EU Pushes For Tighter Data Sharing Rules With US

Europe and the US are wrangling over the transfer of data relating to terrorism or criminal activities

The European Commission is pushing to ensure that data shared with the US adheres to strict standards on issues such as privacy, the organisation has said.

In a statement released this week by the EC, EU commissioner for Justice, Fundamental Rights and Citizenship Viviane Reding said that protecting the personal data of European citizens was key in negotiations with US authorities on the issue.

“Fundamental rights must be protected and respected at all times. I want an EU-US agreement that protects personal data rights while fighting crime and terrorism,” said Reding. “I want to achieve an ambitious agreement, and I will associate the European Parliament very closely to the negotiations. I urge the Council to approve the mandate as soon as possible so we can swiftly proceed with negotiations on this and other important agreements between the EU and the US.”

Personal data protection crosses Atlantic

The EC has adopted a draft mandate this week as part of ongoing negotiations with US authorities on the transfer of personal data related to issues such as combating terrorism and crime. The eventual aim to create formal agreement with the US on the issue so that EU citizens could tackle any perceived threat to their privacy in US courts.

The next stage of the process will see the European Council rule on the draft mandate before negotiations begin with the US. The European Parliament will then be asked to give its consent to whatever is negotiated with the US.

”A solid agreement on personal data protection would benefit both sides of the Atlantic,” said EU Commissioner for Home Affairs, Cecilia Malmström. “By providing a high level of protection of personal data, it would give everyone – citizens, law enforcement authorities and other stakeholders – confidence that human rights are fully respected in the transatlantic fight against organised crime and terrorism.”

According to the EC, the impetus for the data transfer agreement with the US dates back to the terrorist attacks on 11 September 2001. “The EU and US are both committed to the protection of personal data and privacy,” the EC said. “However, they still have different approaches in protecting data, leading to some controversy in the past when negotiating information exchange agreements (such as the Terrorist Finance Tracking Programme, so-called SWIFT agreement, or Passenger Name Records). The purpose of the agreement proposed by the Commission today is to address and overcome these differences.”

EC outlines data transfer rules

The EC is pushing for a variety of rules to govern data transfers to the US including:

  • The transfer or processing of personal data by EU or US authorities would only be permitted for specified, explicit and legitimate purposes in the framework of fighting crime and terrorism;
  • There would be a right to access one’s personal data and this would be enforceable in courts;
  • There would be a right to have one’s personal data corrected or erased if it is found to be inaccurate;
  • There would be an individual right of administrative and judicial redress regardless of nationality or place of residence.

But even if an agreement is reached with the US, the EC is keen to point out that would still have to be a specific ruling before a transfer of data could take place. “The agreement would not provide the legal basis for any specific transfers of personal data between the EU and the US,” the EC said. “A specific legal basis for such data transfers would always be required, such as a data transfer agreement or a national law in an EU Member State.”

Last month, the head of an influential US think-tank warned that the failure of countries to cooperate on cybercrime is harming efforts to combat the problem. Speaking to eWEEK Europe UK at the Infosecurity Europe 2010 conference, Dr. Larry Ponemon, chairman and founder of the IT think-tank the Ponemon Institute, warned that the fight against cybercrime requires international cooperation, but that the process was failing currently.