The new “Privacy Shield” framework on EU-US transfers of personal data by private firms, which is to replace the former “Safe Harbour” one, will be debated by Civil Liberties Committee MEPs in a hearing on Thursday afternoon. Austrian citizen Max Schrems, whose court case against facebook led to Safe Harbour’s downfall, the US lead negotiator, the EU Data Protection Supervisor, representatives from the Article 29 Working Party, the European Commission and others will all be quizzed on the deal.
The Civil Liberties Committee hearing is meant to help MEPs monitoring the operation of the new Privacy Shield framework and assessing whether it does indeed provide adequate data protection for EU citizens. Some MEPs have already voiced concerns over the new agreement. The European Parliament must give its opinion before the Commission can adopt an “adequacy decision” declaring that the framework offer a sufficient level of data protection, as a prerequisite for the deal to enter into force.
Time: Thursday 17 March, 15.00 – 18.30 Room: József Antall 6Q2. Follow the hearing via webstreaming on EP live.
Note for editors
Given that the European Court of Justice ruling of 6 October 2015 in the case brought by Max Schrems against Facebook, effectively killed off Safe Harbour, a new framework for EU-US data transfers were urgently needed to ensure clarity for businesses and adequate data protection standards for citizens. National data protection authorities set an end of January 2016 deadline for the Commission to finalise negotiations with the US.
The new Privacy Shield deal was announced by the EU Commission and the US Department of Commerce on 2 February 2016. On 29 February, the Commission published a communication and the texts that will constitute the Privacy Shield. The Commission is expected to adopt its decision declaring the adequate level of data protection after having consulted the Article 29 Working Party, the European Data Protection Supervisor and obtained the Opinion of the Committee as established by Article 31 of the 1995 data protection directive (Directive 95/46/EC).