Privacy and personal data protection [European Parliament impact 2014-2019]
Personal data is processed – often automatically – for many purposes to the benefit of society and individuals; at the same time, its use (or the risk of its misuse) raises concerns for individual’s rights, including privacy and data protection, which are enshrined in both primary and secondary EU law.
The power of the European Parliament
The only directly elected European Union (EU) institution; the European Parliament’s (EP) power and influence in pursuit of citizens’ interests have evolved significantly, transforming it into a full-fledged legislative body and forum of discussion and engagement at the heart of representative democracy, whose influence is felt in virtually all areas of EU activity.
What are then the European Parliament’s main powers?
What difference does the Parliament’s work make to how Europeans live their lives? This series highlights some practical examples of EP impact during the 2014-2019 legislative term.
Personal data is processed – often automatically – for many purposes to the benefit of society and individuals; at the same time, its use (or the risk of its misuse) raises concerns for individual’s rights, including privacy and data protection, which are enshrined in both primary and secondary EU law.
The data protection field is a meaningful example to use to illustrate the various ways in which the European Parliament can exercise its different powers. Besides its legislative power, particularly relevant in the adoption of the data protection reform package, as well as the power to give consent to EU legal acts (for example, the EU-US Umbrella agreement and the Protocol to the CoE Convention 108), the Parliament has exercised its varied power of political control over the Commission on several occasions in the area of privacy and data protection. Moreover, it has used its powers of enquiry to question and launch investigations on specific issues related to the lawfulness of data processing and other subjects.
In light of the Snowden revelations about the US National Security Agency’s data collection programme and about the risk that US law and practice did not offer adequate protection to EU citizens’ data transferred to the US, the Parliament repeatedly called for the suspension of the EU-US Safe Harbour data transfer agreement. As part of the Parliament’s inquiry into mass surveillance of EU citizens, MEPs looked into alleged spying activities by the US and some EU countries, adopting ad hoc resolutions and providing recommendations on preventing further breaches and on redress mechanisms.
Having called for the annulment of the Safe Harbour agreement (later withdrawn, following the CJEU’s ruling), the Parliament continued to scrutinise the Commission’s activities leading to the new Privacy Shield data-transfers framework in 2016. Although recognising the improvements of the new arrangement, the Parliament has repeatedly voiced its concerns, especially in its resolutions on transatlantic data flow (2016) and on the adequacy of the ‘Shield’ (2018).
Although the Parliament is not formally involved in the related negotiations, it assesses (and may request to amend or withdraw) the Commission’s adequacy decisions on third countries’ level of data protection. Also to this end, ad hoc delegations of the Committee on Civil Liberties (LIBE) have visited the US, Canada, Japan and recently South Korea.
The instrument of parliamentary questions for oral or written answers addressed to the European Commission has been used several time on specific issues of data protection and privacy.
As part of its scrutiny powers, the Parliament requested, for the first time in November 2018 and according to Article 218(11) TFEU, the opinion of the Court of Justice of the EU (CJEU) on the EU-Canada PNR transfer agreement on its compatibility with privacy and data protection rights.
European advisory bodies on data protection (the European Data Protection Supervisor and European Data Protection Board) have to regularly report to Parliament on their activities.
Moreover, the Parliament has been active in questioning and investigating the Facebook/Cambridge Analytica scandal (companies certified under the Privacy Shield and accused of misuse of data, including that of European citizens). During the April 2018 plenary session, MEPs called for a strong European position and insisted that Facebook’s CEO, Mark Zuckerberg, appear in the European Parliament to give clarifications. Several hearings were organised on the issue by the LIBE Committee, and a resolution was adopted by the Parliament to wind up the debate on the use of Facebook users’ data by Cambridge Analytica and the impact on data protection in October 2018. Unusually, this was explicitly addressed, not only to the Council, the Commission and the governments and parliaments of the Member States, but also to the US, the Council of Europe and the CEO of Facebook.
Finally, the Parliament has provided a forum for public debate on privacy and data protection matters, not just within its formal meeting rooms, but also by organising several conferences, which contributed to triggering the debate on critical issues such as new technologies vs rights protection, and to increasing awareness that the underlying values of data protection legislation are essential for democracy.
Scrutiny
a mapping of EP powers
Like most national parliaments, the European Parliament exercises scrutiny over the EU executive – the European Commission – but also other institutions. Parliamentary scrutiny involves several important powers. According to the EU Treaties, the Commission as a body is responsible to the European Parliament and it has to resign if a motion of censure, also known as a vote of no confidence, is adopted by Parliament. While the latter has never happened, the imminent likelihood of such a vote led to the collective resignation of the Santer Commission in 1999.
Further, while the Treaties speak of collective responsibility of the Commission and are silent on withdrawing confidence in individual Commissioners, the Parliament may – in case of conflict of interest – request the President of the Commission to do so (Parliament Rules of Procedure, Rule 118(10)). The 2010 Framework Agreement between the Parliament and Commission commits the Commission President to ‘seriously consider’ such a request by Parliament. These provisions have so far not been applied. Parliamentary scrutiny also involves the right to question the executive (the Commission) by means of parliamentary questions, and the corresponding duty of the Commission to provide an answer (Article 230 TFEU).
Further powers of scrutiny include inquiry committees set up to investigate ‘alleged contraventions or maladministration in the implementation of Union law’ (Article 226 TFEU), as well as special parliamentary committees.
Another long-fought for prerogative of Parliament is the scrutiny of ‘delegated’ and ‘implementing acts’, adopted by the Commission, including a right to veto delegated acts or revoke the delegation of power.
Such formal scrutiny powers are complemented by various tools used by the Parliament at the practical level when conducting its business, for example in the context of impact assessment of proposed legislation or evaluation of the implementation of existing laws.
The central task of the Members Research Service is to ensure that all Members of the European Parliament are provided with analysis of, and research on, policy issues relating to the European Union, in order to assist them in their parliamentary work.
Related Articles
European Parliament Plenary Session – December 2023
The G20 in a time of geopolitical upheaval
COP28 climate change conference in Dubai
Generative AI: opportunities, risks and challenges
EU-Ukraine 2035 – Foresight beyond the war
European Parliament Plenary Session – November II 2023
What is the EU doing to protect human rights?
How do we want to produce and consume food in a more sustainable way?
European Parliament Plenary Session – November I 2023
World Cities Day 2023
Death penalty – answering citizens’ concerns
Appointment of Wopke Hoekstra as new climate commissioner – answering citizens’ concerns
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Strictly Necessary Cookies
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.
The present website is hosted by WordPress.com, a service by Automattic. Automattic is a global company with thousands of servers located in several separate data centres around the world. While Automattic takes care of the security of the platform, we, the European Parliamentary Research Service, own the content of the blog. For more detailed information about the compliance of Automattic products and services with the EU General Data Protection Regulation (GDPR), please see their dedicated page.
Data collected
We do not collect any personal data that could identify an individual user. The users that are registered in WordPress.com should consult wordpress.com terms of service. We do collect anonymised aggregate data for statistical purposes. The data collected for this purposes include: number of visits/visitors per page, the country of the user, and aggregate numbers of incoming and outgoing clicks.
We determine unique page counts by using a “hashed” version of the visitor’s IP address. The visitor’s full IP address is deleted from our logs after a little over a month. That timeframe is how long the data is needed in order to allow us to calculate your stats on a monthly basis and no longer.
We collect your email address only if you proactively requested to be notified about the updates on the blog. You can always contact us to remove your email address from our records or unsubscribe from the notification service.
We can also see your name and email address if you made a comment to one of our posts. We do not make the email address visible on the comment. Nevertheless, on request, we can delete your comments.
Cookies
We collect cookies only to facilitate your browsing experience, such as enabling you to share our posts via social media or comment on the post. The majority of cookies will be used only if you are a registered WordPress.com user. In this case, you are bound to WordPress.com terms of service.
Some pages embed content from third parties. In this case, you will need to actively consent to their terms in order to see the content.
We do not collect cookies to show advertisement nor resell any information collected with cookies to third parties. Read more about the wordpress.com cookie policy and the way to control cookies on their dedicated page.
![Privacy and personal data protection [European Parliament impact 2014-2019]](https://i0.wp.com/epthinktank.eu/wp-content/uploads/2019/07/vignettes_scrutiny2.png?fit=1024%2C1024&ssl=1)
Personal data is processed – often automatically – for many purposes to the benefit of society and individuals; at the same time, its use (or the risk of its misuse) raises concerns for individual’s rights, including privacy and data protection, which are enshrined in both primary and secondary EU law.
The data protection field is a meaningful example to use to illustrate the various ways in which the European Parliament can exercise its different powers. Besides its legislative power, particularly relevant in the adoption of the data protection reform package, as well as the power to give consent to EU legal acts (for example, the EU-US Umbrella agreement and the Protocol to the CoE Convention 108), the Parliament has exercised its varied power of political control over the Commission on several occasions in the area of privacy and data protection. Moreover, it has used its powers of enquiry to question and launch investigations on specific issues related to the lawfulness of data processing and other subjects.
In light of the Snowden revelations about the US National Security Agency’s data collection programme and about the risk that US law and practice did not offer adequate protection to EU citizens’ data transferred to the US, the Parliament repeatedly called for the suspension of the EU-US Safe Harbour data transfer agreement. As part of the Parliament’s inquiry into mass surveillance of EU citizens, MEPs looked into alleged spying activities by the US and some EU countries, adopting ad hoc resolutions and providing recommendations on preventing further breaches and on redress mechanisms.
Having called for the annulment of the Safe Harbour agreement (later withdrawn, following the CJEU’s ruling), the Parliament continued to scrutinise the Commission’s activities leading to the new Privacy Shield data-transfers framework in 2016. Although recognising the improvements of the new arrangement, the Parliament has repeatedly voiced its concerns, especially in its resolutions on transatlantic data flow (2016) and on the adequacy of the ‘Shield’ (2018).
Although the Parliament is not formally involved in the related negotiations, it assesses (and may request to amend or withdraw) the Commission’s adequacy decisions on third countries’ level of data protection. Also to this end, ad hoc delegations of the Committee on Civil Liberties (LIBE) have visited the US, Canada, Japan and recently South Korea.
The instrument of parliamentary questions for oral or written answers addressed to the European Commission has been used several time on specific issues of data protection and privacy.
As part of its scrutiny powers, the Parliament requested, for the first time in November 2018 and according to Article 218(11) TFEU, the opinion of the Court of Justice of the EU (CJEU) on the EU-Canada PNR transfer agreement on its compatibility with privacy and data protection rights.
European advisory bodies on data protection (the European Data Protection Supervisor and European Data Protection Board) have to regularly report to Parliament on their activities.
Moreover, the Parliament has been active in questioning and investigating the Facebook/Cambridge Analytica scandal (companies certified under the Privacy Shield and accused of misuse of data, including that of European citizens). During the April 2018 plenary session, MEPs called for a strong European position and insisted that Facebook’s CEO, Mark Zuckerberg, appear in the European Parliament to give clarifications. Several hearings were organised on the issue by the LIBE Committee, and a resolution was adopted by the Parliament to wind up the debate on the use of Facebook users’ data by Cambridge Analytica and the impact on data protection in October 2018. Unusually, this was explicitly addressed, not only to the Council, the Commission and the governments and parliaments of the Member States, but also to the US, the Council of Europe and the CEO of Facebook.
Finally, the Parliament has provided a forum for public debate on privacy and data protection matters, not just within its formal meeting rooms, but also by organising several conferences, which contributed to triggering the debate on critical issues such as new technologies vs rights protection, and to increasing awareness that the underlying values of data protection legislation are essential for democracy.
[…] Source Article from https://epthinktank.eu/2019/08/30/privacy-and-personal-data-protection-european-parliament-impact-20… […]