The Privacy Shield continues to cause a stir. The agreement was intended to allow American companies deemed to have a sufficient level of data protection to transfer personal data from the European Union to the United States. Members of the European Parliament have now called for the legislation to be suspended on the grounds that it does not go far enough to protect EU citizens. The deadline to comply is September 1, 2018.

The agreement between the EU and the US took effect in July 2016. The aim was to ensure uniform protection for EU citizens on both sides of the Atlantic. Yet, the European Parliament Committee on Civil Liberties, Justice and Home Affairs (LIBE) argues that, “the Privacy Shield in its current form does not provide the adequate level of protection required by EU data protection law and the EU Charter”. LIBE is therefore demanding that the United States comply with the terms of the agreement.

MEPs call for better supervision of the agreement

In a press release dated June 12, 2018, the committee expressed its dissatisfaction with the situation. In the wake of data breaches committed by Facebook and Cambridge Analytica, MEPs reiterated the need to improve the way the execution of the agreement is overseen. After all, both companies were certified under the Privacy Shield.

MEPs have demanded that the US take the necessary steps since the scandal involving the US giant and the data collection and processing company was uncovered. They are also proposing that American authorities remove companies that have misused personal data from the Privacy Shield list.

Concerns surrounding the Cloud Act

There are more reasons behind the Civil Liberties Committee’s demands. The recent adoption of the Cloud Act, which seeks to clarify the lawful use of data abroad, is also causing an uproar. The American legislation grants police in the US and other countries the right to access personal data outside of their own borders.

The LIBE Committee today [June 11] adopted a clear position on the EU-US Privacy Shield agreement,” announced Claude Moraes, MEP and Chair of the Civil Liberties Committee. “It is up to the US authorities to effectively follow the terms of the agreement and for the European Commission to take measures to ensure that it will fully comply with the GDPR.”

Europe issues an ultimatum

On July 5, 2018, Members of the European Parliament adopted a resolution tabled by Claude Moraes in a plenary meeting. It calls for the Privacy Shield to be suspended if the United States fails to comply with EU law by September 1. “The law is clear and, as set out in the GDPR, if the agreement is not adequate, and if the US authorities fail to comply with its terms, then it must be suspended until they do,” the Chair of the Civil Liberties Committee stated.

However, the resolution is not binding and carries no legal weight. Only the European Court of Justice (ECJ) and European Commission have the power to suspend the Privacy Shield.