The Civil Liberties Committee of the EU adopted a resolution which expressed concerns regarding the adequacy decision proposed by the European Commission, asserting that a data transfer between the EU and U.S. would not guarantee sufficient safeguards for personal data protection.
MEPs highlighted the fact that bulk collection of personal data remained permissible in certain cases, coupled with an absence of independent authorisation prior to executing such processes. Additionally, they also lamented the lack of clear rules on data retention. The Data Protection Review Court (“DPRC”) allegedly violated citizens’ right to access and rectify their own data as its decisions were made secretly, while giving U.S. President power to dismiss judges and overrule decisions undermined its independence.
Furthermore, MEPs asserted that the assessment of adequacy should be based on practical implementation, as the U.S. Intelligence Community was still adapting to the Data Privacy Framework. As such, ascertaining the actual impact of the framework on the ground is not yet possible. Consequently, they demanded that the framework be future-proof and firmly established before any potential transfer took place.