The US-EU agreement on personal data exchange by law enforcement

By EDRi · July 2, 2008

(Dieser Artikel ist auch in deutscher Sprache verfügbar)

As stated by the New York Times on 26 June 2008, the United States and the
European Union are close to conclude an agreement allowing the exchange of
personal data of their citizens, including credit card information, travel
history and Internet browsing information in order to be shared with the law
enforcement and security agencies.

According to an internal report revealed by the newspaper, the potential
agreement that has been negotiated since February 2007 between the US
Department of Homeland Security (DHS), the Justice and State departments and
their European counterparts will make clear that it is lawful for European
governments and companies to transfer personal information to the United
States, and vice versa.

One of the issues still to be solved is that of whether European citizens
should be able to sue the United States government in case it violates data
privacy rules or, on the basis of incorrect personal information, it takes
an adverse action against them such as denying them entry into the country
or placing them on a no-fly list. The European law generally gives citizens
the possibility to file a case and ask for damages from the governments and
so does US Privacy Act of 1974 which however does not extend to foreigners.

The US officials are reluctant to accept it and try co convinces the EU that
there are other possibilities to correct such cases like asking an agency to
correct the misinformation through administrative procedures. The European
Union still insists on its position that its citizens should have “the
ability to bring suit in U.S. courts specifically under the Privacy Act for
an agreement to be reached on redress”. Such a concession would mean for the
US administration to create new legislation which they are trying to avoid.

Some privacy rights advocates in Europe have warned on certain issues of
concerns. The two negotiating parties have agreed that information related
to race, religion, political opinion, health or “sexual life” may not be
used by a government “unless domestic law provides appropriate safeguards.”
However, the agreement does not specify what an appropriate safeguard should
be, leaving the decision to each government.

“I am very worried that once this will be adopted, it will serve as a
pretext to freely share our personal data with anyone, so I want it to be
very clear about exactly what it means and how it will work,” said MEP
Sophia in ‘t Veld.

The negotiators are trying to agree on minimum standards for privacy rights
protection. The European law establishes independent government agencies to
check whether personal data is being used lawfully and to assist citizens
concerned about invasions of their privacy. As the United States has no such
independent agency the Europeans have agreed, as a concession, that the
American government’s internal oversight system should be able to account
for the use of Europeans’ data.

US officials say they would like to resolve the problem before the end of
Bush administration in January 2009. The European Parliament will have the
power to ratify any agreements between US and Member States If the agreement
does not require legislative action, Mr. Bush could complete it. It appears
that the Europeans would like to wait until 2009 but the finalisation
process might be delayed as Irish voters rejected it in a referendum this

In March, the United States and Germany concluded a bilateral deal
facilitating the automatic exchange of data on suspected terrorists, that
might be taken as a model for similar accords between the US and other
European countries, applied to a wide-ranging exchange of information,
including the fingerprints and DNA of suspects. A similar deal was made
between Hungary and US in June 2008, and it was considered as a big step in
the Memorandum between the two countries that strives for the Hungarian
membership in the Visa Waiver Program. The Hungarian-US agreement was
published in the Hungarian Official Gazette on 20 June.

U.S. and Europe Near Agreement on Private Data (28.06.2008)

US-EU private data sharing agreement at hand: report (29.06.2008)

Report: US, EU Near Agreement on Personal Data Exchange (28.06.2008),2144,3445491,00.html

FBI ready to demand detailed logs of Britons’ internet and travel habits