European parliament calls for suspension of EU-US Privacy Shield

The European Parliament passed a nonbinding resolution calling on the European Commission to suspend the EU-US Privacy Shield unless the United States becomes fully compliant with EU data protection laws by September 1, 2018. 

The Privacy Shield is an arrangement between the authorities in the US and the EU, enabling US companies who certify to the Privacy Shield framework to receive personal data from EU countries, for processing and handling in the US. The European Parliament’s resolution indicates that the current arrangement does not provide the adequate level of protection required by EU data protection laws. The resolution seeks to make sure that US companies fully comply with EU data protection laws, with no “loopholes or competitive advantage for US companies”. 

The resolution echoed recent revelations regarding the practices of Facebook and Cambridge Analytica, which highlighted the need for better monitoring of the arrangement, given that both companies are certified under the Privacy Shield. The resolution expects US authorities to remove companies that have misused personal data from the Privacy Shield list, where appropriate. It also encourages EU authorities to investigate such misuse and if appropriate, suspend data transfers under the Privacy Shield