Photo by Markus Spiske on Unsplash
en
string(2) "78"
Press release |

The Commission must ensure EU citizens' personal data is protected

UK

Today and tomorrow, the European Parliament will vote on two resolutions strongly urging the Commission to act to protect the personal data of EU citizens. On 19 February 2021, the Commission presented two draft implementing acts that would give the UK “adequacy” status under EU data protection law. Due to on-going mass surveillance practices and the lack of enforcement of data protection legislation in the UK, the Commission should not provide an adequacy status to the UK. The Schrems II judgement at the CJEU in July 2020 declared the Commission’s Privacy Shield Decision invalid, due to mass surveillance issues. Without significant changes, it is clear that there can be no privileged data transfers from the EU to the US, nor can a new adequacy decision be given. The European Parliament also calls on the Commission to start infringement procedures against Ireland for not properly enforcing the GDPR.

Gwendoline Delbos-Corfield MEP, Greens/EFA shadow in the LIBE Committee, comments:

“It’s wrong of the Commission to consider giving UK adequacy status when we know the UK does not have an equivalent level of protection. The UK government is using mass surveillance practices, and continuing transfers of data to the UK also poses the very real potential threat that it could be transferred on to third countries who do not have an adequate protection of personal data. We have to learn from the previous two mistakes in which adequacy decisions were given to the US and then invalided by the courts.

“We need both certainty for citizens and businesses, and to prioritise the protection of fundamental rights. Any adequacy decisions given to the UK next month will likely be struck down by the CJEU in the years to come and will therefore not lead to more stability for citizens and businesses in the long run.”

“Following the revelations by whistleblower Edward Snowden in 2013, the courts have time and again ruled against mass surveillance. The Commission should not have ignored these rulings. Five years after the GDPR entered into force, it is high time the Irish DPC started enforcing it properly. It is for this reason we are also calling upon the Commission to start infringement procedures against Ireland."

"These resolutions today send a strong signal to the Commission. This Parliament will continue to stand up for data protection as a fundamental right and will not bow to the Commission's pressure to water down criticism of the UK's approach to data protection."

More:
From 1st July on, the UK will be considered a third country under data protection law. This means transfers of personal data to the UK have to meet the conditions of Chapter V of the General Data Protection Regulation (GDPR). On 19 February 2021, the Commission presented two draft implementing acts that would give the UK an  “adequacy” status under EU data protection law. The final decisions are to be adopted by early June 2021.  On 13 April 2021, the European Data Protection Board (EDPB) issued its opinions. While not clearly calling for non-adoption, the opinions call for further clarifications on several key points.
In the "Schrems II" judgment (Case C-311/18d), the Court of Justice invalidated the so-called "Privacy Shield", a Commission decision (2016/1250) on the adequacy of the level of data protection in the US, which allowed for easy transfers of personal data to the United States. This is the second time the Court has found the level of protection in the US is not "essentially equivalent", as required by the General Data Protection Regulation (GDPR, 2016/679). The court also confirmed that the European data protection authorities are required to suspend or prohibit a transfer of personal data to a third country where the standard data protection clauses are not or cannot be complied with in that country, where the data exporter established in the EU has not itself suspended or put an end to such a transfer. With regards to this the European Parliament calls on the Commission to start infringement procedures against Ireland for not properly enforcing the GDPR.

Recommended

News
© European Union 2017 - Source : EP
Picture of the European Parliament - Strasbourg
Press release
Photo by Mathurin NAPOLY / matnapo via Unsplash
Photo by Mathurin NAPOLY / matnapo via Unsplash
News
European Parliament building in Strasbourg / © European Union 2019 / Architecture-Studio
European Parliament building in Strasbourg / © European Union 2019 / Architecture-Studio

Responsible MEPs

Gwendoline Delbos-Corfield
Gwendoline Delbos-Corfield
Member

Please share