This week Claude Moraes leads a delegation of EU Parliament lawmakers to meet government figures in Washington DC and tech companies large and small in Silicon Valley. Transatlantic commercial data flows top the agenda. Lawmakers are concerned that that the proposed EU-US “Privacy Shield” agreement, which allows bulk collection of Europeans’ data, may not adequately protect citizens’ privacy and legal rights. The last “Safe Harbor” deal was struck down by the European Court of Justice. In this statement Mr. Moraes says the EU and US need to make sure the new deal guarantees privacy rights so that companies avoid an alternative complex, costly system of contract clauses and rules that many cannot afford.

Statement by Claude Moraes, Chair of the European Parliament civil liberties, justice and home affairs committee

"With several key agreements on data transfers expected to be agreed between the EU and the US in the coming months, this is a critical moment for the largest and most integrated economic relationship in the world.

This week, I will be leading a mission of the European Parliament lawmakers to Washington DC and Silicon Valley to meet with US government officials, Members of Congress, high-tech companies and start-ups. We will question US officials and key businesses on ongoing negotiations that have huge implications for the digital economy and the protection of EU citizens' personal data.

These prospective agreements include the EU-US “Privacy Shield” which seeks to replace the previous “Safe Harbor” agreement. While the European Commission intends to advocate the new arrangement, many serious issues have yet to be resolved. Our concerns include the fact that the agreement would continue to allow the bulk collection of European citizens' data by US authorities.

In addition, the new agreement may not provide sufficient judicial redress, and the proposed Ombudsman could lack effective independence and real powers of intervention to respond to complaints from EU citizens. This would mean that the agreement would not provide protection equivalent to EU data protection law and that it could be struck down by the European Court of Justice, as Safe Harbor was in October.

We are not alone in our concerns. These issues have been highlighted by the European data protection supervisor and the Article 29 Working Party, which issued an opinion on 13 April criticising the agreement for its lack of protection for EU citizens’ data from US government surveillance. The so-called "Article 31 Committee", which represents Member States have also expressed reservations. Their approval is required for the adoption of the agreement.

We will make it clear to our US counterparts that we want a strong Privacy Shield that upholds adequate data protection standards for European citizens while also strengthening our link with our US partners. It is not in anyone's interest that the Privacy Shield should fail, so we will do all we can to ensure a strong agreement is obtained that protects EU citizens' rights.

We want to ensure that the deal reached can reassure citizens that their data is safe when it is transferred to the US. At the moment the deal does not provide these guarantees. This could significantly affect small and medium-sized enterprises both in the EU and US that cannot afford alternative mechanisms (so-called standard contractual clauses and binding corporate rules, which are already in use by many companies after the ECJ's ruling).

The Privacy Shield has made several improvements over the Safe Harbor agreement however, one of which is the appointment of an Ombudsman to address EU citizens' complaints regarding the use of their data. We will meet the designated Ombudsman, Catherine Novelli, Under Secretary of the US State Department, giving us the chance to discuss concerns raised by national data protection authorities that the new office lacks the necessary independence.

Other highlights of the mission will include a meeting with Terrell McSweeny, Commissioner of the Federal Trade Commission, which will enable us to see exactly how the Privacy Shield will be enforced.

We will also meet with some of the key companies directly affected by these agreements, including big names like Facebook and Google, as well as growing start-ups and incubators like Plug and Play. So far, Microsoft has been one of the only companies to publically pledge that it will sign up to the Privacy Shield, so it will be important to hear any reservations other companies and start-us may have about the agreement.

Further to this, our mission will provide the opportunity to discuss other ongoing negotiations including the EU-US Umbrella Agreement, which would allow data to be transferred from the EU to the US for law enforcement purposes. There are concerns that this could override EU secondary legislation such as the data protection package, which was adopted by the European Parliament last month and which provides strict rules on the processing of Europeans' personal data by authorities.

The data protection package was a major achievement for the EU, giving citizens control over their own personal data, and ensuring that the European Union has some of the highest standards of data protection in the world. Safeguarding these rights from bulk surveillance remains a major concern, one which I highlighted in my follow up report on mass surveillance adopted by the Parliament in October 2015.

We must continue to uphold these rights and ensure that a strong agreement is reached that provides security for EU citizens' data. The mission of our committee will provide an excellent opportunity to ensure that this message is heard by negotiators and those affected by EU-US data transfer agreements."





