Brussels, 22/12/2010 (Agence Europe) - On Monday 20 December, United States Ambassador to the EU William Kennard rejected claims by European Justice Commissioner Viviane Reding who recently accused the US of showing little interest in holding discussions with the EU on data protection. “I disagree. We're moving ahead”, the ambassador told a small group of journalists in Brussels.
Reding on the attack. The EU and the US will have to renew their bilateral agreement on the transfer of data on European passengers (PNR, Passenger Name Record) as part of the fight against terrorism, and renew a transatlantic data protection agreement. Reding has formed the view that this latter strand did not seem to enchant Washington. “We have noted an apparent lack of interest on the US side to talk seriously about data protection”, the commissioner said after meeting US Justice Secretary Eric Holder in Washington last week. “The US side has basically been on hold,” she added, pointing out that the US had “not even appointed a negotiator”. She hoped to receive information on the American negotiator “before the end of the year” in order to “seriously start the talks”. Reding is very keen to reach a general agreement to improve existing agreements, including the one on banking data (Swift), negotiated at the start of this year, but considered by her to be far from perfect, and the one on PNR which runs until 2014.
American response. Ambassador Kennard said that the US administration wanted to understand more fully what EU negotiators wanted to include in the agreement before deciding who would represent the American side in talks. “What laws are we talking about? We need to know,” he said. He described the new agreement as “fairly complex” and said that it “raises a lot of issues”. “It would have been nice if we'd had these discussions (with the EU) before the negotiation mandate issued from the Council (of Ministers) earlier this month”, Kennard said before confirming that the United States “will work hard to conclude an agreement”. EU justice ministers adopted two negotiating mandates with the US on 3 December - on PNR and on data protection (see EUROPE 10269 and 10270).
European mandate in detail. The negotiating mandate adopted by the Council of the EU on 3 December authorises the Commission to open negotiations on behalf of the European Union with a view to concluding an agreement between the EU and the United States on protection of personal data transferred and processed for the purposes of preventing criminal acts, including acts of terrorism, of investigating such acts, detecting them and pursuing offenders as part of police cooperation and criminal legal cooperation.
The agreement should provide a high level of data protection in full compliance with the rights and liberties set out in the Charter of Fundamental Rights, the European Convention on Human Rights and in EU data protection law. In particular, it should guarantee the protection of the personal data of any person, regardless of nationality and place of residence. The principle of data limitation states that the personal data must be appropriate, relevant and not-excessive in terms of the purposes for which they are to be used and for which they are collected and handled. The agreement should include an obligation to set appropriate timescales for destroying the data, the exact duration of which should be set out in specific agreements, or to be regularly checked if it is necessary to retain them permanently. The agreement should also apply to processing alone, not including transfer, by the competent authorities of a contracting party, of data transferred by a company established in the territory of a contracting party to a company established in the territory of another contracting party. Processing of sensitive data (revealing racial or ethnic origins, political opinions, etc) should only be allowed where absolutely necessary. Individuals should be able to have access to their personal data and have the right to amend, lock-out or erase data. Individuals will also have the right of administrative and legal recourse.
Respect for data protection standards should be subject to the control of one or more than one independent public authority which will have effective powers of investigation and intervention, and be able to refer matters to the courts in the event of any violation. Data may be transferred to third countries following agreement from the country sending the data and, if possible, with a requirement to inform the person concerned. The parties should undertake periodic joint re-evaluations of the implementation of the data protection standards set out in the agreement. The findings of the evaluations should be made public. The agreement should contain a clause on its duration - whether limited in time or not - to be assessed in the light of negotiations. (B.C./transl.rt)