EU Lawmakers Balk at EC Data Transfer Adequacy Decision

EU lawmakers oppose the proposed EU-U.S. Data Privacy Framework, they said in a resolution Thursday. The draft decision is an improvement, but it doesn't provide enough safeguards for trans-Atlantic data flows, and the European Commission shouldn't give the U.S. an adequacy decision finding that it offers the same level of personal data protection as the EU, they said. Lawmakers noted the proposal still allows bulk collection of personal data in some cases, doesn't make such collection subject to independent prior authorization and fails to provide clear rules on data retention. The scheme creates a data protection review court to provide redress to EU citizens whose data has been misused, but the court's decisions would be secret, violating citizens' right to access and correct data about themselves. Moreover, since the president could dismiss the judges and overturn court decisions, the court wouldn't be independent, they said. A data transfer regime must be future-proof, and the assessment of adequacy must be based on the practical implementation of rules, parliament said: With the U.S. intelligence community still in the process of updating its practices based on the framework, gauging its impact on the ground isn't possible. The resolution urged the EC to deny an adequacy decision and "instead negotiate a data transfer framework that is likely to be held up in court." The EC floated the proposed adequacy decision in December, saying the U.S. now ensures an adequate level of personal data protection (see 2212130040). In April, the European Data Protection Supervisor praised the U.S. for taking a strong, new approach to safeguarding Europeans' personal data ((see 2304270007).