Europe seeks new data privacy deal with US

The EC has proposed giving people the right to access and correct personal data held by the US as part of anti-terrorist and criminal investigations
Written by Matthew Broersma, Contributor

The European Commission has moved forward in its plans to negotiate a data-protection deal with the US that would safeguard EU citizens' personal information when it is transferred to the US in the course of criminal or anti-terrorist investigations.

The Commission on Wednesday said it has adopted a draft mandate to begin negotiations on the agreement, though this still must be approved by the European Council.

"We have to be clear. There can be no data sharing without full data protection," said Viviane Reding, commissioner for justice, fundamental rights and citizenship, in a video message announcing the draft mandate. "Our fundamental rights have to be respected at all times. I want to make sure any agreement with the United States has a high level of protection."

The proposed agreement would give Europeans the right to access their own personal data and to have it corrected or deleted if found to be inaccurate.

It would also give individuals the right to administrative and judicial redress, regardless of their nationality or place of residence. All the new rights would be enforced by independent public authorities on both sides of the Atlantic.

The agreement will cover the transfer of data such as passenger records, financial data and internet records, the Commission said. The EU has disagreed with the US over the basis for such transfers in the past, and the level of privacy safeguards that should be applied to the data involved.

For instance, in February the European Parliament (EP) rejected a proposed interim agreement that would have given US authorities access to European financial data, arguing the privacy risks posed were too great. That agreement, which was supported by the Commission, would have allowed US investigators access to data held by the Swift banking network.

The Commission said its privacy proposal is aimed at preventing such clashes in the future by setting out an agreed, common set of legally enforceable data-protection principles that would apply to all transfers of personal data.

A legal basis would be needed separately to justify the transfer of the data — for instance, a data transfer agreement or a national law in an EU member state, the Commission said. The proposed agreement would then apply to these data transfers.

The Commission said it be committed to keeping the EP informed at all stages of the negotiations, and would be obliged to seek the consent of that parliament to any deal emerging from the talks.

Editorial standards