You are currently browsing EDRi's old website. Our new website is available at https://edri.org

EDRI-gram

If you wish to help EDRI promote digital rights, please consider making a private donation.


Flattr this

logo

EDRi booklets

Data protection authorities call for a strict EU-US privacy agreement

1 December, 2010
» 
|

This article is also available in:
Deutsch: WP29 fordert strenges EU-US Datenschutz-Abkommen

As the European Commission prepares to conclude a deal with the US on the protection of personal data exchanged in police and criminal justice cooperation matters, the European privacy watchdogs call for a strict and clear privacy agreement.

Article 29 Data Protection Working Party (WP) sent a letter on 18 November 2010 to the three European main institutions (Council, Commission and Parliament) expressing its concerns for not having been consulted on the development of the discussion within the Council and European Parliament over the draft negotiation mandate presented by the European Commission on 25 May 2010, voicing certain concerns and giving its recommendations.

Referring to the agreement as "an umbrella agreement" that should cover all existing and future deals between the EU and the US and any other state as well as between EU member states, the WP emphasizes the fact that it should comply with the EU data protection framework including the Charter of Human Rights.

WP recommends that the agreement be widely applicable for a "coherent and high level of data protection" and a clear purpose limitation be imposed. "This means the agreement should be applicable to all transfers of personal data to prevent, detect, investigate and prosecute serious transnational crime and terrorist acts. This purpose should be clearly defined by the agreement, preferably including a definition of 'law enforcement purposes'".

In the WP's opinion, a national security exception for the transfer of data concerning "essential national security interests and specific intelligence activities in the field of national security" should not be considered.

Furthermore, the WP urges the Commission to obtain the retroactive application of the future agreement to cover "all existing multilateral and bilateral agreements between the EU and/or its Member States and the US, unless the current level of data protection is higher than the level of protection offered by the EU-US general agreement." A maximum 3-year transition period could be acceptable.

Having in view the privacy issues raised by the TFTP II Agreement (so called SWIFT) allowing the US to obtain access to information on international bank transfers, the WP stresses the need for data protection safeguards in the future agreement, including "full, effective and enforceable rights for all individuals, including both administrative and judicial redress, and limitations to bulk transfers."

On 24 November, LIBE (Civil Liberties, Justice and Home Affairs) Committee of the European Parliament Chairman also sent a letter to the EU Council on the future EU-US agreement regarding the protection of personal data that are transferred and processed in the framework of police and judicial cooperation in criminal matters.

The letter reiterates the support of the European Parliament for the data protection agreement draft mandate and reminds the urgent need of such an agreement between the EU and US that should cover personal data exchanges as well as an "early start to negotiations on enforceable data protection rights" in compliance with the EU Charter of Fundamental Rights and EU Data Protection Directive.

LIBE held on 25 October 2010 a public hearing on Data Protection in a Transatlantic Perspective - Future EU-US data protection agreement in the framework of police and judicial cooperation in criminal matters - with MEP Sophia In't Veld as chairperson.

While the US Ambassador to the EU assured that the US believed both parties had to "safeguard their citizens' security to the same degree to which they protect their liberties" and there was "no need to sacrifice privacy for security", he showed concern that the proposed mandate might "jeopardize the several hundred treaties, agreements, conventions, and arrangements underpinning every facet of Europe's and the United States' robust cooperation in justice and law enforcement" and believed that a retrospective application of the mandate would create "confusion among the law enforcement and legal authorities."

One of the most important interventions was that of Mr Rotenberg's from EPIC (Electronic Privacy Information Center) who pointed out that in the US, personal data is often "used for inappropriate purposes, there is no transparency and rights are violated". In his opinion, the US data protection laws should be amended. The Privacy Act of 1974, which refers to the collection of personal data by the US federal agencies, does not include non-US citizens or non lawful permanent residents. Also the Patriot Act "has reduced the privacy standards for US and non-US citizens limiting at the same time the power of the courts' authority in the matter."

Rotenberg considers that the data protection agreement could bring global benefits influencing other countries in adopting stronger privacy acts to protect the transfer of personal data.

Dr. Patrick Breyer from the German Working Group on Data Retention was very firm in stating that the transfer of personal data to the US created the risk of a violation of human rights and that no agreement could eliminate that risk. However, an international agreement with the US could improve the present situation if applied "exclusively to the information sharing that is taking place under existing agreements, thus reducing the amount of information shared and providing for more safeguards".

The negotiating mandate for the beginning of the talks between the European Commission and the US is expected to be adopted at the Justice and Home Affairs Council on 3 December 2010.

Article 29 Data protection working party - Data protection authorities call for strict general privacy agreement with United States (19.11.2010)
http://ec.europa.eu/justice/policies/privacy/news/docs/pr_19_11_10_en....

Article 29 Data protection working party Letter to Vice-President Viviane Reding Commissioner for Justice, Fundamental Rights and Citizenship European Commission on EU-US General Agreement (19.11.2010)
http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/others/2010_1...

EP LIBE - Future EU-US data protection agreement in the framework of police and judicial cooperation in criminal matters (25/10/2010)
http://www.statewatch.org/news/2010/nov/ep-report-on-eu-usa-data-trans...

Letter of the Committee of Civil Liberties, Justice and Home Affairs Chairman on the future EU-US agreement on the protection of personal data to Stefaan De Clerck of the EU Council (24.11.2010)
http://www.statewatch.org/news/2010/nov/ep-libe-eu-usa-agreement-lette...

‹ Internet blocking - key decisions to be made by 3 February 2011upThe Pirate Bay founders lost their appeal in the Swedish Appeals Court ›
Printer-friendly version
 
Site by Floatleft.

Syndicate:

Syndicate contentCreative Commons License

With financial support from the EU's Fundamental Rights and Citizenship Programme.
eu logo