Members' Research Service By / August 30, 2019

Privacy and personal data protection [European Parliament impact 2014-2019]

Personal data is processed – often automatically – for many purposes to the benefit of society and individuals; at the same time, its use (or the risk of its misuse) raises concerns for individual’s rights, including privacy and data protection, which are enshrined in both primary and secondary EU law.

The power of the European Parliament

The only directly elected European Union (EU) institution; the European Parliament’s (EP) power and influence in pursuit of citizens’ interests have evolved significantly, transforming it into a full-fledged legislative body and forum of discussion and engagement at the heart of representative democracy, whose influence is felt in virtually all areas of EU activity. What are then the European Parliament’s main powers? What difference does the Parliament’s work make to how Europeans live their lives? This series highlights some practical examples of EP impact during the 2014-2019 legislative term.
EP POWERS Law makingPersonal data is processed – often automatically – for many purposes to the benefit of society and individuals; at the same time, its use (or the risk of its misuse) raises concerns for individual’s rights, including privacy and data protection, which are enshrined in both primary and secondary EU law. The data protection field is a meaningful example to use to illustrate the various ways in which the European Parliament can exercise its different powers. Besides its legislative power, particularly relevant in the adoption of the data protection reform package, as well as the power to give consent to EU legal acts (for example, the EU-US Umbrella agreement and the Protocol to the CoE Convention 108), the Parliament has exercised its varied power of political control over the Commission on several occasions in the area of privacy and data protection. Moreover, it has used its powers of enquiry to question and launch investigations on specific issues related to the lawfulness of data processing and other subjects. In light of the Snowden revelations about the US National Security Agency’s data collection programme and about the risk that US law and practice did not offer adequate protection to EU citizens’ data transferred to the US, the Parliament repeatedly called for the suspension of the EU-US Safe Harbour data transfer agreement. As part of the Parliament’s inquiry into mass surveillance of EU citizens, MEPs looked into alleged spying activities by the US and some EU countries, adopting ad hoc resolutions and providing recommendations on preventing further breaches and on redress mechanisms. Having called for the annulment of the Safe Harbour agreement (later withdrawn, following the CJEU’s ruling), the Parliament continued to scrutinise the Commission’s activities leading to the new Privacy Shield data-transfers framework in 2016. Although recognising the improvements of the new arrangement, the Parliament has repeatedly voiced its concerns, especially in its resolutions on transatlantic data flow (2016) and on the adequacy of the ‘Shield’ (2018). Although the Parliament is not formally involved in the related negotiations, it assesses (and may request to amend or withdraw) the Commission’s adequacy decisions on third countries’ level of data protection. Also to this end, ad hoc delegations of the Committee on Civil Liberties (LIBE) have visited the US, Canada, Japan and recently South Korea. The instrument of parliamentary questions for oral or written answers addressed to the European Commission has been used several time on specific issues of data protection and privacy. As part of its scrutiny powers, the Parliament requested, for the first time in November 2018 and according to Article 218(11) TFEU, the opinion of the Court of Justice of the EU (CJEU) on the EU-Canada PNR transfer agreement on its compatibility with privacy and data protection rights. European advisory bodies on data protection (the European Data Protection Supervisor and European Data Protection Board) have to regularly report to Parliament on their activities. Moreover, the Parliament has been active in questioning and investigating the Facebook/Cambridge Analytica scandal (companies certified under the Privacy Shield and accused of misuse of data, including that of European citizens). During the April 2018 plenary session, MEPs called for a strong European position and insisted that Facebook’s CEO, Mark Zuckerberg, appear in the European Parliament to give clarifications. Several hearings were organised on the issue by the LIBE Committee, and a resolution was adopted by the Parliament to wind up the debate on the use of Facebook users’ data by Cambridge Analytica and the impact on data protection in October 2018. Unusually, this was explicitly addressed, not only to the Council, the Commission and the governments and parliaments of the Member States, but also to the US, the Council of Europe and the CEO of Facebook. Finally, the Parliament has provided a forum for public debate on privacy and data protection matters, not just within its formal meeting rooms, but also by organising several conferences, which contributed to triggering the debate on critical issues such as new technologies vs rights protection, and to increasing awareness that the underlying values of data protection legislation are essential for democracy.


a mapping of EP powers
Like most national parliaments, the European Parliament exercises scrutiny over the EU executive – the European Commission – but also other institutions. Parliamentary scrutiny involves several important powers. According to the EU Treaties, the Commission as a body is responsible to the European Parliament and it has to resign if a motion of censure, also known as a vote of no confidence, is adopted by Parliament. While the latter has never happened, the imminent likelihood of such a vote led to the collective resignation of the Santer Commission in 1999. Further, while the Treaties speak of collective responsibility of the Commission and are silent on withdrawing confidence in individual Commissioners, the Parliament may – in case of conflict of interest – request the President of the Commission to do so (Parliament Rules of Procedure, Rule 118(10)). The 2010 Framework Agreement between the Parliament and Commission commits the Commission President to ‘seriously consider’ such a request by Parliament. These provisions have so far not been applied. Parliamentary scrutiny also involves the right to question the executive (the Commission) by means of parliamentary questions, and the corresponding duty of the Commission to provide an answer (Article 230 TFEU). Further powers of scrutiny include inquiry committees set up to investigate ‘alleged contraventions or maladministration in the implementation of Union law’ (Article 226 TFEU), as well as special parliamentary committees. Another long-fought for prerogative of Parliament is the scrutiny of ‘delegated’ and ‘implementing acts’, adopted by the Commission, including a right to veto delegated acts or revoke the delegation of power. Such formal scrutiny powers are complemented by various tools used by the Parliament at the practical level when conducting its business, for example in the context of impact assessment of proposed legislation or evaluation of the implementation of existing laws.
Read the complete study on ‘The power of the European Parliament: Examples of EP impact during the 2014-19 legislative term‘ in the Think Tank pages of the European Parliament.

Related Articles

Leave a Reply to Privacy and personal data protection [European Parliament impact 2014-2019] | Vatcompany.netCancel reply