Feeds

Transatlantic data sharing talks stumble over access to justice

Sharing is caring, says EU

Maximizing your infrastructure through virtualization

High-level transatlantic talks on data sharing have hit a snag over EU citizens' right to defend their privacy in US court, the European Commission said in Brussels yesterday.

The US Privacy Act only offers redress to US citizens and residents, while the EU guarantees citizens the right to protect their data worldwide. Washington officials have given assurances that other Acts will offer aggrieved Europeans their day in court, but Brussels "remains to be convinced".

Jonathan Faull, director of the European Commission's justice and interior affairs department, said: "It seems to us to be very important that Europeans should have in the US courts the same rights of action as Americans have in our courts when they believe that their data protection rights have been infringed. That is not to our satisfaction the case in the US."

European officials remain confident they will strike a deal, and sought to calm fears that the ongoing negotiations could offer law enforcement carte blanche to spray sensitive personal information across the Atlantic. They called the special press conference on Wednesday after it was revealed at the weekend that broad talks on principles around sharing data have been ongoing for 18 months.

Privacy advocates have been worried by the declassified document detailing progress in the negotiations. It indicates that the EU has agreed to share the most sensitive personal information about its citizens in exceptional circumstances. This could include medical details, trade union affiliation, religious beliefs and other categories of personal information that are specially protected under EU law.

Faull said the exceptions would be rare, and gave the example of an airline passenger name record (PNR). It could include the fact that a European terror suspect was diabetic so he would get a special in-flight meal. If US law enforcement accessed the record, the medical information would have to be shared.

He argued that the negotiations "are not about sharing data, they are about the protection of data". He repeated the message several times during his presentation.

Data sharing deals between the EU and Washington have so far been made on a case-by-case basis. Officials want to simplify the complex negotiations that led to agreements for transferring SWIFT banking data and PNRs.

Faull said: "What it will do is clear the path to a very large extent I hope that we had to follow in the individual negotiations in the PNR and SWIFT cases. What it will not do is settle the difficult points of detail." He said for example that once it has been shared data should only be retained for the shortest time possible, but that the specific length of time would depend on the particular type of data.

The Commission agreed to work with American officials in November 2006. So far the two parties have identified 12 areas where EU and US privacy laws agree in principle. As well as the lack of court redress rights for foreigners under the US Privacy Act, there are further hurdles to a binding international agreement.

The pair have not tackled what impact an agreement would have on private companies' obligations during data tranfers, or how to ensure the application of and penalties for breaking data protection laws are "equivalent and reciprocal". They also haven't decided how to link individual data sharing arrangements to the generally-agreed principles.

Finally, the EU is concerned about how data it shares with the US might be passed on to third countries that don't have acceptable data protection rules.

Nevertheless, Faull said he hopes a formal bilateral agreement will be approved by the European Council next year. "There is nothing secret about this, there is nothing mysterious about this," he insisted. ®

Top three mobile application threats

More from The Register

next story
Arrr: Freetard-bothering Digital Economy Act tied up, thrown in the hold
Ministry of Fun confirms: Yes, we're busy doing nothing
Help yourself to anyone's photos FOR FREE, suggests UK.gov
Copyright law reforms will keep m'learned friends busy
Apple smacked with privacy sueball over Location Services
Class action launched on behalf of 100 million iPhone owners
US judge: YES, cops or feds so can slurp an ENTIRE Gmail account
Crooks don't have folders labelled 'drug records', opines NY beak
ONE EMAIL costs mining company $300 MEEELION
Environmental activist walks free after hoax sent share price over a cliff
UK government officially adopts Open Document Format
Microsoft insurgency fails, earns snarky remark from UK digital services head
You! Pirate! Stop pirating, or we shall admonish you politely. Repeatedly, if necessary
And we shall go about telling people you smell. No, not really
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.