Letter to European Parliament on Adequacy of protection afforded by the EU-U.S. Privacy Shield

Dear President Tajani,

I am writing to you on behalf of DIGITALEUROPE urging the European Parliament to vote against the proposed resolution on the “Adequacy of the protection afforded by the EU-U.S. Privacy Shield” set to be voted on tomorrow by the European Parliament. The draft resolution, as adopted by the LIBE Committee, contains a number of damaging statements that could seriously disrupt cross-border commerce and harm European businesses if approved in plenary.

As the voice of the digital technology industry in Europe, our members (both large and small) rely directly on the EU-U.S. Privacy Shield. The Privacy Shield allows our members to transfer personal data across the Atlantic in an efficient, secure and cost-effective manner.

The Privacy Shield does not just advance business interests, but also delivers strong protections for the personal data of European citizens. The Privacy Shield framework includes unprecedented assurances from the U.S. Government about access to Europeans’ data by national security authorities; new compliance supervision mechanisms; additional remediation measures; stronger sanctions for non-compliance; tightened rules for onward transfers of data; and the right for data subjects to complain to European data protection authorities.

Unfortunately, the proposed draft resolution fails to acknowledge the robust safeguards in the Privacy Shield Framework. Despite the European Parliament’s strong consensus on the value of the Privacy Shield in its resolution in May 2016, the draft resolution goes in the opposite direction and calls on the European Commission to either rewrite the Privacy Shield or to repeal it. The commitments underpinning the Privacy Shield framework have not been altered nor has there been a determinative finding of any kind, by any authority or court, that either U.S. or EU law has changed in such a way as to undermine the Privacy Shield. The Privacy Shield framework has not changed since it was last assessed by the European Parliament and as such there is no present need to revisit that resolution.

Moreover, the Privacy Shield framework envisages a comprehensive review mechanism to flag deficiencies. This mandatory annual review mechanism ensures that the European Commission and data protection authorities can police the functioning of the Privacy Shield over time, so that its protections remain up-to-date and effective. The first annual review is due to take place in September 2017. Until this report is completed it would be premature for the European Parliament to assess the Privacy Shield.

A premature judgement of the Privacy Shield will damage business operations and confidence across Europe. We urge the European Parliament to send a clear signal that Europe is open to trade with the nations that sit outside the Single Market – including the United States – instead of erecting new barriers to trade.

Yours sincerely,
Cecilia Bonefeld-Dahl
Director General