The European Parliament's Committee on Civil Liberties, Justice and Home Affairs (LIBE) has advised against signing the proposed US data-transfer pact despite an agreement in principle, on the basis of the adequacy of protection.
EU president Ursula von der Leyen and US president Joe Biden had previously reached an agreement on how data transfer should take place between the US and the EU’s member states in an effort to remain compliant with pre-existing protections, like General Data Protection Regulation (GDPR).
Despite this, LIBE says that the Data Privacy Framework (DPF) doesn’t quite meet the strict standards of the GDPR, and that its progression should be halted until “meaningful reforms were introduced”.
TechRadar Pro needs you! (opens in new tab)
We want to build a better website for our readers, and we need your help! You can do your bit by filling out our survey (opens in new tab) and telling us your opinions and views about the tech industry in 2023. It will only take a few minutes and all your answers will be anonymous and confidential. Thank you again for helping us make TechRadar Pro even better.
D. Athow, Managing Editor
EU-US Data Privacy Framework
LIBE explains in its draft motion for a resolution (opens in new tab) that the DPF:
“...Fails to create actual equivalence in the level of protection; [and that it] calls on the Commission to continue negotiations with its US counterparts with the aim of creating a mechanism that would ensure such equivalence and which would provide the adequate level of protection required by Union data protection law and the Charter as interpreted by the [European Court of Justice]”.
It’s also noted that the US does not have a federal law in terms of data protection and that the executive order can be amended at any point by the US president: either Joe Biden or his successor.
> The best secure file transfer solutions (opens in new tab)
> EU reveals its draft decision on replacement US data transfer deal (opens in new tab)
> ADPPA vs GDPR: how does the proposed US law compare to EU privacy standards? (opens in new tab)
Among other findings, the order does not cover data accessed by public authorities via other means, nor does it apply to commercial data purchases or voluntary data sharing agreements.
Whatever format the DPF agreement takes, EU-based companies will be able to share personal data with US companies without needing to consider additional safeguarding measures. However, the precise format of that DPR looks to be a few steps away from being finalized just yet, meaning transatlantic businesses will have to wait even longer.
- These are the best privacy tools and anonymous browsers