Feeds

US gives in to EU demands over data

PNR and Swift finally put to bed - but still restless

Choosing a cloud hosting partner with confidence

The US has capitulated to EU demands that its use of European data in counter-terrorism operations should be subject to foreign scrutiny.

The two sides finally compromised this week on their long-running disagreements over the US requisition of personal data about European citizens from passenger name records (PNR) held by airlines, and their financial transactions processed by Swift, a Belgian mediator of international financial transactions.

In both sets of negotiations the EU had insisted that it appoint people in Washington to oversee the US use of European data. It believed that US privacy laws would not protect European citizens' data from being abused. The US had maintained as a point of principle that European oversight would be a violation of its sovereignty, said EU sources. But both deals have given the EU the power to inspect US investigators.

"The optimistic view is that this is a victory for the EU," said Gus Hossein, a director of Privacy International. However, he and EU officials said the jury was out until the details of the oversight arrangements had been agreed. And the EU had won only limited oversight over the US use of PNR data.

The US had an undeniably strong position on PNR - it had a right to know who was entering its country. Yet the two required legal cover for the transfer to take place and the EU was insistent that, in the absence of firmer US privacy laws, it must have someone inspect the arrangements. Nevertheless, according to the draft agreement still waiting for ratification of member states, the oversight would only occur "periodically". One EU official said this would consist of just one half-term review and someone watching over the US implementation of the agreement. The EU is also sceptical about how binding the agreement would be on the US.

The EU won greater concessions over US use of data commandeered from Swift, even though it did not have a negotiating position and no power to hold the US to a formal agreement. Swift held records of EU financial transactions on US soil, thus the US had a right to access Swift's data. But US interests were sensitive to Swift - it could not afford to undermine the confidence of other firms who hold data on EU soil by failing to assure Swift's customers that the privacy of their financial transactions would not be violated. The question of industrial espionage had even been raised.

So the US took a unilateral position on Swift, but one that guarantees ongoing, independent EU oversight of all its subpoenas on the financial firm.

EU officials still had reservations about both deals. The Swift arrangement allows the US to share data requisitioned from Swift with third countries. The US has assured the EU that it will insist data is treated by third countries according to the principles of data protection. Yet there would be no binding arrangement over third countries that do not have data protection laws.

The European Data Protection Supervisor has expressed its reservations about the final details of the PNR arrangement. The US will retain data about European citizens for fifteen years. Even the EU's negotiating position of three and half years had been too long, it said. ®

Internet Security Threat Report 2014

More from The Register

next story
FYI: OS X Yosemite's Spotlight tells Apple EVERYTHING you're looking for
It's on by default – didn't you read the small print?
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
Edward who? GCHQ boss dodges Snowden topic during last speech
UK spies would rather 'walk' than do 'mass surveillance'
Microsoft pulls another dodgy patch
Redmond makes a hash of hashing add-on
NOT OK GOOGLE: Android images can conceal code
It's been fixed, but hordes won't have applied the upgrade
'LulzSec leader Aush0k' found to be naughty boy not worthy of jail
15 months home detention leaves egg on feds' faces as they grab for more power
China is ALREADY spying on Apple iCloud users, claims watchdog
Attack harvests users' info at iPhone 6 launch
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.