The EU Commission must ensure that the EU - US Privacy Shield for data transfers for commercial purposes provides sufficient personal data protection to comply with the Charter of Fundamental Rights and the new EU data protection rules, said Civil Liberties Committee MEPs voting a resolution on Thursday. The first joint annual review of the Privacy Shield framework is expected this summer.

Among the remaining concerns that MEPs list are:

• the lack of specific rules on automated decision-making or the general right to object, and the lack of clear principles on how the Privacy Shield Principles apply to data processors,
• that “bulk surveillance” remain possible as regards national security and surveillance,
• that neither the Privacy Shield Principles nor letters from the US administration demonstrate the existence of effective judicial redress rights for individuals in the EU whose personal data are transferred to the US, and
• the Ombudsperson mechanism set up by the US Department of State is not sufficiently independent and is not vested with sufficient effective powers to carry out its duties.

Read full press release here.