A proposed data transfer pact with the United States to replace two previous agreements struck down by Europe's top court does not contain sufficient safeguards to protect Europeans' data, a key committee of EU lawmakers said on Thursday.
The comments from the European Parliament's civil liberties committee came two months after the European Union data protection watchdog EDPB expressed concerns about the draft data transfer deal.
The worries contrasted with the European Commission, which in a draft decision in December said that U.S. safeguards against American intelligence activities were strong enough to address EU data privacy concerns.
"We are not convinced that this new framework sufficiently protects personal data of our citizens, and therefore we doubt it will survive the test of the CJEU (EU Court of Justice)," committee member Juan Fernando Lopez Aguilar said in a statement.
"The Commission must continue working to address the concerns raised by the European Data Protection Board and the Civil Liberties Committee even if that means reopening the negotiations with the US," he said.
Lawmakers said the proposed pact still allowed for bulk collection of personal data in certain cases, did not make bulk data collection subject to independent prior authorisation, and did not contain clear rules on data retention.
They said the decisions of a review board to which EU citizens could seek redress would be secret and thus would prevent Europeans from accessing them.
The data transfer agreement affects thousands of companies that transfer Europeans' personal data across the Atlantic for commercial use such as financial services, human resources and e-commerce.
Parliament will vote on the committee's resolution in the coming weeks. The assembly and EU countries will offer non-binding opinions after which the Commission will make its final decision on the data transfer pact.
(Reporting by Foo Yun Chee; Editing by Mark Potter)