Feeds

Transatlantic data sharing talks stumble over access to justice

Sharing is caring, says EU

Gartner critical capabilities for enterprise endpoint backup

High-level transatlantic talks on data sharing have hit a snag over EU citizens' right to defend their privacy in US court, the European Commission said in Brussels yesterday.

The US Privacy Act only offers redress to US citizens and residents, while the EU guarantees citizens the right to protect their data worldwide. Washington officials have given assurances that other Acts will offer aggrieved Europeans their day in court, but Brussels "remains to be convinced".

Jonathan Faull, director of the European Commission's justice and interior affairs department, said: "It seems to us to be very important that Europeans should have in the US courts the same rights of action as Americans have in our courts when they believe that their data protection rights have been infringed. That is not to our satisfaction the case in the US."

European officials remain confident they will strike a deal, and sought to calm fears that the ongoing negotiations could offer law enforcement carte blanche to spray sensitive personal information across the Atlantic. They called the special press conference on Wednesday after it was revealed at the weekend that broad talks on principles around sharing data have been ongoing for 18 months.

Privacy advocates have been worried by the declassified document detailing progress in the negotiations. It indicates that the EU has agreed to share the most sensitive personal information about its citizens in exceptional circumstances. This could include medical details, trade union affiliation, religious beliefs and other categories of personal information that are specially protected under EU law.

Faull said the exceptions would be rare, and gave the example of an airline passenger name record (PNR). It could include the fact that a European terror suspect was diabetic so he would get a special in-flight meal. If US law enforcement accessed the record, the medical information would have to be shared.

He argued that the negotiations "are not about sharing data, they are about the protection of data". He repeated the message several times during his presentation.

Data sharing deals between the EU and Washington have so far been made on a case-by-case basis. Officials want to simplify the complex negotiations that led to agreements for transferring SWIFT banking data and PNRs.

Faull said: "What it will do is clear the path to a very large extent I hope that we had to follow in the individual negotiations in the PNR and SWIFT cases. What it will not do is settle the difficult points of detail." He said for example that once it has been shared data should only be retained for the shortest time possible, but that the specific length of time would depend on the particular type of data.

The Commission agreed to work with American officials in November 2006. So far the two parties have identified 12 areas where EU and US privacy laws agree in principle. As well as the lack of court redress rights for foreigners under the US Privacy Act, there are further hurdles to a binding international agreement.

The pair have not tackled what impact an agreement would have on private companies' obligations during data tranfers, or how to ensure the application of and penalties for breaking data protection laws are "equivalent and reciprocal". They also haven't decided how to link individual data sharing arrangements to the generally-agreed principles.

Finally, the EU is concerned about how data it shares with the US might be passed on to third countries that don't have acceptable data protection rules.

Nevertheless, Faull said he hopes a formal bilateral agreement will be approved by the European Council next year. "There is nothing secret about this, there is nothing mysterious about this," he insisted. ®

Gartner critical capabilities for enterprise endpoint backup

More from The Register

next story
'Stop dissing Google or quit': OK, I quit, says Code Club co-founder
And now a message from our sponsors: 'STFU or else'
Ex US cybersecurity czar guilty in child sex abuse website case
Health and Human Services IT security chief headed online to share vile images
Don't even THINK about copyright violation, says Indian state
Pre-emptive arrest for pirates in Karnataka
The police are WRONG: Watching YouTube videos is NOT illegal
And our man Corfield is pretty bloody cross about it
Felony charges? Harsh! Alleged Anon hackers plead guilty to misdemeanours
US judge questions harsh sentence sought by prosecutors
Oz biz regulator discovers shared servers in EPIC FACEPALM
'Not aware' that one IP can hold more than one Website
Apple tried to get a ban on Galaxy, judge said: NO, NO, NO
Judge Koh refuses Samsung ban for the third time
prev story

Whitepapers

Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up distributed data
Eliminating the redundant use of bandwidth and storage capacity and application consolidation in the modern data center.
The essential guide to IT transformation
ServiceNow discusses three IT transformations that can help CIOs automate IT services to transform IT and the enterprise
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.