European Union citizens whose personal data is transmitted to U.S. law enforcement authorities could soon have the same legal protections as U.S. citizens, the European Commission said Wednesday.
For three years, the EU and the U.S. have been negotiating an umbrella agreement to protect personal data transferred between the two for the prevention, detection, investigation and prosecution of criminal offences, including terrorism. About 95 percent of the deal has been agreed. However, one of the last sticking points is the request for equal treatment of Europeans in the U.S. if their data has been misused or mishandled.
In Europe, both U.S. and EU citizens can take authorities to court if such data is misused, but in the U.S. only American citizens have that right.
This is going to change. At the EU-U.S. Justice and Home Affairs Ministerial meeting in Athens, U.S. Attorney General Eric Holder announced that the Obama administration is seeking to extend to EU citizens guarantees of the U.S. Privacy Act which today are only available to U.S. citizens.
“In a world of globalized crime and terrorism we can protect our citizens only if we work together, including through sharing law enforcement information. At the same time we must ensure that we continue our long tradition of protecting privacy in the law enforcement context. We already have many mechanisms in place to do this and we have on both sides of the Atlantic an outstanding record to protect law enforcement information. But we can also do more and we can also do better,” he said at a news conference.
The protections proposed under the umbrella agreement would cover data relating to specific investigations, and also the bulk collection of personal data such as that transmitted by airlines on all passengers flying to the U.S., or that on international money transfers gathered by banks under the Terrorist Finance Tracking Program.
Holder’s announcement was welcomed by European Commission vice-president Viviane Reding, who called it an important step. “Now the announcement should be swiftly translated into legislation so that further steps can be taken in the negotiation. Words only matter if put into law. We are waiting for the legislative step,” she said in a statement.
The data protection umbrella agreement is meant to complement other data exchange agreements between the EU and the U.S., and aims to bring the level of protection of individuals beyond existing agreements.
However, the agreement will also make it easier and more straightforward to come to other data exchange agreements in the future. The agreement means that the EU can agree to sharing data if it can be sure that personal data transferred is protected and EU citizens have enforceable rights across the Atlantic, according to the Commission.
There are however more hurdles besides equality in judicial redress. The EU also seeks to ensure that data is only transferred for specified law enforcement purposes, and then processed in a way compatible with these purposes. Data of a victim of human trafficking for instance should not be dealt with in the same way as the data of a suspect of human trafficking.
In parallel, negotiations with the U.S. are ongoing to make the “safe harbor” agreement safer. The safe harbor framework gives U.S. companies the ability to process personal data from E.U. citizens while providing data protection as strong as required by EU legislation.
In November last year, the Commission proposed 13 changes to the agreement to the U.S. authorities.
While substantial progress has been made, the U.S. has not yet proposed any solutions to one key proposal that aims to limit access to safe harbor data for national security purposes, according to the Commission. This key issue will need to be addressed before the safe harbor framework can be given a clean bill of health, the Commission said.