Activities of Axel VOSS related to 2018/2645(RSP)
Legal basis opinions (0)
Amendments (25)
Amendment 5 #
Recital C
C. whereas transfers of personal data between commercial organisations of the EU and the U.S. are an important element for the transatlantic relationships, in light of an ever-growing digitization of the global economy; whereas these transfers should be carried out in full respect of the right to the protection of personal data and the right to privacy; whereas one of the fundamental objectives of the EU is the protection of fundamental rights, as enshrined in the Charter;
Amendment 7 #
Recital D
D. whereas the EDPS in its Opinion 4/2016 the EDPS raised several concerns on the draft Privacy Shield; while the EDPS welcomes in the same opinionwelcomes the efforts made by all parties to find a solution for transfers of personal data from the EU to the US for commercial purposes under a system of self-certification; whereas the EDPS in the same opinion raised some concerns on the draft Privacy Shield;
Amendment 8 #
Recital E
E. whereas in its Opinion 01/2016 the Article 29 Working Party on the draft EU- U.S. Privacy Shield adequacy implementing Commission Decision welcomed the significant improvements brought about by the Privacy Shield compared with the Safe Harbour decision whilst also raising strong concerns about, in particular the insertion of key definitions, the mechanisms set up to ensure the oversight of the Privacy Shield list and the now mandatory external and internal reviews of compliance; whereas the Working Party also asked for clarifications on both the commercial aspects and the access by public authorities to data transferred under the Privacy Shield;
Amendment 10 #
Recital G
G. whereas the EU-U.S. Privacy Shield is accompanied by several letters and unilateral statementcommitments and assurances from the U.S. administration explaining i.a. the data protection principles, the functioning of oversight, enforcement and redress and the protections and safeguards under which security agencies can access and process personal data;
Amendment 13 #
Recital J
J. whereas the Report from the Commission to the European Parliament and the Council on the first annual review on the functioning of the EU-U.S. Privacy Shield and the Commission Staff Working Paper accompanying theis document, while acknowledging that the U.S. authorities have put in place the necessary structures and procedures to ensure the correct functioning of the Privacy Shield and concluding that the United States continues to ensure an adequate level of protection for personal data transferred under the Privacy Shield, have made ten recommendations to the U.S. authorities in order to address issues of concern regarding not only the tasks and activities of the U.S. Department of Commerce (DoC) and Federal Trade Commission (FTC) as authorities involved in the process ofs administrator responsible for the monitoring of the certification of Privacy Shield organisations and enforcement of the Principles, but also those issues related to national security, such as the re- authorisation of Section 702 of Foreign Intelligence Surveillance Act (FISA), or the appointment of a permanent Ombudsperson and lacking members of the Privacy Civil Liberties Oversight Board (PCLOB);
Amendment 21 #
Paragraph 1
1. Takes note of the improvements compared to the Safe Harbour agreement, including the insertion of key definitions, stricter obligations related to data retention and onward transfers to third countries, the creation of an Ombudsperson to ensure individual redress and independent oversight, checks and balances ensuring the rights of data subjects (PCLOB), external and internal compliance reviews, more regular and rigorous documentation and monitoring, the availability of several ways to pursue legal remedy, a prominent role for national DPAs in the investigation of claims and checks and balances for the protection of privacy and civil liberties in the field of counterterrorism activities (PCLOB); acknowledges thate conclusion of the European Commission is of the view that the U.S. authoritiesfollowing the first joint annual review in September 2017 that the necessary structures and procedures to ensure the correct functioning of the Privacy Shield have been put in place the necessary structures and procedures to ensure the correct functioning of the Privacy Shieland that the level of protection afforded to personal data transferred under the Privacy Shield is adequate; endorses the Commission recommendations addressed to the U.S. authorities which aim to ensure that the guarantees and safeguards provided by the Privacy Shield continue to function as intended;
Amendment 24 #
Paragraph 3
3. Acknowledges the recent designation of two additional Members coupled with the nomination of the Chairman of the PCLOB and calls on the Senate to ratify the names so as to start wrestore the independent agency to quorum status and to enable it to fulfil its mission of ensuring that executive efforkts without delayto prevent terrorism are balanced with the need to protect privacy and civil liberties;
Amendment 29 #
Paragraph 4
4. RAcknowledges that, following the reauthorization of FISA Section 702, the PCLOB is empowered to act in the absence of a Chairman but recalls that the absence of a chair and a quorum has prevented until now the PCLOB from issuing its long-awaited report on the conduct of surveillance under Executive Order 12333 to provide information on the concrete operation of this Executive Order and on its necessity and proportionality with regard to interferences brought to data protection in this context;
Amendment 32 #
Paragraph 6
6. Stresses that the delay in appointing a permanent Ombudsperson is not contributing to mutual trust and thatAcknowledges the assurances of the U.S. government that the acting Ombudsperson is fully empowered to carry out the duties of the Ombudsperson in an effective, objective and independent manner; takes note that no complaints have been received so far under this mechanism; stresses, however, that the delay in appointing a permanent Ombudsperson is not contributing to mutual trust; welcomes that the U.S. State Department has published an unclassified version of the Ombudsperson Implementation Procedures as well as information regarding the request submission process online, including a clarification of his/her powers vis-à-vis the intelligence community will need to be better clarified as well as; requests clarification from the U.S. regarding the level of effective remedy of his/her decisidecisions taken by the Ombudspersons;
Amendment 33 #
Paragraph 7
7. Deplores that three of the five seats of the FTC remain vacant; calls on the U.S. government to appoint the remaining CommissionersAcknowledges the recent nomination of a new FTC Chairman and four FTC Commissioners; deplores that until confirmation of these nominations by the Senate four of the five FTC seats remain vacant; calls on the Senate to proceed with the confirmation as soon as possible, as the FTC is the enforcing agency ofagency that enforces compliance with the Privacy Shield pPrinciples by the US organiszations;
Amendment 35 #
Paragraph 8
8. Stresses that the lack of sufficient oversight and supervision after self- certification risks to lead to enforcement gaps; that better rules on oversight by independent public authorities should be established if this approach is maintained, (including ´sweep´, on-site verifications, etc.)recent revelations regarding the practices of Facebook and Cambridge Analytica highlight the need for proactive oversight and enforcement actions which are not only based on complaints but which include systematic checks of the practical compliance of privacy policies with the Privacy Shield principles throughout the certification lifecycle; calls on the competent EU data protection authorities to take appropriate action and suspend transfers in cases of non-compliance;
Amendment 37 #
Paragraph 9
9. Considers that in orderEmphasises the need to ensure transparency and to avoid false certification claims, the DoC should not toleratelaims of participation; welcomes, in this regard, the introduction of more rigorous company reviews by the DoC, including in particular the requirement of US companies makingto delay public representations about their Privacy Shield certification before it has finaliseduntil their certification process and has included them on the Privacy Shield list; Calls on the DoC to undertake proactively and on regular basis ex officio compliance reviews to monitor the effective compliance of companies with the Privacy Shield rules and requirementshas been finalised;
Amendment 44 #
Paragraph 10
10. In view of the recent revelations of misuse of personal data by companies certified under the Privacy Shield such as Facebook and Cambridge Analytica,; calls on the competent US authorities competent to enforce the Privacy Shield to act upon such revelations without delay in full respectto thoroughly investigate the allegations, to share their findings with the European Commission and to take appropriate action to enforce the Privacy Shield in line with the assurances and commitments given by the US government to uphold the current Privacy Shield arrangement and if needed, to remove such companiesarrangement; stresses that persistent non-compliance of a company with the rules and principles of the Privacy Shield should ultimately lead to its removal from the Privacy Shield list; calls also on the competent EU data protection authorities to investigate such revelations and, if appropriate, suspend or prohibit data transfers under the Privacy Shield;
Amendment 51 #
Paragraph 11
11. Recalls its concerns about the lack of guarantespecific rules in the Privacy Shield for automated-decision making/profildecisions based on automated processing, which produce legal effects or significantly affect the individual; acknowledges the intention of the Commission to order a study to collect factual evidence and further assess the relevance of automated decision-making for data transfers under the Privacy Shield; takes note in this regard of the indicformation provided from the joint review that the findings gathered seem to indicate that none of the dataautomated decision-making may not take place on the basis of personal data that has been transferred under the Privacy Shield are proc; stresseds through automated decision making systemse applicability of the GDPR under the conditions of Article 3(2) GDPR;
Amendment 58 #
Paragraph 14
14. Takes note that the number of ordertargets under Section 702 of FISA covering foreign intelligence targets worldwide has increasedhas increased due to changes in technology and communication patterns as well as an evolving threat environment;
Amendment 59 #
Paragraph 14 a (new)
14 a. Welcomes the confirmation of the U.S. government that the Presidential Policy Directive (PPD-28), which provides protection to all individuals regardless their of nationality with respect to signals intelligence information, remains in place without amendment.
Amendment 64 #
Paragraph 15
15. Regrets that the U.S. did not seize the opportunity of the recent reauthorization of FISA Section 702 to include the safeguards provided in PPD- 28; calls for evidence ensuring that data collection under FISA Section 702 is not indiscriminate and access is not conducted on a generalised basis (bulk collection) in contrast with the EU Charter on Fundamental Rights; takes note of the explanation of the Commission in its Staff Working Document that surveillance under Section 702 FISA is always based on selectors and therefore does not allow for collection in bulk;
Amendment 65 #
Paragraph 16
16. Affirms that the reauthorisation of sSection 702 of the FISA act for 6 more years does not calls into question the legality of the Privacy Shield because all elements on which the Commission's adequacy decision was based have been maintained, in particular the conditions and limitations that ensure targeted collection;
Amendment 68 #
Paragraph 18
Amendment 71 #
Paragraph 19
Amendment 74 #
Paragraph 20
20. Considers that the US authorities have failed to proactively fulfil their commitment to provide the Commission with timely and comprehensive information about any developments that could be of relevance for the Privacy shield, including the failure to notify the Commission of changes in the U.S. legal framework, for example with respect to President Trump's Executive Order 12768 "Enhancing Public Safety in the Interior of the United States" or the repeal of the privacy rules for internet service providers;
Amendment 77 #
Paragraph 21
21. Recalls that, as indicated in its Resolution of 6 April 2017, neither the Privacy Shield Principles nor the letters of the US administration provide clarificationgovernment providing commitments and assurances, demonstratinge the existence of effective judicial redress rights for individuals in the EU in respect of use of their personal data by US authorities for law enforcement and public interest purposes, which were emphasised by the CJEU in its judgment of 6 October 2015 as the essence of the fundamental right in Article 47 of the EU Charter;
Amendment 78 #
Paragraph 22
22. Calls on the Commission to take all the necessary measures to ensure that the Privacy Shield will fully comply with Regulation (EU) 2016/679, to be applied as from 25 May 2018, and with the EU Charter so the adequacy should not lead to loopholes or competitive advantage for US companies;
Amendment 80 #
Paragraph 23
23. Calls upon the Commission and the U.S. competent authorities to restart discussionscontinue to ensure the proper functioning onf the Privacy Shield arrangement and to set up an action plan in order to address as soon as possible the deficiencies identified by the Commission report on the joint review and in the WP29with a view to improve the practical implementation of the framework in line with the recommendations made by the Commission and the WP29 in their respective reports on the joint annual review;
Amendment 86 #
Paragraph 24
24. Is concerned as to whetherBelieves that the current Privacy Shield arrangement provides the adequate level of protection required by Union data protection law and the EU Charter as interpreted by the European Court of Justice.