Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

5/27/2010
11:22 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

European Commission Seeks High Privacy Standards In EU-US Data Protection Agreement

Agreement would enhance the right of citizens to access, rectify, or delete data

WASHINGTON, May 26 /PRNewswire-USNewswire/ -- The European Commission today adopted a draft mandate to negotiate a personal data protection agreement between the European Union and the United States when cooperating to fight terrorism or crime. The aim is to ensure high levels of protection to personal information like passenger data or financial information transferred as part of transatlantic cooperation in fighting crime. An agreement would enhance the right of citizens to access, rectify or delete data, where appropriate.

Since September 11, 2001, and subsequent terrorist attacks in Europe, the EU and US have stepped up police and judicial cooperation in criminal matters. One important element is the transfer and processing of personal data if relevant for the prevention, investigation, detection or prosecution of crimes, including terrorism.

"Fundamental rights must be protected and respected at all times. I want an EU-US agreement that protects personal data rights while fighting crime and terrorism," said Vice President Viviane Reding, the EU's Commissioner for Justice, Fundamental Rights and Citizenship.

The EU Commissioner for Home Affairs, Cecilia Malmstrom, added: ''A solid agreement on personal data protection would benefit both sides of the Atlantic. By providing a high level of protection of personal data, it would give everyone - citizens, law enforcement authorities and other stakeholders - confidence that human rights are fully respected in the transatlantic fight against organised crime and terrorism."

Background:

EU citizens would receive a right to seek judicial redress in the US if their data is unlawfully processed. Independent public authorities would be given a stronger role in helping people exercise their privacy rights and in supervising transatlantic data transfers. The Council must approve the Commission's negotiating mandate before talks can begin. The European Parliament will be fully informed at all stages of the negotiations and will have to give its consent to the outcome of the negotiations.

The EU and US are both committed to the protection of personal data and privacy. However, they still have different approaches in protecting data, leading to some controversy in the past when negotiating information exchange agreements (such as the Terrorist Finance Tracking Programme, so-called SWIFT agreement, or Passenger Name Records). The purpose of the agreement proposed by the Commission today is to address and overcome these differences.

Today's proposal would give the Commission a mandate to negotiate a new data protection agreement for personal data transferred to and processed by enforcement authorities in the EU and the US. It would also commit the Commission to keeping the European Parliament fully informed at all stages of the negotiations.

The Commission aims to establish legally binding and enforceable personal data protection standards that will ensure that individuals' fundamental rights and freedoms are protected. Compliance with these standards would be controlled by independent public authorities on both sides of the Atlantic.

Under the Commission's proposal:

-- The transfer or processing of personal data by EU or US authorities would only be permitted for specified, explicit and legitimate purposes in the framework of fighting crime and terrorism; -- There would be a right to access one's personal data and this would be enforceable in courts; -- There would be a right to have one's personal data corrected or erased if it is found to be inaccurate; -- There would be an individual right of administrative and judicial redress regardless of nationality or place of residence.

The agreement would not provide the legal basis for any specific transfers of personal data between the EU and the US. A specific legal basis for such data transfers would always be required, such as a data transfer agreement or a national law in an EU Member State. The new EU-US data protection agreement would then apply to these data transfers.

The protection of personal data is set out in Article 8 of the EU Charter of Fundamental Rights. The Charter is integrated into the Lisbon Treaty and is legally binding on the European Union and EU Member States when they implement EU law. The Lisbon Treaty (Article 16, Treaty on the Functioning of the EU) says that the EU can make rules on the protection of personal data processed by EU institutions, bodies, offices and agencies, and by the Member States when carrying out activities that fall within the scope of EU law.

The European Parliament, in a resolution on March 26, 2009, called for an EU-US agreement that ensures adequate protection of civil liberties and personal data protection. In December 2009, the European Council invited the Commission to propose a Recommendation "for the negotiation of a data protection and, where necessary, data sharing agreements for law enforcement purposes with the US."

For more information:

Justice and Home Affairs Newsroom:

http://ec.europa.eu/justice_home/news/intro/news_intro_en.htm

Homepage of Viviane Reding, Vice-President and Commissioner for Justice, Fundamental Rights and Citizenship:

http://ec.europa.eu/commission_2010-2014/reding/index_en.htm

SOURCE Delegation of the European Commission to the U.S.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-24259
PUBLISHED: 2021-05-05
The “Elementor Addon Elements� WordPress Plugin before 1.11.2 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
CVE-2021-24260
PUBLISHED: 2021-05-05
The “Livemesh Addons for Elementor� WordPress Plugin before 6.8 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
CVE-2021-24261
PUBLISHED: 2021-05-05
The “HT Mega – Absolute Addons for Elementor Page Builder� WordPress Plugin before 1.5.7 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by ...
CVE-2021-24262
PUBLISHED: 2021-05-05
The “WooLentor – WooCommerce Elementor Addons + Builder� WordPress Plugin before 1.8.6 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-priv...
CVE-2021-24263
PUBLISHED: 2021-05-05
The “Elementor Addons – PowerPack Addons for Elementor� WordPress Plugin before 2.3.2 for WordPress has several widgets that are vulnerable to stored Cross-Site Scriptin...