EU Parliament, PR, Ref.: 20180611IPR05527, 12 June 2018

EU-US Privacy Shield data exchange deal: US must comply by 1 September according to LIBE-Committee

On 12 June 2018 The Civil Liberties (LIBE) Committee of the European Parliament called on the Commission to suspend the EU-US Privacy Shield since it fails to provide enough data protection for EU citizens. The resolution of the LIBE-Committee was passed by 29 votes to 25, with 3 abstentions; and the full European Parliament is expected to vote on the text in July. The LIBE Committee suggests that the data exchange deal should be suspended unless the US complies with it by 1 September 2018 adding that the deal should remain suspended until the US authorities comply with its terms in full.

Data Breaches And The Privacy Shield

Following the Facebook-Cambridge Analytica data breach, the LIBE Committee emphasizes the need for better monitoring of the agreement, given that both companies are certified under the Privacy Shield.

The LIBE Committee calls on the US authorities to act upon such revelations without delay and if needed, to remove companies that have misused personal data from the Privacy Shield list. In the view of the LIBE Committee, EU authorities should also investigate such cases and if appropriate, suspend or ban data transfers under the Privacy Shield.

Concern Over U.S. CLOUD Act

The LIBE Committee is also worried about the recent adoption of the Clarifying Lawful Overseas Use of Data Act (CLOUD Act), a US law that grants the US and foreign police access to personal data across borders.

The LIBE Committee points out that the US law could have serious implications for the EU and it could conflict EU data protection laws.

 An in-depth analysis of the relationship between the U.S. CLOUD Act and the EU GDPR is provided by Prof. Lothar Determann/Dr. Michaela Nebel in CR 6/2018, 408-412 (in German).


LIBE Committee Chair and rapporteur Claude Moraes (S&D, UK) said:

"The LIBE committee today adopted a clear position on the EU US Privacy Shield agreement. While progress has been made to improve on the Safe Harbor agreement, the Privacy Shield in its current form does not provide the adequate level of protection required by EU data protection law and the EU Charter. It is therefore up to the US authorities to effectively follow the terms of the agreement and for the Commission to take measures to ensure that it will fully comply with the GDPR."


The Privacy Shield is an agreement between the US and the EU allowing US companies considered to have an adequate level of data protection to transfer personal data from EU to the US.

The EU-US Privacy Shield is the successor to the 2000 Safe Harbour framework, which was invalidated by an EU Court of Justice ruling from October 2015 that did not consider the agreement strict enough on data protection for EU citizens. The EU Commission responded by negotiating the new Privacy Shield arrangement to ensure “adequate” protection of personal data transferred and stored by companies in the US.

This new framework for EU-US data transfers was adopted in July 2016.

EU Parliament, "EU-US Privacy Shield data exchange deal: US must comply by 1 September, say MEPs", PM Ref.: 20180611IPR05527, 12 June 2018

EU Commission, Parliament and Council, "Report on the first annual review of the functioning of the EU–U.S. Privacy Shield", 18 October 2017

Verlag Dr. Otto Schmidt vom 12.06.2018 14:13

zurück zur vorherigen Seite

Test subscription


Computer Law Review International

Subscribe now to CRi and secure the advantages of legal comparison for your practice: state-of-the-art approaches and solutions from other jurisdictions – every second month, six times a year.

Print (ordering option in German)

eJournal as PDF at De Gruyter