Feeds

US gives in to EU demands over data

PNR and Swift finally put to bed - but still restless

5 things you didn’t know about cloud backup

The US has capitulated to EU demands that its use of European data in counter-terrorism operations should be subject to foreign scrutiny.

The two sides finally compromised this week on their long-running disagreements over the US requisition of personal data about European citizens from passenger name records (PNR) held by airlines, and their financial transactions processed by Swift, a Belgian mediator of international financial transactions.

In both sets of negotiations the EU had insisted that it appoint people in Washington to oversee the US use of European data. It believed that US privacy laws would not protect European citizens' data from being abused. The US had maintained as a point of principle that European oversight would be a violation of its sovereignty, said EU sources. But both deals have given the EU the power to inspect US investigators.

"The optimistic view is that this is a victory for the EU," said Gus Hossein, a director of Privacy International. However, he and EU officials said the jury was out until the details of the oversight arrangements had been agreed. And the EU had won only limited oversight over the US use of PNR data.

The US had an undeniably strong position on PNR - it had a right to know who was entering its country. Yet the two required legal cover for the transfer to take place and the EU was insistent that, in the absence of firmer US privacy laws, it must have someone inspect the arrangements. Nevertheless, according to the draft agreement still waiting for ratification of member states, the oversight would only occur "periodically". One EU official said this would consist of just one half-term review and someone watching over the US implementation of the agreement. The EU is also sceptical about how binding the agreement would be on the US.

The EU won greater concessions over US use of data commandeered from Swift, even though it did not have a negotiating position and no power to hold the US to a formal agreement. Swift held records of EU financial transactions on US soil, thus the US had a right to access Swift's data. But US interests were sensitive to Swift - it could not afford to undermine the confidence of other firms who hold data on EU soil by failing to assure Swift's customers that the privacy of their financial transactions would not be violated. The question of industrial espionage had even been raised.

So the US took a unilateral position on Swift, but one that guarantees ongoing, independent EU oversight of all its subpoenas on the financial firm.

EU officials still had reservations about both deals. The Swift arrangement allows the US to share data requisitioned from Swift with third countries. The US has assured the EU that it will insist data is treated by third countries according to the principles of data protection. Yet there would be no binding arrangement over third countries that do not have data protection laws.

The European Data Protection Supervisor has expressed its reservations about the final details of the PNR arrangement. The US will retain data about European citizens for fifteen years. Even the EU's negotiating position of three and half years had been too long, it said. ®

The essential guide to IT transformation

More from The Register

next story
One HUNDRED FAMOUS LADIES exposed NUDE online
Celebrity women victimised as Apple iCloud accounts reportedly popped
Rubbish WPS config sees WiFi router keys popped in seconds
Another day, another way in to your home router
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
NZ Justice Minister scalped as hacker leaks emails
Grab your popcorn: Subterfuge and slur disrupts election run up
HP: NORKS' cyber spying efforts actually a credible cyberthreat
'Sophisticated' spies, DIY tech and a TROLL ARMY – report
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?