Governance & Risk Management , Privacy

EU Data Protection Board Casts Doubt on Privacy Framework

EDPB Chair Jelinek Says Agreement for EU-US Data Flows Raises 'Privacy Concerns'
EU Data Protection Board Casts Doubt on Privacy Framework
Image: Shutterstock

The European agency responsible for overseeing consistent application of privacy law on the continent says it has reservations about the legal framework underpinning commercial trans-Atlantic data flows as the framework moves toward formal acceptance by the European Commission.

See Also: Netskope FERPA Mapping Guide

Europe's executive body in December adopted a draft adequacy decision paving the way for formal ratification of a pact dubbed the EU-U.S. Data Privacy Framework. The framework is the outcome of nearly two years of negotiations between Brussels and Washington, instigated by a Court of Justice of the European Union 2020 decision invalidating Privacy Shield, the legal mechanism underpinning trans-Atlantic commercial data flows since mid-2016.

Even its proponents acknowledge that, if finalized, the framework will come under a possibly successful legal challenge from European privacy advocates (see: EU-US Data Privacy Framework in Activist's Crosshairs).

The European Data Protection Board on Tuesday published an analysis of the framework, lauding "substantial improvements" but simultaneously expressing "concerns" and requesting "clarifications on several points."

The concerns include "the absence of key definitions," the broad exemption from framework principles of publicly available information and "the lack of specific rules on automated decision-making and profiling."

"Overall, the EDPB welcomes the Data Protection Framework, but we have identified several privacy concerns," EDPB Chair Andrea Jelinek told a European Union parliamentary committee hearing on Wednesday. "The EDPB recommends that the commission assess these updated policies and procedures before its implementation."

Responding to the agency's observations, EU Justice Commissioner Didier Reynders tweeted on Tuesday that his agency will "carefully analyze" the privacy agency's recommendations. He also said the commission is waiting for the positions of the European Parliament and EU Council. Close observers in Brussels expect the Parliament to vote on a resolution urging the commission not to approve the framework, although the disapprobation would not be binding.

Members of the European Parliament's Committee on Civil Liberties, Justice and Home Affairs earlier urged the European Commission not to adopt an adequacy ruling, arguing that the framework "fails to create actual equivalence in protection" with the EU's General Data Protection Regulation.


About the Author

Akshaya Asokan

Akshaya Asokan

Senior Correspondent, ISMG

Asokan is a U.K.-based senior correspondent for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.