US to EU: data laws could 'cripple' law enforcement
By Benjamin Fox
EU data protection reforms could "cripple" international law enforcement said the head of international law of the US department of justice at a European Parliament hearing on Wednesday (10 October).
The deputy assistant attorney general, Bruce Swartz, told MEPs that European Commission proposals requiring the renegotiation of international treaties within five years as well as those on data transfer rules would "cripple international investigations."
Join EUobserver today
Become an expert on Europe
Get instant access to all articles — and 20 years of archives. 14-day free trial.
Choose your plan
... or subscribe as a group
Already a member?
The new directive would make it "virtually impossible for EU member states to enter into bilateral agreements on law enforcement," he added.
Chapter five of the directive says personal data transfers to non-EU countries in relation to international crime prevention can only take place for countries deemed to have adequate data protection rules.
Although the US is among a handful of countries to pass the EU's test, Swartz said the system would paralyse work with the near 200 countries active in Interpol, the international police body based in The Hague.
"There would have to be a derogation [a legal exemption] for every single data transfer request," he said.
In response, commission official Paul Nemetz, the director of its justice department, said the provisions are not new and already existed in EU law.
The proposed EU data protection package was unveiled by justice commissioner Viviane Reding in February and is now being debated by MEPs and government ministers.
It includes steps to allow individuals to control the use of their data and to tighten rules on data transfers to businesses and governments outside the EU.
But MEPs are likely to want to strengthen controls over data transfers to third countries.
A working paper released on Monday (8 October) by parliament's rapporteur, German Green MEP Jan Philip Albrecht, said that "access requests by public authorities or courts in third said to personal data stored and processed in the EU should only be granted if they also have a legal basis in EU law."
It added that "for further transfers to third countries, the criteria for an adequacy decision may need to be strengthened."
Adequacy decisions are made by the commission following an assessment by the EU's "Article 29 Working Group" on data protection.
Meanwhile, under Article 34 of the commission proposal, in the absence of an adequacy decision, the EU executive can allow data transfers to take place "on the basis of appropriate safeguards and derogations."
MEPs have previously raised concerns about data transfer deals negotiated by the European Commission and the US, notably the Swift agreement on bank data and the PNR deal on air passengers.
Negotiations on the new legislation are expected to be protracted - parliament's civil liberties committee is yet to debate a draft report.
With the committee unlikely to adopt a negotiating position before spring 2013, commission sources said a deal might not be agreed by the end of next year.