Author (Person) | Crosbie, Judith |
---|---|
Series Title | European Voice |
Series Details | 18.10.07 |
Publication Date | 18/10/2007 |
Content Type | News |
Given the nature of technology and the new tools used in law enforcement, data protection is not just about passing laws and setting standards on what happens inside Europe. Companies store information on huge databases which can be viewed in branches and subsidiaries all over the world, thereby bringing in to question how European citizens’ data stored in other countries might be treated. With the tendency of law enforcement authorities to use data collection as a weapon in the fight against serious crime, third countries are also keen to get access to data to combat potential threats from Europe - which can mean collecting and examining information on a large number of citizens. So is data adequately protected when it leaves the EU borders? One of the most controversial topics in the realm of data protection in recent years has been US demands for data for counter-terrorism purposes. Following the 11 September 2001 attacks, the US demanded that in-bound aircraft had to forward information on the passengers they were carrying. Known as passenger name records (PNR) the information included a passenger’s passport details, credit card details, any history of not showing up for flights, who they are travelling with and where they would stay in the US. Since then the European Commission has negotiated three deals with the US on the transfer of this data which tries to meet US demands but limits what information is sent, how long it can be stored and who can have access to it. The third agreement, struck in June, takes over from earlier accords (see below left). The Commission insists that the deal does protect the data of people flying on European airlines into the US. But civil liberties groups and some MEPs have pointed out that PNR deal would allow for data to be stored longer, could be passed on to various US authorities and could involve the collecting of sensitive data, such as a passenger’s meal preferences or ethnicity. "The third passenger name records’ deal was not so good. In many ways it was worse than what we had before," says Peter Hustinx, the European data protection supervisor. Other countries also demand passenger information from airlines and the deals struck by the EU with Canada and Australia have been cited by MEPs as providing a better basis of data protection than the deal with the US. But airline passenger data is not the only type of mass data collection carried out beyond Europe’s borders. Last year press reports revealed the US authorities had been collecting banking transfer informat-ion from SWIFT, a banking network which facilitates money transfers, for counter-terrorism purposes. Since then the Commission has reached an agreement with the US on what they can use the data for, who should get access to it and how the process of collecting and storing it should be safeguarded through monitoring. The controversies over the airlines passenger data and the SWIFT transfers prompted the EU and US to set up a ‘high level contact group’ composed of officials on both sides to discuss the issues that arise on data protection. The group is looking for a general agreement on data transfers and data protect-ion to avoid controversies in the future. "We still have a lot of work to do but we’ve already made progress. The unsurprising conclusion is that we do have a lot in common," says Jonathan Faull, the Commission’s director-general for freedom, security and justice. But others are fearful that the EU will give in to US demands for more data and that this could become a standard across the globe for data protection. "What is going to be the world standard? I hope that the US deal is not shaped into a world standard," says Hustinx. Some people advocate that Europe should introduce measures which would require the US to reveal information on its citizens as a way of showing the seriousness of the concerns about data protection. Peter Schaar, the chairman of the group of EU member states’ data protection supervisors, recently told European Voice: "I would not be sure what would be the reaction if the European Community has access to inner American financial transfer data…I would be very interested to hear what would be the reaction if EU member states asked travellers from the US to give them ten finger prints and stored this data for a retention period of 40 years, I would be very interested in the reactions of the US public." Aside from law enforcement issues involving third countries, companies which have operations in both the EU and other countries also run into difficulties. The ‘safe harbour’ deal reached with the US in 2000 allows US companies to sign up voluntarily to respecting a set of data protection principles recognised by the Commission as providing adequate protection. While the safe harbour agreement goes a long way to easing data protection concerns in a commercial sense, other problems have arisen for firms which do business on both sides of the Atlantic. The American Chamber of Commerce in Germany recently held a seminar at which companies said they risked being delisted or not listed on US stock exchanges if they did not provide certain data, but at the same time were fearful of violating data protection laws in Europe if they handed over the data. The requests often involved demands for information on all employees in a company, requiring the consent of employees and needing a guarantee on what the information will be used for under EU laws. "If the respective purpose is clear and restricted, then that’s fine but if it’s a case of ‘give us all your data and we will see what we can make of it’, that is unacceptable," said Mark Hilgard, co-chairman of the corporate and business law committee of the American Chamber of Commerce in Germany. EU-US passenger name records Following the 11 September 2001 terrorist attacks on the US, Washington demanded that all airlines landing in the US supply information on their passengers. In view of data privacy concerns and to make things easier for the airline industry, the European Commission set about negotiating a deal on behalf of the member states with the US on the transfer of the requested information. A deal was reached in December 2003 but the European Parliament felt it did not meet data protection concerns and voted to refer the case to the European Court of Justice. The court struck the deal down in May last year, saying that it would expire on 30 September 2006. But rather than addressing the civil liberties concerns of the Parliament, the court said that the deal was unlawful because the wrong legal basis had been used. An interim deal was reached at the beginning of October 2006 which was to expire at the end of July this year and which changed the deal from community-based legislation into an intergovernmental law. In June the Commission and German presidency of the EU announced a third deal had been reached with the US which put in place a longer-term arrangement for the data transfers. Given the nature of technology and the new tools used in law enforcement, data protection is not just about passing laws and setting standards on what happens inside Europe. |
|
Source Link | Link to Main Source http://www.europeanvoice.com |