Feeds

Transatlantic data sharing talks stumble over access to justice

Sharing is caring, says EU

Beginner's guide to SSL certificates

High-level transatlantic talks on data sharing have hit a snag over EU citizens' right to defend their privacy in US court, the European Commission said in Brussels yesterday.

The US Privacy Act only offers redress to US citizens and residents, while the EU guarantees citizens the right to protect their data worldwide. Washington officials have given assurances that other Acts will offer aggrieved Europeans their day in court, but Brussels "remains to be convinced".

Jonathan Faull, director of the European Commission's justice and interior affairs department, said: "It seems to us to be very important that Europeans should have in the US courts the same rights of action as Americans have in our courts when they believe that their data protection rights have been infringed. That is not to our satisfaction the case in the US."

European officials remain confident they will strike a deal, and sought to calm fears that the ongoing negotiations could offer law enforcement carte blanche to spray sensitive personal information across the Atlantic. They called the special press conference on Wednesday after it was revealed at the weekend that broad talks on principles around sharing data have been ongoing for 18 months.

Privacy advocates have been worried by the declassified document detailing progress in the negotiations. It indicates that the EU has agreed to share the most sensitive personal information about its citizens in exceptional circumstances. This could include medical details, trade union affiliation, religious beliefs and other categories of personal information that are specially protected under EU law.

Faull said the exceptions would be rare, and gave the example of an airline passenger name record (PNR). It could include the fact that a European terror suspect was diabetic so he would get a special in-flight meal. If US law enforcement accessed the record, the medical information would have to be shared.

He argued that the negotiations "are not about sharing data, they are about the protection of data". He repeated the message several times during his presentation.

Data sharing deals between the EU and Washington have so far been made on a case-by-case basis. Officials want to simplify the complex negotiations that led to agreements for transferring SWIFT banking data and PNRs.

Faull said: "What it will do is clear the path to a very large extent I hope that we had to follow in the individual negotiations in the PNR and SWIFT cases. What it will not do is settle the difficult points of detail." He said for example that once it has been shared data should only be retained for the shortest time possible, but that the specific length of time would depend on the particular type of data.

The Commission agreed to work with American officials in November 2006. So far the two parties have identified 12 areas where EU and US privacy laws agree in principle. As well as the lack of court redress rights for foreigners under the US Privacy Act, there are further hurdles to a binding international agreement.

The pair have not tackled what impact an agreement would have on private companies' obligations during data tranfers, or how to ensure the application of and penalties for breaking data protection laws are "equivalent and reciprocal". They also haven't decided how to link individual data sharing arrangements to the generally-agreed principles.

Finally, the EU is concerned about how data it shares with the US might be passed on to third countries that don't have acceptable data protection rules.

Nevertheless, Faull said he hopes a formal bilateral agreement will be approved by the European Council next year. "There is nothing secret about this, there is nothing mysterious about this," he insisted. ®

Security for virtualized datacentres

More from The Register

next story
Inequality increasing? BOLLOCKS! You heard me: 'Screw the 1%'
There's morality and then there's economics ...
Google hits back at 'Dear Rupert' over search dominance claims
Choc Factory sniffs: 'We're not pirate-lovers - also, you publish The Sun'
Spies, avert eyes! Tim Berners-Lee demands a UK digital bill of rights
Lobbies tetchy MPs 'to end indiscriminate online surveillance'
While you queued for an iPhone 6, Apple's Cook sold shares worth $35m
Right before the stock took a 3.8% dive amid bent and broken mobe drama
How the FLAC do I tell MP3s from lossless audio?
Can you hear the difference? Can anyone?
4chan outraged by Emma Watson nudie photo leak SCAM
In the immortal words of Shaggy, it wasn't me us ... amirite?
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.