In 't Veld asks the Commission about the privacy protection of European citizens´ data by the USA - Main contents
Under the U.S. Privacy Shield programme, personal data of European citizens are allowed to be transferred to the U.S. as the Commission considers the data to be adequately protected by the adhering businesses. On July 17, a U.S. appeals court upheld gag orders regarding National Security Letters issued by the FBI, allowing for surveillance of costumer information to take place in secret.
Can the Commission, knowing that the Safe Harbour programme was struck down by the Court of Justice because of concerns of mass surveillance by US authorities, guarantee that Privacy Shield offers the adequate data protection level required by European law?
On July 15, it was reported that the White House had released unredacted emails containing the names and contact information of individuals who commented on the president’s Election Integrity Commission. The identities of people opposing the Trump administration’s demand for detailed voter rolls were exposed, including of people who explicitly demanded that any personal information would not be revealed.
How can the Commission guarantee that the EU U.S. Umbrella Agreement is providing adequate protection for European citizens if the FBI can issue National Security Letters in secret and the White House is violating the privacy of even their own citizens? Does the Commission consider that the Trump administration has fully implemented the U.S. commitments regarding the Umbrella Agreement? If not, which action will the Commission take? Does the Commission consider that the PNR and TFTP data of European citizens are adequately protected by the US authorities?
Furthermore, according to a cable of July 12 obtained by Reuters, the U.S. State Department “will require all nations to provide extensive data to help it vet visa applicants and determine whether a traveller poses a terrorist threat”. Will the Commission inquire with U.S. State Department which additional data would be required and if this will affect European citizens? How does the Commission assess this requirement considering visa reciprocity with the EU and the personal data the U.S. authorities already possess relating to European citizens who wish to enter the U.S.?