By Sarah Thompson and Mehboob Dossa
The EU and U.S.
reached an agreement on Tuesday (9 September) which will enable the two sides
to exchange personal data during criminal and terrorism investigations.
The so-called
“Umbrella Agreement” comes after four years of negotiations between the EU and
U.S. and will protect personal data exchanged between police and judicial
authorities in the course of investigations.
Concerns in the
EU were raised following revelations in 2013 that the U.S. National Security
Agency (NSA) conducted mass surveillance on EU citizens, was involved in
industrial espionage, and spied on heads of state and ministers. The European
Commission said this deal will help restore lost trust.
The Umbrella
Agreement will allow the transfer of personal data between the EU and the U.S.
“for the purpose of prevention, detection, investigation and prosecution of
criminal offences,” providing it is not “processed beyond compatible purposes.”
It also will put limits on the ability of the U.S., or an EU country, to pass
the shared data to a third country.
Importantly, EU
citizens will have the same rights as U.S. citizens to enforce their data
protection rights before U.S. courts in cases where U.S. authorities deny
access or rectification, or unlawfully disclose their personal data. U.S. citizens
currently have data protection rights in the EU, so this is seen as a quid pro
quo.
EU Justice
Commissioner Vera Jourová said the agreement will guarantee a “high level of
protection” for personal data exchanged between U.S. and EU investigators. “The
finalization of the Umbrella Agreement negotiations is therefore an important
step to strengthen the fundamental right to privacy effectively and to rebuild
trust in EU-U.S. data flows,” she said in a statement.
Next steps
In the U.S., the Judicial
Redress Bill, granting judicial redress rights to EU citizens,
will have to be adopted before the Umbrella Agreement can be signed and
formally concluded. Senator Chris Murphy, who is sponsoring the bill which was
introduced by Representative Frank James Sensenbrenner Jr., has said that he is
angling to attach the language to the Cybersecurity
Information Sharing Act that is currently pending, or pass it as a
standalone bill.
In the EU, the
European Council, on the basis of a proposal by the European Commission, shall
adopt a decision authorising the signing of the agreement. The decision
concluding the agreement will be adopted by the European Council after consent
of the European Parliament.
The Future of Safe
Harbor?
The negotiations
over the separate EU-U.S. Safe Harbor agreement, which covers corporate data
transfers, have hit a road block. The concurrence on the judicial redress issue
covered by the Umbrella Agreement should allow the parties to make progress on
that point as part of the Safe Harbor negotiations.
Last year, the European Parliament voted to suspend the Safe Harbor agreement, which legitimizes the transfer of personal data outside the EU to the U.S. More than 5,000 U.S. companies have signed on to the Safe Harbor self-certification scheme, but a study in 2013 found that hundreds of companies had lied about belonging to the Safe Harbor arrangement.
Last year, the European Parliament voted to suspend the Safe Harbor agreement, which legitimizes the transfer of personal data outside the EU to the U.S. More than 5,000 U.S. companies have signed on to the Safe Harbor self-certification scheme, but a study in 2013 found that hundreds of companies had lied about belonging to the Safe Harbor arrangement.
Almost two years
ago, the European Commission issued 13
recommendations to the U.S. to improve the scheme but, as yet,
little has been done to improve it. The U.S. Department of Commerce is refusing
to move on the agreement’s national security exceptions. The agreement is
currently under review and on 9 September 2015, Ms. Jourová said that she is
confident the work on Safe Harbor “will
soon conclude.”
No comments:
Post a Comment