostgreSQL/ MongoDB
Whitepaper

Performance benchmark: PostgreSQL/ MongoDB

22 Mar 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
Data belonging to 500 million LinkedIn users found for sale on hacker marketplace
hacking

Data belonging to 500 million LinkedIn users found for sale on hacker marketplace

8 Apr 2021
Hackers are using fake messages to break into WhatsApp accounts
instant messaging (IM)

Hackers are using fake messages to break into WhatsApp accounts

8 Apr 2021