The Article 29 working group of member states’ personal data protection authorities has issued a fairly positive opinion of the June 2016 transatlantic umbrella agreement on personal data protection between the European Union and the United States (see EUROPE 11564).
In a report published at the end of October, the Article 29 group says the agreement is a positive step that will complement the existing bilateral agreements, such as the PNR agreement on the transfer of personal data of airline passengers, or the SWIFT/TFTP agreement, and in theory will considerably boost existing safeguards.
European regulators now stress proper implementation of the umbrella agreement, noting the need to provide Europeans with the same guarantees as granted under the Judicial Redress Act in the United States, which in theory provides Europeans with the right to lodge an appeal in courts in the US against bad use of their personal data during US government surveillance.
In this connection, EU regulators want clarification from the US authorities about limits foreseen in US legislation, which lays down limits and preconditions on the scope of application, the causes of action, the designation of the bodies appealed against and application of the Privacy Act for legal cases, the group explains.
The US government will be asked to provide further assurance and explanation confirming the scope of the right of appeal for people concerned in the EU. In particular, clarification is needed about how documents from US law-enforcement authorities are exempted from the Privacy Act and the compatibility of this exemption with the umbrella agreement.
The Article 29 group says that details may be needed to ensure the level of protection of personal data conferred by the umbrella agreement is wholly compatible with EU law. Account must be taken of the fact that the definitions of the notions of personal data and data processing are different in the US from the EU, Article 29 explains. The period of time for which data can be kept also needs to be more strictly defined in terms of the objectives pursued.
The restrictions on individuals’ right of access are very broadly defined and access could be improved by setting up a mechanism for the right of indirect access, the group says. It wants greater clarity about the agreement’s conformity with EU fundamental rights and hence the umbrella agreement’s legal security. (Original version in French by Solenn Paulic)