The European Union data protection watchdog welcomed with reservations the new Data Privacy Framework.
The draft legal framework would establish transatlantic data flows between the U.S. and European Union, a long sought-after deal.
The European Data Protection Board (EDPB) had expressed concerns about a European Commission draft decision that could pave the way for a new data transfer pact with the United States, saying more should be done to protect Europeans’ privacy rights.
The non-binding opinion comes after the Commission issued a draft decision in December saying U.S. safeguards against American intelligence activities were strong enough to address EU data privacy concerns.
The EDPB said its worries focus on certain rights of data subjects, onward transfers, the scope of exemptions, temporary bulk collection of data, and the practical functioning of the redress mechanism.
“While we acknowledge that the improvements brought to the U.S. legal framework are significant, we recommend addressing the concerns expressed and providing clarifications requested to ensure the adequacy decision will endure,” said the EDPB Chair Andrea Jelinek in a statement.
The EDPB also called on the commission to put in more safeguards to ensure the independence of a proposed Data Protection Review Court and provide more clarity on the temporary bulk collection, retention, and dissemination of such data.
It voiced concerns about the lack of a requirement of prior authorization by an independent authority for the collection of data in bulk and the lack of systematic independent review ex-post by a court or an equivalently independent body.
Although not legally binding, the Board’s opinion could be highly influential as the Data Privacy Framework could be challenged in court. It was already previously challenged twice.
Both the U.S. and EU have struggled to come up with a new data transfer pact after the top court in Europe threw out the two previous accords. The last two were thrown out over concerns about U.S. intelligence agencies accessing Europeans’ private data.
Be the first to comment