The European Committee for Data Protection (ECPD) has expressed concern about the European Commission’s (EC) draft proposal to regulate the transfer of personal data collected by US companies in Europe, and has asked the EC for clarification.
The National Commission for Data Protection (CNPD), one of the members of the CEPD, highlights in your site the “New stage in data transfers to the United States”, thus announcing the CEPD opinion, approved this Tuesday, on the European Commission’s proposal for “a decision on adequacy of the level” of data protection offered by the Data Privacy Framework (DPF), which focuses on commercial aspects, access to data and further use by US public authorities.
The CEPD recognizes, in the opinion, improvements introduced in the US legal framework regarding the principles of necessity and proportionality of data collection by US intelligence services and regarding the appeal mechanism for EU data subjects.
But it expresses concerns, and requests clarifications from the European Commission, about the “exercise of the rights of the holders, the subsequent transfers of data, the scope of the derogations, the temporary collection of data and the practical functioning” of the appeal mechanism. “The CEPD also considers that there are insufficiencies with regard to independent monitoring”, informs the CNPD, in the site.
The DPF replaces the Privacy Shield framework (privacy shield, in English), which in turn replaced the safe harborwith both adequacy decisions of the European Commission having been invalidated by the Court of Justice of the European Union, respectively, in the cases known as “Schrems II” and “Schrems I”.
The European proposal to regulate the transfer of personal data from Europe to the United States comes after, a year ago, in March 2022, on a visit to Europe by US President Joe Biden, he announced the preliminary agreement for a new platform for data processing. Months later, in December last year, the European Commission, after analyzing the document, said it was satisfied with the safeguards given by the United States for these data transfers.
The CEPD was heard this Wednesday at the European Parliament (EP), in the LIBE Committee, on the European Commission’s proposal for an implementing decision, presented last December, under the General Data Protection Regulation (GDPR), on the adequacy of the data protection level of the Data Privacy Framework between the EU and the US, according to information made available on site of EP.