EU Justice Ministers approved today the start of talks between the European Union and the United States on a personal data protection agreement when cooperating to fight terrorism or crime. The aim is to ensure a high level of protection of personal information like passenger data or financial information that is transferred as part of transatlantic cooperation in criminal matters. Once in place, the agreement would enhance citizens’ right to access, rectify or delete data when it is processed with the aim to prevent, investigate, detect or prosecute criminal offences, including terrorism.
“Protection of personal data is a fundamental right for EU citizens,” said European Commission Vice-President Viviane Reding, the EU’s Justice Commissioner. “To guarantee this right, we need to be ambitious in our approach to personal data protection – both at home and abroad. Today’s decision gives us the green light to negotiate a solid and coherent agreement with the United States which balances enforceable rights for individuals with the strong cooperation we need to prevent terrorism and organized crime. I look forward to meeting my US counterparts in Washington next week to kick start these important negotiations.”
Since September 11, 2001 and subsequent terrorist attacks in Europe, the EU and United States have stepped up police and judicial cooperation in criminal matters. Sharing relevant information is an essential element of effective cooperation in the fight against crime – both within the EU and with the US. One important element is the transfer and processing of personal data for the prevention, investigation, detection or prosecution of crimes, including terrorism.
The EU and US are both committed to the protection of personal data and privacy. However, they still have different approaches in protecting personal data, leading to some controversy in the past when negotiating information exchange agreements (such as the Terrorist Finance Tracking Program or Passenger Name Records). The purpose of the negotiations approved today is also to address and overcome these differences.
The European Commission adopted the draft mandate for negotiating such an agreement on May 26, 2010. Following today’s decision by EU Justice Ministers, the Commission now has a mandate to negotiate an umbrella agreement for personal data transferred to and processed by competent authorities in the EU and the US. The mandate aims to achieve an agreement which:
provides for a coherent and harmonized set of data protection standards including essential principles such as proportionality, data minimization, minimal retention periods and purpose limitation;
contains all the necessary data protection standards in line with the EU’s existing data protection rules, such as enforceable rights of individuals, administrative and judicial redress or a non-discrimination clause;
ensures the effective application of data protection standards and their control by independent public authorities.
The agreement would not provide the legal basis for any specific transfers of personal data between the EU and the United States. A specific legal basis for such data transfers would always be required. The new EU-US data protection agreement would then apply to these data transfers.
The Commission will keep the European Parliament fully informed at all stages of the negotiations.