Many U.S. and EU leaders believe that law enforcement information-sharing agreements such as the U.S.-EU SWIFT Accord and the U.S.-EU PNR Arrangement are vital tools in the fight against terrorism. At the same time, U.S. officials have often been frustrated by the need for painstaking and often time-consuming negotiations with the EU on every individual agreement that involves sharing personal data between the two sides. For many years, Washington has sought to establish an umbrella agreement in which the EU would largely accept U.S. data privacy standards as adequate and thus make the negotiation of future data-sharing accords easier in the law enforcement arena. In the past, EU officials had largely resisted this idea, claiming that only tailored agreements could guarantee an "added level of protection" for EU citizens against possible U.S. infringements of their privacy rights.
In 2009, the European Parliament called for a U.S.-EU Framework Agreement to help better ensure the protection of personal data exchanged between the two sides in the fight against terrorism and crime. In late May 2010, the European Commission proposed a draft mandate for negotiating such an accord that could apply to all U.S.-EU data-sharing agreements in the law enforcement context. The Commission hopes that an overarching deal on data protection will bridge what it views as U.S.-EU differences in the application of privacy rights and guarantee that all data transferred is subject to high standards of protection on both sides of the Atlantic. The Commission noted, however, that any such framework agreement would not provide the legal basis for the actual transfer of personal data between the EU and the United States, and that specific agreements on SWIFT or PNR, for example, would still be required. EU member states approved the Commission's mandate in early December 2010.
In March 2011, the United States and the EU officially launched negotiations on a framework agreement to protect personal information exchanged in a law enforcement context. The United States believes that this U.S.-EU accord should be based broadly on the principle of mutual recognition of each other's data protection systems, thus making it clear that while the U.S. and EU regimes may differ, they both protect citizens' rights to privacy and other civil liberties effectively. As such, the United States hopes that the negotiations will ultimately result in an EU finding of "adequacy" for U.S. data protection standards.
Many analysts believe that this general U.S.-EU agreement on data protection will likely build on the common personal data protection principles adopted by the United States and the EU in October 2009. However, some controversial issues remain, including that of redress. Many EU officials and MEPs insist that European citizens need the right of judicial redress in the United States; some experts believe that the EU will likely push in negotiations over the new framework agreement for the U.S. Privacy Act of 1974 to be amended to extend judicial redress to EU citizens (currently, the U.S. Privacy Act limits judicial redress to U.S. citizens and legal permanent residents). U.S. experts doubt that the Obama Administration would agree to this potential EU demand, given that Congress would probably not be inclined to pass such an amendment to the Privacy Act. The Administration has long maintained that EU citizens may seek redress concerning U.S. government handling of personal information through agency administrative redress or judicial redress through the U.S. Freedom of Information Act.
Another possible point of contention in U.S.-EU negotiations may be whether or not an eventual framework agreement should be applied retroactively to previous U.S.-EU data sharing arrangements. Some EU leaders and MEPs support its retroactive application. However, the United States opposes doing so, arguing that it would create unnecessary legal uncertainty. The member states and the European Parliament must ultimately approve any eventual U.S.-[[EU] agreement for it to take effect.
- ↑ European Commission Press Release, "European Commission Seeks High Privacy Standards in EU-US Data Protection Agreement" (May 26, 2010).
- ↑ For more information, see U.S. Department of State Press Release, "U.S., EU Reach Agreement on Common Personal Data Protection Principles" (Oct. 28, 2009).
- ↑ "Data Protection in Transatlantic Relations: Searching for a Framework Agreement," European Parliament News (Oct. 27, 2010); "Data Protection: EP Debates Adoption of Common Framework," Europolitics (Oct. 27, 2010).
- U.S.-EU Cooperation Against Terrorism, at 12-13.