Source: European Parliament
Question for written answer E-001950/2025
to the Commission
Rule 144
François-Xavier Bellamy (PPE)
On 13 April 2021, the European Data Protection Board (EDPB) invited Member States to re-evaluate their international agreements involving transfers of personal data, in particular agreements struck with the United States under the Foreign Account Tax Compliance Act (FATCA), in order to make these agreements compliant with the General Data Protection Regulation (GDPR). Four years later, and not a single Member State has published the required evaluation. This inaction constitutes a blatant violation of the obligation of responsibility laid down in Article 24 of the GDPR. During this time, the data of thousands of EU citizens continues to be passed on to the Internal Revenue Service (IRS), the US tax authority, without demonstrated legal safeguards.
In France, the Finance Act for 2022 required the French Government to submit a report on the implementation of its information exchange commitments, in line with the GDPR and the recommendations of the EDPB. This report has never seen the light of day. The lack of political will to protect fundamental rights is clear.
At the same time, the IRS publicly asserts its right to collect data outside the United States, in total disregard of EU legislation.
- 1.Does the Commission consider it acceptable that this situation persists?
- 2.Does the Commission plan to launch infringement proceedings against the Member States that are failing to fulfil their obligations under EU law?
- 3.And, above all: is the Commission finally ready to guarantee that EU citizens’ data will be duly protected, even from non-EU powers?
Submitted: 14.5.2025