On May 11, 2023 the European Parliament adopted a resolution that deemed the EU-U.S. Data Privacy Framework to be inadequate in providing the protection demanded by EU data protection law. The resolution was backed by 306 votes in favor, 27 against and 231 abstaining. This motion was initiated as a response to February’s draft motion that called for the European Commission to not adopt an adequacy ruling based upon the Framework.
Despite the negotiation of the EU-U.S. Data Privacy Framework, Parliament expressed its concern about potential invalidation of the framework by the Court of Justice of European Union (CJEU) — causing further costs, disruption, and a lack of legal certainty for European citizens and businesses.
Further demands include effective judicial redress to guarantee privilege and surveillance rights on par with those of U.S. citizens. Parliament calls upon the Commission to ensure that the Framework meets the high standards of data protection set by the EU before any adequacy finding is adopted, thus guaranteeing secure and consistent data transfers between EU and U.S.
It needs to be noted, however, that this resolution is not binding to the Commission.