Feeds

Transatlantic data sharing talks stumble over access to justice

Sharing is caring, says EU

Top three mobile application threats

High-level transatlantic talks on data sharing have hit a snag over EU citizens' right to defend their privacy in US court, the European Commission said in Brussels yesterday.

The US Privacy Act only offers redress to US citizens and residents, while the EU guarantees citizens the right to protect their data worldwide. Washington officials have given assurances that other Acts will offer aggrieved Europeans their day in court, but Brussels "remains to be convinced".

Jonathan Faull, director of the European Commission's justice and interior affairs department, said: "It seems to us to be very important that Europeans should have in the US courts the same rights of action as Americans have in our courts when they believe that their data protection rights have been infringed. That is not to our satisfaction the case in the US."

European officials remain confident they will strike a deal, and sought to calm fears that the ongoing negotiations could offer law enforcement carte blanche to spray sensitive personal information across the Atlantic. They called the special press conference on Wednesday after it was revealed at the weekend that broad talks on principles around sharing data have been ongoing for 18 months.

Privacy advocates have been worried by the declassified document detailing progress in the negotiations. It indicates that the EU has agreed to share the most sensitive personal information about its citizens in exceptional circumstances. This could include medical details, trade union affiliation, religious beliefs and other categories of personal information that are specially protected under EU law.

Faull said the exceptions would be rare, and gave the example of an airline passenger name record (PNR). It could include the fact that a European terror suspect was diabetic so he would get a special in-flight meal. If US law enforcement accessed the record, the medical information would have to be shared.

He argued that the negotiations "are not about sharing data, they are about the protection of data". He repeated the message several times during his presentation.

Data sharing deals between the EU and Washington have so far been made on a case-by-case basis. Officials want to simplify the complex negotiations that led to agreements for transferring SWIFT banking data and PNRs.

Faull said: "What it will do is clear the path to a very large extent I hope that we had to follow in the individual negotiations in the PNR and SWIFT cases. What it will not do is settle the difficult points of detail." He said for example that once it has been shared data should only be retained for the shortest time possible, but that the specific length of time would depend on the particular type of data.

The Commission agreed to work with American officials in November 2006. So far the two parties have identified 12 areas where EU and US privacy laws agree in principle. As well as the lack of court redress rights for foreigners under the US Privacy Act, there are further hurdles to a binding international agreement.

The pair have not tackled what impact an agreement would have on private companies' obligations during data tranfers, or how to ensure the application of and penalties for breaking data protection laws are "equivalent and reciprocal". They also haven't decided how to link individual data sharing arrangements to the generally-agreed principles.

Finally, the EU is concerned about how data it shares with the US might be passed on to third countries that don't have acceptable data protection rules.

Nevertheless, Faull said he hopes a formal bilateral agreement will be approved by the European Council next year. "There is nothing secret about this, there is nothing mysterious about this," he insisted. ®

3 Big data security analytics techniques

More from The Register

next story
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Lavabit loses contempt of court appeal over protecting Snowden, customers
Judges rule complaints about government power are too little, too late
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Edward Snowden on his Putin TV appearance: 'Why all the criticism?'
Denies Q&A cameo was meant to slam US, big-up Russia
Banks slap Olympus with £160 MEEELLION lawsuit
Scandal hit camera maker just can't shake off its past
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.