Reding slams US over data privacy
21.12.10 @ 09:29
BRUSSELS - Justice commissioner Viviane Reding on Monday criticised the US for lacking interest and not having yet appointed a proper negotiator on an over-arching data protection agreement with the EU. Her words came as the bloc's own data protection supervisor slammed the EU internal security strategy for being unclear about privacy.
"From the outset, we have noted an apparent lack of interest on the US side to talk seriously about data protection," Ms Reding said in a statement, two weeks after holding talks with US attorney general Eric Holder and interior minister Janet Napolitano.
She said that the US is interested in negotiations on specific data-sharing deals with Europe, but that there was less movement on the over-arching data protection agreement she had the mandate to negotiate.
"They have not even appointed a negotiator," Ms Reding pointed out, adding she "expects" the telephone number of the negotiator before the end of the year.
The over-arching agreement is somewhat of a nightmare for the US administration, as the American legal system in the area of data protection is much more sectoral than in Europe. One of the conditions, however, of the European Parliament to approve further deals with the US on data transfers, is to have such a principled agreement in place.
The EU legislature in February vetoed a data sharing agreement allowing US anti-terrorism investigators to tap on bank transfer information. When further protections were added to the so-called Swift deal, such as an EU supervisor sitting in Washington and checking that no abuse occurs, MEPs approved the second version, which became operational on 1 August.
Washington has meanwhile started talks on renewing an existing "Passenger Name Records" agreement, which obliges airlines to inform US authorities 72 hours before departure all the details of their passengers. If someone is on a terrorist watch list or a suspect of "serious cross-border crime", that person is not allowed to board and can be arrested.
But information is also used to see who is sharing a phone number or the same credit card with someone who is watch-listed, which broadens the use of data more than the European Parliament would like.
US authorities claim that over 3,000 positive hits were made since 2007 by using PNR data to identify people "connected to terrorism, drug trafficking, human trafficking and to dismantle child pornography rings."
They also maintain that no data mining is being done to randomly check for people or that any meal preferences are used to do racial or religious profiling.
But as US cables published by WikiLeaks reveal, Washington has several parallel data sharing agreements - mostly signed on a bilateral level with European governments - which can land them the same results if an EU-wide deal fails.
The Swedish government, for instance, was outed by WikiLeaks as wanting to keep discussions about anti-terrorism data sharing with the US away from public scrutiny.
According to a cable from November 2008, officials from the Swedish Ministry of Justice and Ministry of Foreign Affairs had a "strong degree of satisfaction with current informal information sharing arrangements" with the American government. Having the deals subjected to parliamentary scrutiny could place "a wide range of law enforcement and anti-terrorism" operations in jeopardy, the Swedish officials said.
"Member states do business with the US and don't tell anyone, not even their own parliaments. So the things the European Parliament can do on PNR for instance, are marginal, because if Washington doesn't get it that way, they do it bilaterally," Dutch Liberal MEP Sophie in't Veld told this website. Ms in't Veld is the MEP in charge of drafting the Parliament's opinion on the final PNR agreement.
Meanwhile, on 17 December 2010, the European Data Protection Supervisor (EDPS) issued an opinion on the Commission's communication on the EU's Internal Security Strategy which aims at targeting the most urgent security threats facing Europe, such as organised crime, terrorism, cybercrime, the management of EU external borders and civil disasters.
Meanwhile, as Ms Reding was bashing US authorities, the EU data protection supervisor (EDPS) issued an opinion about the commission's own "internal security strategy", slamming what it called a lack of detail on how privacy will be ensured.
"In view of the potentially privacy intrusive nature of measures to be taken under the strategy, a right balance needs to be ensured between the objective of ensuring citizens' safety and the effective protection of their privacy and personal data," the EDPS said in a statement.
"The EDPS regrets that although the communication refers to privacy and data protection as fundamental rights, the EU commission does not explain how this will be ensured in practice," it noted.
In particular, the EU executive fails to address the issue of the data subjects' rights and to embed privacy options into the systems being developed - the so-called privacy by design concept.
EDPS also recommends impact assessments on the implementation of future instruments and "recalls the need for a real assessment of all existing instruments to be used in the framework of the Strategy before proposing new ones."