European Union (EU) justice ministers have approved the start of talks between the EU and the US on a personal data protection agreement when co-operating to fight terrorism or crime.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
The European Commission (EC) adopted the draft mandate for negotiating such an agreement on 26 May 2010.
The aim is to ensure a high level of protection of personal information such as passenger data or financial information that is transferred as part of transatlantic co-operation in criminal matters.
Once in place, the agreement would enhance citizens' right to access, rectify or delete data when it is processed with the aim to prevent, investigate, detect or prosecute criminal offences, including terrorism.
"Protection of personal data is a fundamental right for EU citizens. To guarantee this right, we need to be ambitious in our approach to personal data protection - both at home and abroad," said EC vice-president Viviane Reding, the EU's justice commissioner.
"Today's decision gives us the green light to negotiate a solid and coherent agreement with the United States which balances enforceable rights for individuals with the strong co-operation we need to prevent terrorism and organised crime," she said.
Reding indicated that the first meeting to start the negotiations is scheduled to take place in Washington next week.
Since 11 September 2001 and subsequent terrorist attacks in Europe, the EU and US have stepped up police and judicial co-operation in criminal matters.
But the EC has continually called for adequate privacy safeguards relating to the manner in which the data can be accessed and used by US authorities.
The concerns have been around issues such as the purpose for which the data is used, stronger protection, filtering out certain types of data and the need for a redress mechanism in cases where mistakes are made.
The EC said the purpose of the newly-approved negotiations is to overcome the differences in approaches to protecting personal data that have led to controversy in the past with exchange agreements such as the Terrorist Finance Tracking Programme or Passenger Name Records.
The decision by the EU Justice Ministers means the EC now has a mandate to negotiate an umbrella agreement for personal data transferred to and processed by competent authorities in the EU and the US.
The mandate aims to achieve an agreement which:
- provides for a coherent and harmonised set of data protection standards including essential principles such as proportionality, data minimisation, minimal retention periods and purpose limitation;
- contains all the necessary data protection standards in line with the EU's existing data protection rules, such as enforceable rights of individuals, administrative and judicial redress or a non-discrimination clause;
- ensures the effective application of data protection standards and their control by independent public authorities.
The EC said the agreement would not provide the legal basis for any specific transfers of personal data between the EU and the US.
A specific legal basis for such data transfers would always be required, but the new EU-US data protection agreement would then apply to these data transfers.