2018/2645(RSP) | [ParlTrack]

Citation 9 a (new)

- Having regard to the response letter by Article 29 Data Protection Working Party of 11 April 2018 on the reauthorisation of Section 702 of the US Foreign Intelligence Surveillance Act (FISA);

Amendment 10 #

Recital G

G. whereas the EU-U.S. Privacy Shield is accompanied by several ~~letters and unilateral statement~~commitments and assurances from the U.S. administration explaining i.a. the data protection principles, the functioning of oversight, enforcement and redress and the protections and safeguards under which security agencies can access and process personal data;

Amendment 11 #

Recital I

I. whereas in its Resolution of 6 April 2017, the European Parliament, while acknowledging that the EU-U.S. Privacy Shield contains significant improvements regarding the clarity of standards compared to the former EU- U.S. Safe Harbour, also considers that important issues remain as regards certain commercial aspects, national security and law enforcement, whereas it calls on the Commission to conduct, during the first joint annual review, a thorough and in-depth examination of all the shortcomings and weaknesses and to demonstrate how they have been addressed so as to ensure compliance with the EU Charter and Union law, and to evaluate meticulously whether the mechanisms and safeguards indicated in the assurances and clarifications by the US administration are effective and feasibledeleted

Amendment 12 #

Recital J

J. whereas the Report from the Commission to the European Parliament and the Council on the first annual review on the functioning of the EU-U.S. Privacy Shield and the Commission Staff Working Paper accompanying the document, while acknowledging that the U.S. authorities have put in place the necessary structures and procedures to ensure the correct functioning of the Privacy Shield, and that overall the Privacy Shield continues to ensure an adequate level of protection for the transfer of personal data from the EU to the U.S. participating companies, have made ten recommendations to the U.S. authorities in order to address issues of concern regarding not only the tasks and activities of the U.S. Department of Commerce (DoC) and Federal Trade Commission (FTC) as authorities involved in the process of monitoring the certification of Privacy Shield organisations and enforcement of the Principles, but also those issues related to national security, such as the re- authorisation of Section 702 of Foreign Intelligence Surveillance Act (FISA), or the appointment of a permanent Ombudsperson and lacking members of the Privacy Civil Liberties Oversight Board (PCLOB);

Amendment 13 #

Recital J

J. whereas the Report from the Commission to the European Parliament and the Council on the first annual review on the functioning of the EU-U.S. Privacy Shield and the Commission Staff Working Paper accompanying theis document, while acknowledging that the U.S. authorities have put in place the necessary structures and procedures to ensure the correct functioning of the Privacy Shield and concluding that the United States continues to ensure an adequate level of protection for personal data transferred under the Privacy Shield, have made ten recommendations to the U.S. authorities in order to address issues of concern regarding not only the tasks and activities of the U.S. Department of Commerce (DoC) a~~nd Federal Trade Commission (FTC) as authorities involved in the process of~~s administrator responsible for the monitoring of the certification of Privacy Shield organisations and enforcement of the Principles, but also those issues related to national security, such as the re- authorisation of Section 702 of Foreign Intelligence Surveillance Act (FISA), or the appointment of a permanent Ombudsperson and lacking members of the Privacy Civil Liberties Oversight Board (PCLOB);

Amendment 14 #

Recital L

L. whereas the Article 29 Working Party has identified a number of important unresolved issues of significant concern, regarding both the commercial issues and those relating to the access by the U.S. public authorities to data transferred to the U.S. under the Privacy Shield (either for law enforcement or national security purposes) that need to be addressed by both the Commission and the U.S. authorities; whereas it has requested to set up immediately an action plan to demonstrate that all these concerns will be addressed~~, and at the latest at the second joint review~~ before 25 May 2018;

Amendment 15 #

Recital N

N. whereas, an action for annulment by La Quadrature du Net and Others v Commission (Case T-738/16) and a referral by the Irish High Court on the Schrems II case have been brought in front of the European Court of Justice; that the referral takes note that mass surveillance is still going on and analyses whether there is effective remedy in US law for EU citizens whose personal data is transferred to the United States;

Amendment 16 #

Recital O

O. whereas on 11 January 2018 the US Congress has reauthorised and amended Section 702 of FISA for six years without addressing the concerns of the joint review report of the Commission and the opinion of the Article 29 Working Party;

Amendment 17 #

Recital O a (new)

O a. whereas, as part of the omnibus budget legislation signed into law on March 23, 2018, the U.S. Congress enacted the Clarifying Overseas Use of Data ("CLOUD") Act, facilitating law enforcement access to the contents of communications and other related data by allowing U.S. law enforcement authorities to compel production of communications data even if it is stored outside the United States, and by allowing certain foreign countries to enter into executive agreements with the United States in order to permit U.S. service providers to respond to certain foreign orders seeking access to communications data;

Amendment 18 #

Recital O b (new)

O b. whereas Facebook Inc., Cambridge Analytica and SCL Elections Ltd are companies certified under the Privacy Shield framework and as such benefited from the adequacy decision as a legal ground for the transfer and further processing of personal data from the European Union to the United States;

Amendment 19 #

Recital O c (new)

O c. whereas, as per Article 45(5) of the GDPR, where available information reveals that a third country no longer ensures an adequate level of protection, the Commission shall repeal, amend or suspend its adequacy decision;

Amendment 2 #

Citation 10

~~— having regard to its Resolution of 6 April 2017 on the adequacy of the protection afforded by the EU-US Privacy Shield12 _________________ 12 Text adopted, P8_TA(2017)0131~~deleted

Amendment 20 #

Paragraph -1 (new)

-1. Highlights the persisting weaknesses of the Privacy Shield as regards the respect of fundamental rights of data subjects; and underlines the increasing risk that the Court of Justice of the EU may invalidate Commission Implementing Decision (EU) 2016/1250 on the Privacy Shield;

Amendment 21 #

Paragraph 1

1. Takes note of the improvements compared to the Safe Harbour agreement, including the insertion of key definitions, stricter obligations related to data retention and onward transfers to third countries, the creation of an Ombudsperson to ensure individual redress and independent oversight, ~~checks and balances ensuring the rights of data subjects (PCLOB),~~ external and internal compliance reviews, more regular and rigorous documentation and monitoring, the availability of several ways to pursue legal remedy, a prominent role for national DPAs in the investigation of claims and checks and balances for the protection of privacy and civil liberties in the field of counterterrorism activities (PCLOB); acknowledges thate conclusion of the European Commission ~~is of the view that the U.S. authorities~~following the first joint annual review in September 2017 that the necessary structures and procedures to ensure the correct functioning of the Privacy Shield have been put in place ~~the necessary structures and procedures to ensure the correct functioning of the Privacy Shiel~~and that the level of protection afforded to personal data transferred under the Privacy Shield is adequate; endorses the Commission recommendations addressed to the U.S. authorities which aim to ensure that the guarantees and safeguards provided by the Privacy Shield continue to function as intended;

Amendment 22 #

Paragraph 1

Amendment 23 #

Paragraph 1

Amendment 24 #

Paragraph 3

3. Acknowledges the recent designation of two additional Members coupled with the nomination of the Chairman of the PCLOB and calls on the Senate to ratify the names so as to ~~start w~~restore the independent agency to quorum status and to enable it to fulfil its mission of ensuring that executive efforkts ~~without delay~~to prevent terrorism are balanced with the need to protect privacy and civil liberties;

Amendment 25 #

Paragraph 3

3. Acknowledges the recent designation of two additional Members coupled with the nomination of the Chairman of the PCLOB and calls on the Senate to ~~ratify the names so as to~~scrutinise their profiles in order to ratify the designation and start works without furtherdelay;

Amendment 26 #

Paragraph 3

3. Acknowledges the recent designation of two additional Members coupled with the nomination of the Chairman of the PCLOB and ~~calls on~~urges the Senate to ratify the names so as to start works without delay;

Amendment 27 #

Paragraph 3

3. ~~Acknowledges the recent~~Regrets that it has taken so long to designat~~ion of~~e two additional Members ~~coupled with the~~and to nominat~~ion of~~e the Chairman of the PCLOB and calls on the Senate to ratify the names so as to start works without delay;

Amendment 28 #

Paragraph 4

4. ~~Recalls~~Expresses its concern that the absence of a chair and a quorum has ~~prevented until~~limited the PCLOB's ability to act and to fulfill its obligations; highlights that during a sub-quorum period, PCLOB may not initiate noew ~~the PCLOB from~~advice or oversight projects, and hire staff; recalls that the PCLOB has not yet issu~~ing~~ed its long-awaited report on the conduct of surveillance under Executive Order 12333 to provide information on the concrete operation of this Executive Order and on its necessity and proportionality with regard to interferences brought to data protection in this context; notes that this report is highly desirable considering the uncertainty and unforseeability of how Executive Order 12333 is made use of; regrets that the PCLOB has not issued a new report on Section 702 FISA before it was reauthorised in January 2018; considers that the sub-quorum status seriously undermines the compliance and oversight guarantees and assurances made by the US authorities; therefore urges the US authorities to nominate and confirm new Board Members without delay;

Amendment 29 #

Paragraph 4

4. RAcknowledges that, following the reauthorization of FISA Section 702, the PCLOB is empowered to act in the absence of a Chairman but recalls that the absence of a chair and a quorum has prevented until now the PCLOB from issuing its long-awaited report on the conduct of surveillance under Executive Order 12333 to provide information on the concrete operation of this Executive Order and on its necessity and proportionality with regard to interferences brought to data protection in this context;

Amendment 3 #

Citation 10 a (new)

- having regard to the letter of the Chair of the Article 29 Working Party on Section 702 of the US Foreign Intelligence Surveillance Act (FISA) of 11 April 2018,

Amendment 30 #

Paragraph 5

5. ~~Regrets that the report of the PCLOB on~~In light of the fact that Presidential Policy Directive 28 (PPD 28) is one of the central elements on which the Privacy Shield is built on, calls for the release of the PCLOB report on PPD 28, which is still subject to Presidential privilege and is thus not published yet;

Amendment 31 #

Paragraph 6

6. ~~Stresses that the delay in appointing a permanent Ombudsperson~~Reiterates its position that the Ombudsperson mechanism set up by the U.S. Department of State is not sufficiently independent and is not endowed with sufficient effective powers to carry out its ~~not contributing to mutual trust and that his/her powers vis-à-vis the intelligence community will need to be better clarified as well as the level of effective remedy of his/her decisions~~tasks and provide effective redress to EU citizens; stresses that the exact powers of the Ombudsperson mechanism need to be clarified, especially with regards to his/her powers vis-à-vis the intelligence community and the level of effective remedy of his/her decisions; regrets that the Ombudsperson can only request action by and information from US governmental bodies, and cannot order the authorities to cease and discontinue unlawful surveillance, or to permanently destruct information; points out that, while there is an acting Ombudsperson, to date the US administration has still not appointed a new permanent Ombudsman, which does not contribute to mutual trust; takes the view that in the absence of an appointed independent, experienced and sufficiently empowered Ombudsperson, the US assurances with regard to the provision of effective redress to EU citizens would be null and void;

Amendment 32 #

Paragraph 6

6. ~~Stresses that the delay in appointing a permanent Ombudsperson is not contributing to mutual trust and that~~Acknowledges the assurances of the U.S. government that the acting Ombudsperson is fully empowered to carry out the duties of the Ombudsperson in an effective, objective and independent manner; takes note that no complaints have been received so far under this mechanism; stresses, however, that the delay in appointing a permanent Ombudsperson is not contributing to mutual trust; welcomes that the U.S. State Department has published an unclassified version of the Ombudsperson Implementation Procedures as well as information regarding the request submission process online, including a clarification of his/her powers vis-à-vis the intelligence community ~~will need to be better clarified as well as~~; requests clarification from the U.S. regarding the level of effective remedy of ~~his/her decisi~~decisions taken by the Ombudspersons;

Amendment 33 #

Paragraph 7

7. ~~Deplores that three of the five seats of the FTC remain vacant; calls on the U.S. government to appoint the remaining Commissioners~~Acknowledges the recent nomination of a new FTC Chairman and four FTC Commissioners; deplores that until confirmation of these nominations by the Senate four of the five FTC seats remain vacant; calls on the Senate to proceed with the confirmation as soon as possible, as the FTC is the ~~enforcing agency of~~agency that enforces compliance with the Privacy Shield pPrinciples by the US organiszations;

Amendment 34 #

Paragraph 7

7. Deplores that three of the five seats of the FTC remain vacant; calls on the U.S. government to appoint the remaining Commissioners as soon as possible as the FTC is the competent enforcing agency of the Privacy Shield principles by the US organisations;

Amendment 35 #

Paragraph 8

8. Stresses that the lack of sufficient oversight and supervision after self- certification risks to lead to enforcement gaps; that better rules on oversight by independent public authorities should be established if this approach is maintained, (including ´sweep´, on-site verifications, etc.)recent revelations regarding the practices of Facebook and Cambridge Analytica highlight the need for proactive oversight and enforcement actions which are not only based on complaints but which include systematic checks of the practical compliance of privacy policies with the Privacy Shield principles throughout the certification lifecycle; calls on the competent EU data protection authorities to take appropriate action and suspend transfers in cases of non-compliance;

Amendment 36 #

Paragraph 9

9. Considers that in order to ensure transparency and avoid false certification claims, the DoC should not tolerate US companies making public representations about their Privacy Shield certification before it has finalised the certification process and has included them on the Privacy Shield list; Cis concerned by the fact that the DoC has not made use of the possibility provided in the Privacy Shield to request copies of the contractual terms used by certified companies in their contracts with third parties to ensure compliance; considers therefore that there is no effective control whether certified companies actually comply with the Privacy Shield provisions; calls on the DoC to undertake proactively and on regular basis ex officio compliance reviews to monitor the effective compliance of companies with the Privacy Shield rules and requirements;

Amendment 37 #

Paragraph 9

9. ~~Considers that in order~~Emphasises the need to ensure transparency and to avoid false c~~ertification claims, the DoC should not tolerate~~laims of participation; welcomes, in this regard, the introduction of more rigorous company reviews by the DoC, including in particular the requirement of US companies ~~making~~to delay public representations about their Privacy Shield certification ~~before it has finalised~~until their certification process and has included them on the Privacy Shield list; Calls on the DoC to undertake proactively and on regular basis ex officio compliance reviews to monitor the effective compliance of companies with the Privacy Shield rules and requirementshas been finalised;

Amendment 38 #

Paragraph 9 a (new)

9 a. Considers that the various recourse procedures for EU citizens may prove to be too complex, difficult to use, and therefore less effective; notes that, as underlined by the companies providing independent recourse mechanisms (IRMs), most of the complaints are brought directly to the companies by individuals seeking general information on the Privacy Shield and the processing of their data; recommends therefore the US authorities to offer more concrete information on the Privacy Shield website in an accessible and easily understandable form to the individuals regarding their rights and available recourses and remedies;

Amendment 39 #

Paragraph 9 a (new)

9 a. Welcomes the efforts made by the U.S. authorities to reduce opportunities for false claims through requiring first- time certifiers to wait until the review process is completed before making public representation about their Privacy Shield certification, notes that misleading practices can lead to weakening of the credibility of the system as a whole;

Amendment 4 #

Recital C

C. whereas transfers of personal data between commercial organisations of the EU and the U.S. are an important element for the transatlantic relationships, whereas Privacy Shield is a key mechanism enabling these transfers under strong rules and obligations, whereas these transfers should be carried out in full respect of the right to the protection of personal data and the right to privacy; whereas one of the fundamental objectives of the EU is the protection of fundamental rights, as enshrined in the Charter;

Amendment 40 #

Maria GRAPINI

Paragraph 9 a (new)

9 a. There should be , for the information platforms, as for any service or product , a warranty system for the service provided and a sanctioning system if the initial warranty for users is breached.

Amendment 41 #

Maria GRAPINI

Paragraph 9 b (new)

9 b. In view of the recent personal data issues created by Facebook and Cambridge Analytica , it is necessary to ensure that , when opening any platform that operates with personal data , it also has security and protection measures.

Amendment 42 #

Paragraph 10

10. In view of the recent revelations of misuse of personal data by companies certified under the Privacy Shield such as Facebook and Cambridge Analytica, calls on the US authorities competent to enforce the Privacy Shield to act upon such revelations without delay in full respect with the assurances and commitments given to uphold the current Privacy Shield arrangement and if needed, to remove such companies from the Privacy Shield list; calls also on the competent EU data protection authorities to investigate such revelations and, if appropriate, suspend or prohibit data transfers under the Privacy Shield; considers that the revelations clearly show that the Privacy Shield mechanism does not provide an adequate protection of the right to data protection;

Amendment 43 #

Paragraph 10

10. In view of the recent revelations of misuse of personal data by companies certified under the Privacy Shield such as Facebook and Cambridge Analytica, calls on the US authorities competent to enforce the Privacy Shield to act upon such revelations without delay in full respect with the assurances and commitments given to uphold the current Privacy Shield arrangement and if needed, to remove such companies from the Privacy Shield list; calls also on the competent EU data protection authorities to investigate such revelations and, if appropriate, suspend or prohibit data transfers under the Privacy Shield; notes that more scrutiny is needed to access whether certified companies fully comply with the rules under the Privacy Shield;

Amendment 44 #

Paragraph 10

10. In view of the recent revelations of misuse of personal data by companies certified under the Privacy Shield such as Facebook and Cambridge Analytica,; calls on the competent US authorities ~~competent to enforce the Privacy Shield to act upon such revelations without delay in full respect~~to thoroughly investigate the allegations, to share their findings with the European Commission and to take appropriate action to enforce the Privacy Shield in line with the assurances and commitments given by the US government to uphold the current ~~Privacy Shield arrangement and if needed, to remove such companies~~arrangement; stresses that persistent non-compliance of a company with the rules and principles of the Privacy Shield should ultimately lead to its removal from the Privacy Shield list; calls also on the competent EU data protection authorities to investigate such revelations ~~and, if appropriate, suspend or prohibit data transfers under the Privacy Shield~~;

Amendment 45 #

Paragraph 10

10. In view of the recent revelations of misuse of personal data by companies certified under the Privacy Shield such as ~~Facebook and~~ Cambridge Analytica, or oversight from companies certified under the Privacy Shield such as Facebook, calls on the US authorities competent to enforce the Privacy Shield to act upon such revelations without delay in full respect with the assurances and commitments given to uphold the current Privacy Shield arrangement and if needed, to remove such companies from the Privacy Shield list; calls also on the competent EU data protection authorities to investigate such revelations and, if appropriate, suspend or prohibit data transfers under the Privacy Shield;

Amendment 46 #

Paragraph 10 a (new)

10 a. Is seriously concerned about the change in the terms of service of Facebook for non-EU users outside the United States and Canada who so far have enjoyed rights under EU data protection law, and who now have to accept Facebook U.S. instead of Facebook Ireland as the data controller; considers that this constitutes a transfer of personal data of approximately 1.5 billion users to a third country; seriously doubts that such an unprecedented large- scale limitation of the fundamental rights of users of a de-facto monopoly platform is what was intended with the Privacy Shield; calls on EU data protection authorities to investigate this matter;

Amendment 47 #

Csaba SÓGOR

Paragraph 10 a (new)

10 a. Expresses its strong concern that, if not dealt with, such misuses of personal data of people by various entities that aim to manipulate their political will or voting behaviour, can threaten the democratic process and its underlying idea that voters can make informed, fact-based decisions for themselves;

Amendment 48 #

Paragraph 10 b (new)

10 b. Welcomes and supports the calls for the US legislator to move towards an omnibus privacy and data protection act;

Amendment 49 #

Paragraph 11

11. Recalls its concerns about the lack of guarantees in the Privacy Shield for automated-decision making/profiling, which produce legal effect or significantly affect the individual; acknowledges the intention of the Commission to order a study to collect factual evidence and further assess the relevance of automated decision-making for data transfers under the Privacy Shield; takes note in this regard of the indication from the joint review that the findings gathered seem to indicate that none of the data transferred under the Privacy Shield are processed through automated decision making systems but deplores that, according to the WP29, the feedback from the companies remained very general, leaving unclear whether these assertions correspond to the reality of all companies adhering to the Privacy Shield;

Amendment 5 #

Recital C

C. whereas transfers of personal data between commercial organisations of the EU and the U.S. are an important element for the transatlantic relations~~hips,~~ in light of an ever-growing digitization of the global economy; whereas these transfers should be carried out in full respect of the right to the protection of personal data and the right to privacy; whereas one of the fundamental objectives of the EU is the protection of fundamental rights, as enshrined in the Charter;

Amendment 50 #

Paragraph 11

11. Recalls its concerns about the lack of guarantees in the Privacy Shield for automated-decision making/profiling, which produce legal effect or significantly affect the individual; acknowledges the intention of the Commission to order a study to collect factual evidence and further assess the relevance of automated decision-making for data transfers under the Privacy Shield; calls on the Commission to provide for specific rules concerning automated decision-making to provide sufficient safeguards if the study recommends this; takes note in this regard of the indication from the joint review that the findings gathered seem to indicate that none of the data transferred under the Privacy Shield are processed through automated decision making systems;

Amendment 51 #

Paragraph 11

11. Recalls its concerns about the lack of ~~guarante~~specific rules in the Privacy Shield for ~~automated-decision making/profil~~decisions based on automated processing, which produce legal effects or significantly affect the individual; acknowledges the intention of the Commission to order a study to collect factual evidence and further assess the relevance of automated decision-making for data transfers under the Privacy Shield; takes note in this regard of the in~~dic~~formation provided from the joint review that ~~the findings gathered seem to indicate that none of the data~~automated decision-making may not take place on the basis of personal data that has been transferred under the Privacy Shield ~~are proc~~; stresseds th~~rough automated decision making systems~~e applicability of the GDPR under the conditions of Article 3(2) GDPR;

Amendment 52 #

Paragraph 12

12. Stresses that further improvements should be made with regards to the interpretation and handling of HR data due to the different reading of the notion “HR data” by the US government on one hand and the European Commission and the WP29 on the other hand; ~~takes note of~~agrees fully with the WP29 call to the European Commission to engage in negotiations with the US authorities in order to amend the Privacy Shield mechanism on this issue;

Amendment 53 #

Paragraph 13

13. Reiterates its concern that the Privacy Shield principles do not follow the EU model of consent-based processing, but even allow for opt-out / right to object only in very specific circumstances; therefore recommends, in the light of the joint review, that the DoC provides more precise guidance as regards essential principles of the Privacy Shield such as the Choice Principle, the Notice Principle, onward transfers, controller-processor’s relation and access, which are much more aligned with the rights of the data subject under Regulation (EU) 2016/679;

Amendment 54 #

Paragraph 13

13. Recommends, in the light of the joint review, that the DoC works with European Data Protection Authorities to provides more precise guidance as regards essential principles of the Privacy Shield such as the Choice Principle, the Notice Principle, onward transfers, controller- processor’s relation and access;

Amendment 55 #

Paragraph 13

13. ~~Recommend~~Urges, in the light of the joint review, ~~that~~ the DoC to provides more precise guidance as regards essential principles of the Privacy Shield such as the Choice Principle, the Notice Principle, onward transfers, controller-processor’s relation and access;

Amendment 56 #

Paragraph 13 a (new)

13 a. Reiterates its concerns about the rejection by Congress in March 2017 of the rule submitted by the Federal Communications Commission relating to "Protecting the Privacy of Customers of Broadband and Other Telecommunications Services", which in practice eliminates broadband privacy rules that would have required Internet Service Providers to get consumers' explicit consent before selling or sharing Web browsing data and other private information with advertisers and other companies; considers that this is yet another threat to privacy safeguards in the United States;

Amendment 57 #

Paragraph 13 a (new)

13 a. Considers that the term 'national security' in the Privacy Shield mechanism is not specifically circumscribed in order to ensure that data protection breaches can be effectively reviewed in courts to ensure compliance with a strict test of what is necessary and proportionate; calls therefore for a clear definition of 'national security'.

Amendment 58 #

Paragraph 14

14. Takes note that the number of ~~order~~targets under Section 702 of FISA ~~covering foreign intelligence targets worldwide has increased~~has increased due to changes in technology and communication patterns as well as an evolving threat environment;

Amendment 59 #

Paragraph 14 a (new)

14 a. Welcomes the confirmation of the U.S. government that the Presidential Policy Directive (PPD-28), which provides protection to all individuals regardless their of nationality with respect to signals intelligence information, remains in place without amendment.

Amendment 6 #

Csaba SÓGOR

Recital C a (new)

C a. whereas Facebook, a signatory to the Privacy Shield, has confirmed that the data of 2.7 million EU citizens were among those improperly used by political consultancy Cambridge Analytica;

Amendment 60 #

Paragraph 15

15. Regrets that the U.S. did not seize the opportunity of the recent reauthorization of FISA Section 702 to include the safeguards provided in PPD-28; calls for evidence and legally binding commitments ensuring that data collection under FISA Section 702 is not indiscriminate and access is not conducted on a generalised basis (bulk collection) in contrast with the EU Charter on Fundamental Rights; shares the view of Article 29 Data Protection Working Party that an updated report from PCLOB on the definition of “targets”, on the “tasking of selectors” and on the concrete process of applying selectors in the context of the UPSTREAM programme would be valuable to clarify and assess whether massive access to personal data occurs in that context; deplores that EU individuals are excluded from the additional protection provided by the reauthorization of FISA Section 702, by which the FBI can only access communciations content under Section 702 with a court order, following a specific application made by the FBI; calls on the Commission to take the forthcoming analysis of WP29 on FISA Section 702 seriously and to act accordingly;

Amendment 61 #

Paragraph 15

15. Regrets that the U.S. did not seize the opportunity of the recent reauthorization of FISA Section 702 to include the safeguards provided in PPD- 28; deplores that the Commission in the First Annual Review only offered 'hope' that the protections offered by PPD-28 would be enshrined in FISA instead of demanding effective legal remedies against unlawful surveillance; calls for evidence ensuring that data collection under FISA Section 702 is not indiscriminate and access is not conducted on a generalised basis (bulk collection) in contrast with the EU Charter on Fundamental Rights;

Amendment 62 #

Paragraph 15

15. Regrets that the U.S. did not seize the opportunity of the recent reauthorization of FISA Section 702 to include the safeguards provided in PPD-28; calls for evidence ensuring that data collection under FISA Section 702 is not indiscriminate and access is not conducted on a generalised basis (bulk collection) in contrast with the EU Charter on Fundamental Rights; regrets that the reauthorisation of Section 702 contains several amendments that however are merely procedural and do not address these most problematic issues as also raised by the Article 29 Working Party;

Amendment 63 #

Paragraph 15

15. Regrets that the U.S. did not seize the opportunity of the recent reauthorization of FISA Section 702 to include the safeguards provided in PPD-28; calls for evidence ensuring that data collection under FISA Section 702 is not indiscriminate and access is not conducted on a generalised basis (bulk collection) in contrast with the EU Charter on Fundamental Rights; calls for an updated report from the PCLOB on the definition of ´targets´, on the ´tasking of selectors´ and on the concrete process of applying selectors in the context of the UPSTREAM programme;

Amendment 64 #

Paragraph 15

15. Regrets that the U.S. did not seize the opportunity of the recent reauthorization of FISA Section 702 to include the safeguards provided in PPD- 28; calls for evidence ensuring that data collection under FISA Section 702 is not indiscriminate ~~and access is not conducted on a generalised basis (bulk collection) in contrast with the EU Charter on Fundamental Rights~~; takes note of the explanation of the Commission in its Staff Working Document that surveillance under Section 702 FISA is always based on selectors and therefore does not allow for collection in bulk;

Amendment 65 #

Paragraph 16

16. Affirms that the reauthorisation of sSection 702 ~~of the~~ FISA act for 6 more years does not calls into question the legality of the Privacy Shield because all elements on which the Commission's adequacy decision was based have been maintained, in particular the conditions and limitations that ensure targeted collection;

Amendment 66 #

Paragraph 16 a (new)

16 a. Reiterates its concerns about Executive Order 12333, which allows the NSA to share vast amounts of private data gathered without warrants, court orders or congressional authorisation with 16 other agencies, including the FBI, the Drug Enforcement Agency and the Department of Homeland Security; regrets the lack of any judicial review of surveillance activities conducted on the basis of Executive Order 12333;

Amendment 67 #

Paragraph 17 a (new)

17 a. Expresses its concern about the consequences of Executive Order 13768 on 'Enhancing Public Safety in the Interior of the United States' for judicial and administrative remedies available to individuals in the US, because the protections of the Privacy Act no longer apply to non-US citizens; takes note of the Commission's position that the adequacy assessment does not rely on the protections of the Privacy Act and that therefore this Executive Order does not affect the Privacy Shield; considers that Executive Order 13768 however indicates the intention of the US executive to reverse the data protection guarantees previously granted to EU citizens and to override the commitments made towards the EU during the Obama Presidency;

Amendment 68 #

Paragraph 18

18. Expresses its strong concerns regarding the recent adoption of the Clarifying Lawful Overseas Use of Data Act or CLOUD Act (H.R. 4943), which expands the abilities of American and foreign law enforcement to target and access people’s data across international borders without making use of the instrument of Mutual legal Assistance (MLAT) instruments, which provide for appropriate safeguards and respect the judicial competences of the countries where the information is located;deleted

Amendment 69 #

Paragraph 18

Amendment 7 #

Recital D

D. whereas the EDPS in its Opinion 4/2016 ~~the EDPS raised several concerns on the draft Privacy Shield; while the EDPS welcomes in the same opinion~~welcomes the efforts made by all parties to find a solution for transfers of personal data from the EU to the US for commercial purposes under a system of self-certification; whereas the EDPS in the same opinion raised some concerns on the draft Privacy Shield;

Amendment 70 #

Paragraph 18

18. Expresses its strong concerns regarding the recent adoption of the Clarifying Lawful Overseas Use of Data Act or CLOUD Act (H.R. 4943), which, running counter to the principle enshrined in Article 48 of Regulation EU 2016/679 (GDPR), expands the abilities of American and foreign law enforcement to target and access people’s data across international borders without making use of the instrument of Mutual legal Assistance (MLAT) instruments, which provide for appropriate safeguards and respect the judicial competences of the countries where the information is located;

Amendment 71 #

Paragraph 19

Amendment 72 #

Paragraph 19

19. Considers that a more balanced solution would have been to strengthen the existing international system of Mutual Legal Assistance Treaties (MLATs) in view of encouraging international and judicial cooperation; reiterates that, as for instance set out in Article 48 of Regulation (EU) 679/2016 (the General Data Protection Regulation), mutual legal assistance and other international agreements are the preferred mechanism to enable access to personal data overseas;

Amendment 73 #

Paragraph 19

19. Considers that ~~a more balanced solution~~the best solution compatible with EU law would have been to strengthen the existing international system of Mutual Legal Assistance Treaties (MLATs) in view of encouraging international and judicial cooperation;

Amendment 74 #

Paragraph 20

20. Considers that the US authorities have failed to proactively fulfil their commitment to provide the Commission with timely and comprehensive information about any developments that could be of relevance for the Privacy shield, including the failure to notify the Commission of changes in the U.S. legal framework, for example with respect to President Trump's Executive Order 12768 "Enhancing Public Safety in the Interior of the United States" or the repeal of the privacy rules for internet service providers;

Amendment 75 #

Paragraph 20

20. ~~Consider~~Deplores that the US authorities have failed to proactively fulfil their commitment to provide the Commission with timely and comprehensive information about any developments that could be of relevance for the Privacy shield, including the failure to notify the Commission of changes in the U.S. legal framework;

Amendment 76 #

Paragraph 21

21. Recalls that, as indicated in its Resolution of 6 April 2017, neither the Privacy Shield Principles nor the letters of the US administration provide clarifications and assurances demonstrating the existence of effective judicial redress rights for individuals in the EU in respect of use of their personal data by US authorities for law enforcement and public interest purposes, which were emphasised by the CJEU in its judgment of 6 October 2015 as the essence of the fundamental right in Article 47 of the EU Charter;deleted

Amendment 77 #

Paragraph 21

21. Recalls that, as indicated in its Resolution of 6 April 2017, neither the Privacy Shield Principles nor the letters of the US ~~administration provide clarification~~government providing commitments and assurances, demonstrat~~ing~~e the existence of effective judicial redress rights for individuals in the EU in respect of use of their personal data by US authorities for law enforcement and public interest purposes, which were emphasised by the CJEU in its judgment of 6 October 2015 as the essence of the fundamental right in Article 47 of the EU Charter;

Amendment 78 #

Paragraph 22

22. Calls on the Commission to take all the necessary measures to ensure that the Privacy Shield will fully comply with Regulation (EU) 2016/679, to be applied as from 25 May 2018, and with the EU Charter ~~so the adequacy should not lead to loopholes or competitive advantage for US companies~~;

Amendment 79 #

Paragraph 23

23. ~~Calls upon~~Deplores that the Commission and the U.S. competent authorities did noto restart discussions on the Privacy Shield arrangement and did noto set up any action plan in order to address as soon as possible the deficiencies identified ~~by the Commission report on the joint review and in the WP29 report on the joint review~~as called for by the WP29 in its December report on the joint review; calls on the Commission and the US competent authorities to do so without any further delay;

Amendment 8 #

Recital E

E. whereas in its Opinion 01/2016 the Article 29 Working Party on the draft EU- U.S. Privacy Shield adequacy implementing Commission Decision welcomed the significant improvements brought about by the Privacy Shield compared with the Safe Harbour decision ~~whilst also raising strong concerns about~~, in particular the insertion of key definitions, the mechanisms set up to ensure the oversight of the Privacy Shield list and the now mandatory external and internal reviews of compliance; whereas the Working Party also asked for clarifications on both the commercial aspects and the access by public authorities to data transferred under the Privacy Shield;

Amendment 80 #

Paragraph 23

23. Calls upon the Commission and the U.S. competent authorities to ~~restart discussions~~continue to ensure the proper functioning onf the Privacy Shield arrangement and to set up an action plan ~~in order to address as soon as possible the deficiencies identified by the Commission report on the joint review and in the WP29~~with a view to improve the practical implementation of the framework in line with the recommendations made by the Commission and the WP29 in their respective reports on the joint annual review;

Amendment 81 #

Paragraph 23

23. ~~Calls upon~~Urges the Commission and the U.S. competent authorities to restart discussions on the Privacy Shield arrangement and to set up an action plan in order to address as soon as possible the deficiencies identified by the Commission report on the joint review and in the WP29 report on the joint review;

Amendment 82 #

Paragraph 23 a (new)

23 a. Recalls that privacy and data protection are legally enforceable fundamental rights, enshrined in the Treaties, the Charter of Fundamental Rights and the European Convention of Human Rights, as well as in laws and case law; emphasizes that they must be applied in a manner that does not unnecessarily hamper trade or international relations, but cannot be "balanced" against commercial or political interests;

Amendment 83 #

Paragraph 24

24. ~~Is concerned as to whether~~Takes the view that the current Privacy Shield arrangement does not provides the adequate level of protection required by Union data protection law and the EU Charter as interpreted by the European Court of Justice.;

Amendment 84 #

Paragraph 24

24. Is concerned ~~as to whether~~that the current Privacy Shield arrangement does not provides the adequate level of protection required by Union data protection law and the EU Charter as interpreted by the European Court of Justice.

Amendment 85 #

Paragraph 24

24. ~~Is concerned as to whether~~Considers that the current Privacy Shield arrangement does not provides the adequate level of protection required by Union data protection law and the EU Charter as interpreted by the European Court of Justice.

Amendment 86 #

Paragraph 24

24. ~~Is concerned as to whether~~Believes that the current Privacy Shield arrangement provides the adequate level of protection required by Union data protection law and the EU Charter as interpreted by the European Court of Justice.

Amendment 87 #

Paragraph 24 a (new)

24 a. Considers that the Commission has failed to act in accordance with Article 45(5) GDPR; calls therefore on the Commission to suspend the Privacy Shield until the US authorities comply with its terms;

Amendment 88 #

Paragraph 25

25. Instructs its Committee on Civil Liberties, Justice and Home Affairs to continue to monitor developments in this field, including on cases brought before the Court of Justice, and the follow up to the recommendations made in the resolution;

Amendment 9 #