US and EU officials head for data culture-clash

This week the EU’s top security officials will fly to Washington, DC for what has become an annual EU-US ministerial meeting to discuss justice issues. Michael Chertoff, the head of the US Department of Homeland Security, will be playing host to his EU counterparts, Franco Frattini, the European commissioner for justice, freedom and security and Finnish ministers Leena Luhtanen (justice) and Kari Rajamaki (interior).

The meeting comes at a very sensitive moment. US methods on counter-terrorism have provoked transatlantic wrangling over how to guard against terrorist attacks while respecting civil liberties. Nowhere has the relationship been more fraught than on data transfers and data privacy.

Both sides are still regaining their breath after tough negotiations last month on the rules governing the transfer of information on airline passengers. An interim deal was reached to patch up the arrangement struck down earlier this summer by the European Court of Justice. It is expected that Monday’s meeting (6 November) will set a starting date for talks on a new deal, to be concluded by July next year. These talks will yet again pit US preoccupation with combating terrorism against EU privacy laws and traditions, which place an emphasis on controlling who gets access to individuals’ data, how long it is kept and what is done with it.

In the background of Monday’s discussions will be the case involving transfers to the US of personal banking information by Belgium-based SWIFT. It is an example of how US demands for information have been met in secret and without proper safeguards.

The SWIFT case revealed obvious cultural differences between the two sides when it comes to balancing security concerns with privacy rights. The US takes the position that the information is vital for counter-terrorism and combating serious crime and that in any case the information is often "relatively uncontroversial", according to Stewart Baker, assistant secretary at the Department of Homeland Security, who negotiated the deal on airline passenger data transfers for the US. On a trip to Brussels last month he gave the example of a woman smuggling children into the US who was caught because of the requirement to pass on information about whom a passenger travels with on a flight.

But others believe the information is not so innocuous. "It’s not just a question of giving a seat number. The credit card numbers can be used [through judicial procedures] to ask credit card firms for all details of all purchases taken with the card," said Cécile de Terwangne, professor at the centre for computers and law at Belgium’s University of Namur.

The SWIFT case showed that any kind of data transferred to the US could be passed on to counter-terrorism officials once subpoenas were served. It called into question the data transferred by US insurance, banking or telecoms companies which operate in the EU. Michelle O’Neill, US deputy under-secretary of commerce for technology, last week confirmed while visiting Brussels that any company operating in the US could be subjected to subpoenas, such as those served on SWIFT.

"It brings into question data transfers everywhere," said Melissa Ngo of the Electronic Privacy Information Center, based in Washington, DC. "Who is getting your information, how long are they retaining it for?"

While the struggle has been depicted as one between the US and EU, there is also a battle continuing within the EU itself over data protection. The European Parliament last week refused a request by Germany to allow intelligence services access to a new database which, when it goes onstream, will contain border and customs information about member states within the Schengen area. The Parliament is also under pressure to allow broad police access to the Visa Information System, a database which will store information on people entering the EU on short-stay visas. Earlier this year the EU adopted a directive which compels telecoms companies to retain phone records for up to three years, while a Commission proposal for a European system of transferring passenger airline data is expected later this year. Meanwhile a proposal which would set down safeguards for data access by police is having trouble in the Council of Ministers amid fears about giving control to the EU over security agencies.

The pressure to reduce data protection is growing not just in the US but in the EU, too. According to de Terwangne, the only way to address it is to make people aware that values are being eroded. "It’s coming bit by bit," she said.

This week the EU’s top security officials will fly to Washington, DC for what has become an annual EU-US ministerial meeting to discuss justice issues. Michael Chertoff, the head of the US Department of Homeland Security, will be playing host to his EU counterparts, Franco Frattini, the European commissioner for justice, freedom and security and Finnish ministers Leena Luhtanen (justice) and Kari Rajamaki (interior).

• Primary Source