EU Parliament: US Must Reform Surveillance Laws To Pave Way For Data Transfers

Fox Rothschild LLP

Fox Rothschild LLP

The European Parliament is urging the United States to reform its surveillance laws to pave the way for transfers of personal data between the European Union and the U.S.

"For data controllers that fall within the scope of the U.S. Foreign Intelligence Surveillance Act (FISA), a transfer of personal data from the Union is not possible under [the] SCCs, due to the high risk of mass surveillance; only a comprehensive reform of surveillances practices in the U.S. can sustainably address this problem and provide legal certainty to businesses and data subjects," said the European Parliament Committee on Civil Liberties, Justice and Home Affairs in a draft Schrems II resolution.

The draft resolution makes clear that no solution is possible, not even a comprehensive U.S. federal data protection law, without the revision of the U.S. surveillance laws. It also urges caution regarding a possible "Privacy Shield 2.0" arrangement and warns the UK and other states currently enjoying an adequacy declaration.

About the US

  • Neither the California Consumer Privacy Act (CCPA) in the U.S nor any of the federal proposals so far meet the requirements of the General Data Protection Regulation (GDPR) for an adequate level of protection. The U.S. should adopt a national-level strong comprehensive federal data protection and privacy act that meets those requirements.
  • Such consumer data protection and privacy legislation will not by itself remedy the fundamental issues found by the court on mass surveillance by U.S. intelligence services and the insufficient access to remedy.
  • The U.S. should reconsider modifications to section 702 of the FISA Act, Executive Order 12333 and Presidential Policy Directive 28, particularly with regard to granting the same level of protection between EU and U.S. citizens.
  • The European Commission (EC) should take all the necessary measures to ensure that any further arrangement with the U.S. fully complies with GDPR, with the EU Charter, and every aspect of the European Court of Justice (ECJ) judgement.
  • The EC should not adopt any new adequacy decision in relation to the U.S., unless meaningful reforms in laws and practices in the area of access to information by public authorities are introduced, in particular for national security and intelligence purposes.

About Schrems II Supplemental Measures

  • The EC should publish further guidance on international data transfers for companies, in particular for Small and Mid-sized Enterprises (SMEs), including on the additional safeguards required for transfers using Standard Contractual Clauses (SCCs).
  • EC should take into account all relevant recommendations re: the new SCCs.
  • There should be a toolbox of supplementary measures, e.g. security certification and encryption safeguards, that are accepted by regulators.
  • EU SMEs have limited bargaining power and legal capacity to conduct transfer assessment. The EC and European Data Protection Board should thoroughly examine the necessity and feasibility of any required supplementary measures, especially for SMEs.

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Fox Rothschild LLP | Attorney Advertising

Written by:

Fox Rothschild LLP

Fox Rothschild LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.