European Parliament slams EU data protection enforcement and opposes data transfer to USA

Support our work: become a Friend of Statewatch from as little as £1/€1 per month.

The European Parliament plenary session on Tuesday 9 March adopted a Resolution saying that the 1995 Data Protection Directive was not working because of lack of resources, powers of enforcement, and lack of political will by national governments and the European Commission. The Resolution condemned the handing over of passenger data on people flying to the USA because it is contrary to EU law and the 1995 Directive.

The Resolution was passed by 439 votes in favour, 39 against and 28 abstentions.

The 1995 Directive was implemented by 1998 in most countries. The European Commission took five years to produce a report on how it is working. When it did the report showed that there is an enormous difference in the way it is implemented at national level - many data protection authorities lack finance and staff and most do not have powers of enforcement over state agencies and commercial companies. To which might be added there is no right for EU citizens to be informed when a state agency or company requests/passes on information about them, exchanges information on them, adds information or "suspicions" on them to their "profile" or passes information about them to a non-EU state. The report says that the Commission, EU governments and some data protection authorities "basically connive in the violation of the law".

Protection against intrusion on privacy and liberty is most important in the "third pillar" where data is transferred and gathered to deal with suspected criminal offences, so-called "illegal" immigration, so-called "suspect communities" and political protests - as well as a host of everyday offences which may or may not be valid. In April 2001 the Council of the European Union (the 15 EU governments) abolished its working party on data protection in the "third pillar" (which had been sitting since 1998). In November 2003 the European Commission promised the European Parliament that it would step in to protect citizens rights - we are still waiting. It might be observed that if the EU cannot protect the rights of citizens inside the Community how can it protect them outside?

Tony Bunyan, Statewatch editor, comments:

"The European Parliament has decided, overwhelmingly, that data protection in the EU is not working. It has also decided that the transfer of personal data (PNR) on airline passengers to the USA - which has no data protection laws for non-US citizens - would "flagrantly breach" EU law.

At the end of this month the European Parliament will be asked to vote again on the question of whether or not the USA offers "adequate" protection of data for EU citizens flying there. National governments will put a lot of pressure on MEPs to "toe the line" and accept the "deal" already agreed by the 15 EU governments.

All the evidence shows that people cannot rely on governments to protect their right to privacy, nor on the European Commission, for the future of democracy in Europe. Let us hope they can rely on the European Parliament"

Report to the European Parliament on the implementation of the Data Protection Directive (95/46/EC) (pdf)

Our work is only possible with your support.
Become a Friend of Statewatch from as little as £1/€1 per month.


Spotted an error? If you've spotted a problem with this page, just click once to let us know.

Report error