The European Parliament passed a resolution today strongly criticizing Privacy Shield and recommending that Privacy Shield be suspended as of September 1, 2018, if the US doesn’t shape up by that deadline. Should US companies that rely on Privacy Shield panic?
The European Parliament has no power to suspend Privacy Shield on September 1, 2018, or any other date. Only two entities can do that: the European Commission, or the Court of Justice of the European Union (CJEU). And the CJEU might just do that when it rules sometime during the next year or so on the new case between Maximillian Schrems and Facebook (Case C-311/18). There’s no new information on the Schrems II case at CJEU, but we are tracking it. That one is worth worrying about.
The European Parliament’s resolution does have some political weight, however. The Commission is required to respond to the Parliament within three months explaining what it is going to do – if anything – in response to the Parliament’s criticisms. And if the Commission shrugs its shoulders, there’s not much the Parliament can do except pass another resolution.
The final version of the European Parliament’s resolution is not available yet on the Parliament’s website (it was just passed today), but the proposed form can be found here.