After the EU court rejected an earlier framework for data transfers to the US, EU authorities should set clear rules in line with the Court’s findings, Members of the European Parliament say.
The European Parliament has adopted a resolution that urges the Commission to issue guidelines on making data transfers compliant with recent EU Court of Justice rulings. The court considered US data transfers to be inconsistent with the General Data Protection Regulation (GDPR), notably because US authorities may access personal data in bulk.
The Parliament also calls on the Commission to launch infringement procedures against Ireland for failing to effectively enforce the GDPR and its decision to initiate the Schrems court case instead of independently triggering enforcement procedures based on GDPR rules, simultaneously criticising the Irish Data Protection Commission’s long processing times.
While there are no official guidelines on data transfers to/from the USA, companies are advised to strengthen their data protection programmes, implement appropriate technical and organisational security standards, and conduct vendor risk assessments.