Close Menu
    Latest Category
    • Finance
    • Tech
    • EU Law
    • Energy
    • fx
    • About
    • Contact
    EUbusiness.com | EU news, business and politicsEUbusiness.com | EU news, business and politics
    Login
    • EU News
    • Focus
    • Guides
    • Press
    • Jobs
    • Events
    • Directory
    EUbusiness.com | EU news, business and politicsEUbusiness.com | EU news, business and politics
    Home»Post

    EU-US data protection agreement negotiations – briefing

    Ina DimirevaBy Ina Dimireva26 May 2010 Post No Comments7 Mins Read
    Share
    Facebook Twitter LinkedIn Pinterest Email
    — last modified 26 May 2010

    The European Commission today adopted a draft mandate to negotiate a personal data protection agreement between the European Union and the United States when cooperating to fight terrorism or crime. The aim is to ensure a high level of protection of personal information like passenger data or financial information that is transferred as part of transatlantic cooperation in criminal matters. The agreement would enhance the right of citizens to access, rectify or delete data, where appropriate.

    What has the European Commission proposed today?

    The Commission today adopted a draft mandate to negotiate a new personal data protection agreement with the United States. Such an agreement would cover personal data that have been transferred and are then processed in the context of police and judicial co-operation in criminal matters.

    The agreement would provide a high level of protection of personal data. People would have the right to be informed of data processing, to access the information and to request correction or deletion if inaccuracies are found. They would also have the right to seek judicial redress in courts. Independent public authorities on both sides of the Atlantic would help inform people of their rights, particularly in accessing, correcting and seeking redress.

    What rules for the protection of personal data are proposed in the draft mandate?

    The draft mandate contains all necessary data protection principles. The agreement would:

    • Require that personal data is processed fairly for a specific, legitimate purpose and retained for a limited time only;

    • Demand limitations in case of onward transfers of this data to a third country;

    • Stipulate that every person has the right to access the personal data that has been collected about the individual and the right to have it corrected or erased;

    • Require that compliance with these rules is overseen by independent public authorities on both sides of the Atlantic;

    • Ensure that there are mechanisms for seeking redress, as well as compensation for any damages suffered as a result of breaches.

    Why does data need to be transferred at all?

    Processing and transferring personal data is an essential part of fighting crime and terrorism, both within the European Union and when co-operating with international partners.

    Since the terrorist attacks of 11 September 2001 in the US and subsequent attacks in Europe and other parts of the world, the EU has enhanced police and judicial co-operation in criminal matters with the US. This has led to the conclusion of several agreements on the transfer of information, notably Passenger Name Records (PNR) and the Terrorist Finance Tracking Programme (TFTP).

    The data protection agreement is about the protection of personal data in the event that it has to be transferred. This agreement does not deal with the conditions governing whether data needs to be transferred.

    How would the agreement impact on existing agreements?

    The intention is to create a coherent legal framework. Therefore, the agreement would apply to any existing (such as PNR and TFTP) and future EU-US agreements that regulate transfers and processing of personal data when co-operating on criminal matters.

    Negotiations on TFTP have already started following the Council’s approval of the Commission’s mandate on 11 May. Both sides have indicated that the talks should be concluded quickly given the current security gap (following the European Parliament’s vote on 11 February to reject the interim TFTP agreement, no financial messaging data from Europe is currently being transferred to the US).

    Because the general data protection framework agreement will apply to TFTP, any inconsistencies between the two would mean that the TFTP would need to conform to the new agreement, following a transitional period.

    Why is a new data protection agreement needed?

    The EU and the US share similarities in their approaches to personal data protection, but there are also differences that have made negotiating agreements on data transfers particularly difficult. The right to the protection of personal data is a fundamental right in the EU (Article 8 of the EU Charter of Fundamental Rights) that is enshrined in the EU Treaties. There is no comparable explicit constitutional right in the US. Protection of personal data is dealt with by a variety of sector-specific statutes at US federal and state levels. Removing protection gaps and discrepancies between the two legal systems and thereby improving legal certainty are the main reasons for proposing a new agreement with the US.

    There are data protection rules in several specific agreements between the EU and the US, as well as bilateral arrangements between EU Member States and the US. However, there is currently no general umbrella framework for the protection of personal data between the two partners in the area of police and judicial co-operation in criminal matters.

    What are the goals of the agreement?

    The aim of the agreement is to create a framework of legally binding personal data protection standards that would apply to data transferred between the EU and the US which are processed in the context of police and judicial co-­operation in criminal matters.

    The agreement would also seek to obtain legal safeguards to ensure that these fundamental principles fully apply, and are not violated, such as effective independent supervision and mechanisms for compliance and seeking redress.

    Who would be covered by the agreement? Does this agreement allow for data transfers in general?

    The agreement would be limited to the protection of personal data when it is transferred to and processed by European institutions, bodies, offices and agencies, EU Member States and US public authorities responsible for the prevention, investigation, detection or prosecution of crimes, including terrorism.

    The agreement would not provide the legal basis for any specific transfer of personal data between the EU and US. A specific legal basis for such data transfers would always be required. For example, a data transfer agreement or a national law in an EU Member State would be needed. The data protection agreement would then apply to these data transfers.

    The agreement would ease the negotiation of any subsequent EU-US agreements concerning the transfer of a specific set of personal data because important aspects could be dealt with by reference to and on the foundation of this agreement.

    How can individuals know if their personal data is being stored or processed? What can they do about it?

    The agreement aims at enhancing the rights of individuals:

    • They should be informed about the purpose and categories of personal data that will be processed and by whom.

    • They should have the right to access their personal data. Any restriction to that right to access must be proportionate and necessary so that, for example, ongoing criminal investigations are not jeopardised.

    • An independent public authority should be allowed access on behalf of the individual concerned if direct access is not possible.

    • If personal data is incorrect, individuals should have the right to correct it, or, if appropriate, erase it.

    • In case of damages suffered due to unlawful processing, there should be a right to compensation.

    What is the legal basis of the agreement?

    The Lisbon Treaty now offers a new horizontal legal basis that allows the EU to establish rules relating to the protection of individuals with regard to the processing of personal data by EU institutions, bodies, offices and agencies, and by the Member States when carrying out activities that fall within the scope of EU law.

    The future agreement would be based on the Lisbon Treaty (Article 16 and 216 of the Treaty on the Functioning of the European Union).

    Source: European Commission

    Add A Comment

    Leave A Reply Cancel Reply

    You must be logged in to post a comment.

    Ina Dimireva

    Related Content

    EU Agenda: Week Ahead – 11-16 November 2024

    How cities are adapting to host major gatherings

    The truth about walk-in baths and why it’s a game-changer for the modern bathroom

    Why 918kiss APK Is the Ultimate Casino Experience for Mobile Users

    The future of family offices: trends and predictions for the next decade in Europe

    European economic recovery is good news for Bitcoin’s price

    LATEST EU NEWS

    EU approves EUR 300m for common defence procurement projects

    14 November 2024

    EU proposes e-declaration for the posting of workers

    14 November 2024

    EU calls on Apple to end geo-blocking on media services

    14 November 2024

    EUR/USD touches one year low as Trump takes control of Congress – Euro currency news daily

    14 November 2024

    EU artificial intelligence factories set for 2025

    13 November 2024
    BRIEFING

    Agenda

    This week, COP29 begins in Azerbaijan; finance ministers discuss the EU's annual budget for 2025; and MEPs hold a plenary session on EU-US relations, EU summits, deforestation and COP 29...

    EUbusiness Week

    This week competitiveness and environment ministers will hold informal meetings…

    Eurozone Economic Calendar

    Key economic calendar events for the week 11 to 16 November 2024

    The Week's Top Stories

    This week competitiveness and environment ministers will hold informal meetings…

    Advertisement

    Subscribe to EUbusiness Week

    Get the latest EU news

    Latest Posts

    EU approves EUR 300m for common defence procurement projects

    14 November 2024

    EU proposes e-declaration for the posting of workers

    14 November 2024

    EU calls on Apple to end geo-blocking on media services

    14 November 2024

    EUR/USD touches one year low as Trump takes control of Congress – Euro currency news daily

    14 November 2024

    CONTACT INFO

    • EUbusiness Ltd 117 High Street, Chesham Buckinghamshire, HP5 1DE United Kingdom
    • +44(0)20 8058 8232
    • service@eubusiness.com

    INFORMATION

    • About Us
    • Advertising
    • Contact Info

    Services

    • Privacy Policy
    • Tems
    • EU News

    SOCIAL MEDIA

    Facebook
    eubusiness.com © EUbusiness Ltd 2025
    Design and developed by : Dotsquares

    Type above and press Enter to search. Press Esc to cancel.

    Sign In or Register

    Welcome Back!

    Login below or Register Now.

    Lost password?

    Register Now!

    Already registered? Login.

    A password will be e-mailed to you.

    We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok