EU watchdog objects to giving US data in bulk

Summary:An EU agreement to share financial data with US law enforcement agencies should not include the transfer of data in bulk, European privacy watchdog Peter Hustinx has said

A proposal to allow bulk transfer of bank data to the US for scrutiny by law enforcement agencies has been criticised by the European privacy watchdog Peter Hustinx.

Hustinx, the European Data Protection Supervisor, said on Tuesday that a draft agreement on financial data-sharing, intended to combat terrorism, should be negotiated further.

"I am fully aware that the fight against terrorism and terrorism financing may require restrictions to the right to the protection of personal data," said Hustinx in a statement. "However, in view of the intrusive nature of the draft agreement, which allows transfers of data in bulk to the US, the necessity of such scheme should first be unambiguously established, especially in relation to already existing instruments."

The draft agreement — the Terrorist Finance Tracking Programme (TFTP) Agreement — was adopted by the European Commission on 15 June. At the time, the Commission said that the proposed deal would "increase the security of European citizens while at the same time fully respecting their rights to privacy and data protection".

It is intended to replace an interim agreement that was voted down by the European Parliament in February. The interim agreement, which allowed US investigators access to financial data held by the Swift banking network, was not proportionate, MEPs decided.

Hustinx noted on Tuesday that the US and Europe already have procedures in place to share financial information for law enforcement purposes, including an agreement on mutual legal assistance.

Even if bulk transfers of banking data are stricken from the draft US/EU data-sharing agreement, the draft still needs further work so it complies with EU protection law, he added.

Requests from the US Treasury for data should be entrusted to a public judicial authority, the privacy supervisor argued. Bulk transfer should be replaced with European filtering mechanisms, so that only relevant data is sent.

He also recommended that the storage period for data that has not been requested by the US should decrease, while independent oversight should increase.

Hustinx's criticisms come as the European Parliament is negotiating the transfer of Passenger Name Record (PNR) data to the US, to ensure that the transfer does not infringe data protection law. In addition, the European Commission is negotiating a data protection deal with US authorities.

Topics: Security

About

Tom is a technology reporter for ZDNet.com, writing about all manner of security and open-source issues.Tom had various jobs after leaving university, including working for a company that hired out computers as props for films and television, and a role turning the entire back catalogue of a publisher into e-books.Tom eventually found tha... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.