On February 14, 2023, the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs issued a Draft Motion for a Resolution demanding that the European Commission not grant adequacy to the newly proposed EU-U.S. Data Privacy Framework, citing it as “inadequate” and falling short of delivering true “equivalence” with the EU in terms of data protection. A full vote on this Resolution is forthcoming in the coming months, but even if successful, it won’t be binding on the Commission to act accordingly.
The Committee identified a multitude of issues with the Framework, including:
the Executive Order 14086 on Enhancing Safeguards For United States Signals Intelligence Activities references to principles of proportionality and necessity being out of sync with their meaning in the EU;
the Executive Order can be amended by U.S President;
decisions rendered by the Data Protection Review Court not being made available to complainants or otherwise remaining untransparent; and
no-existance of federal data protection law within the US itself.
In conclusion, the Committee reaffirmed its previous assertion that the Commission should refrain from any new adequacy decision concerning the United States unless meaningful change was implemented, particularly in regards to national security and intelligence activities.