EU Hoping to Reach Data Protection Agreement with U.S.
A new agreement on data protection standards for all data transfers between the EU and the U.S. is high on the agenda of the EU Commission, said Despina Vassiliadou from the EU Directorate General for Justice, Freedom and Security. Data transfers between the U.S. and the EU have led to heated debates in the European parliament for several years. Six different agreements have been negotiated between the EU and the U.S. since 2001 including for SWIFT banking data and the Passenger Name Record data transfers (PNR), which was challenged before the European Court and is being renegotiated, with a draft not well accepted by the EU Parliament.
Sign up for a free preview to unlock the rest of this article
If your job depends on informed compliance, you need International Trade Today. Delivered every business day and available any time online, only International Trade Today helps you stay current on the increasingly complex international trade regulatory environment.
Speaking at a hearing organized by the Green Party Group on data protection, Vassiliadou said a package of documents will come out before the summer that would include a communication on principles for all future PNR agreements and a proposal for a PNR directive, on top of the general principles for data protection in EU-U.S. cross-border transfers.
The Committee on Civil Liberties (LIBE) called for “bulk transfers of personal data to the USA to be avoided, if necessary by processing them within the EU,” it said in a press release. Liberal MEP Sophia Veld said agreeing on low standards would make them a precedent for other countries that started to ask for data, like South Korea, Saudi Arabia or India. Lack of appeal and redress in the U.S. is one major point of criticism by the EU parliament and data protection officials. “The possibility for redress has to be there,” said Peter Hustinx, European Data Protection Supervisor.
Data protection and privacy standards in the U.S. are well below European standards, said Paul de Hert, director of the Research Group on Fundamental Rights and Constitutionalism (FRC) at the Vrije Universiteit Brussel. “There is no protection of personal data as such, it is not in the constitution, there … is no central data protection authority."
Patrick Breyer, co-founder of the Data Retention Working Group, a German group that won the constitutional court case against data retention in Germany, recommended not handing over data to the U.S. at all as long as violations of human rights are possible. But other panelists said there’s a need to be pragmatic.