Subject: g8
Date: Sat, 28 Jun 2008 11:44:37 +0200
June 28, 2008
U.S. and Europe Near Agreement on Private Data
By CHARLIE SAVAGE
WASHINGTON — The United States and the European Union are nearing
completion of an agreement allowing law enforcement and security
agencies to obtain private information — like credit card transactions,
travel histories and Internet browsing habits — about people on the
other side of the Atlantic Ocean.
The potential agreement, as outlined in an internal report obtained by
The New York Times, would represent a diplomatic breakthrough for
American counterterrorism officials, who have clashed with the European
Union over demands for personal data. Europe generally has more
stringent laws restricting how governments and businesses can collect
and transfer such information.
Negotiators, who have been meeting since February 2007, have largely
agreed on draft language for 12 major issues central to a “binding
international agreement,” the report said. The pact would make clear
that it is lawful for European governments and companies to transfer
personal information to the United States, and vice versa.
But the two sides are still at odds on several other matters, including
whether European citizens should be able to sue the United States
government over its handling of their personal data, the report said.
The report, which lays out the progress of the talks and lists the
completed draft language, was jointly written by the negotiators from
the United States Homeland Security, Justice and State Departments, and
by their European Union counterparts. The talks grew out of two
conflicts over information-sharing after the September 2001 terrorist
attacks. The United States government demanded access to customer data
held by airlines flying out of Europe and by a consortium, known as
Swift, which tracks global bank transfers.
American investigators wanted the data so they could look for suspicious
activity. But several European countries objected, citing violations of
their privacy laws. Each dispute frayed diplomatic relations and
required difficult negotiations to resolve.
American and European Union officials are trying to head off future
confrontations “by finding common ground on privacy and by agreeing not
to impose conflicting obligations on private companies,” said Stewart A.
Baker, the assistant secretary for policy at the Department of Homeland
Security, who is involved in the talks. “Globalization means that more
and more companies are going to get caught between U.S. and European
law,” he said.
Paul M. Schwartz, a law professor at the University of California,
Berkeley, said such a blanket agreement could transform international
privacy law by eliminating a problem that has led to negotiations of
“staggering” complexity between Europe and the United States.
“The reason it’s a big deal is that it is going to lower the whole
transaction cost for the U.S. government to get information from
Europe,” Mr. Schwartz said. “Most of the negotiations will already be
completed. They will just be able to say, ‘Look, we provide adequate
protection, so you’re required to turn it over.’ ”
But the prospect that the agreement might lower barriers to sending
personal information to the United States government has alarmed some
privacy rights advocates in Europe. While some praised the principles
laid out in the draft text, they warned that it was difficult to tell
whether the agreement would allow broad exceptions to such limits.
For example, the two sides have agreed that information that reveals
race, religion, political opinion, health or “ ual life” may not be
used by a government “unless domestic law provides appropriate
safeguards.” But the accord does not spell out what would be considered
an appropriate safeguard, suggesting that each government may decide for
itself whether it is complying with the rule.
“I am very worried that once this will be adopted, it will serve as a
pretext to freely share our personal data with anyone, so I want it to
be very clear about exactly what it means and how it will work,” said
Sophia in ’t Veld, a member of the European Parliament from the
Netherlands who has been an outspoken advocate of privacy rights.
The Bush administration and the European Commission have not publicized
their talks, but they referred to their progress in a little-noticed
paragraph deep in a joint statement after a summit meeting between
President Bush and European leaders in Slovenia this month.
Issued June 10, the statement declared that “the fight against
transnational crime and terrorism requires the ability to share personal
data for law enforcement,” and called for the creation of a “binding
international agreement” to aid such transfers while also ensuring that
citizens’ privacy is “fully” protected.
The negotiators are trying to agree on minimum standards to protect
privacy rights, such as limiting access to the information to
“authorized individuals with an identified purpose” for looking at it.
If a government’s policies are “effective” in meeting all standards, any
transfer of personal data to that government would be presumed lawful.
For example, European law sets up independent government agencies to
police whether personal data is being used lawfully and to help citizens
who are concerned about invasions of their privacy. The United States
has no such independent agency. But in a concession, the Europeans have
agreed that the American government’s internal oversight system may be
good enough to provide accountability for how Europeans’ data is used.
About a half-dozen issues remain unresolved, the report said. One
sticking point is what rights European citizens will have if the United
States government violates data privacy rules or takes an adverse action
against them — like denying them entry into the country or placing them
on a no-fly list — based on incorrect personal information.
European law generally allows people who think the government has
mishandled their personal information to file a lawsuit to seek damages
and to have the data corrected or expunged. American citizens and
permanent residents can generally do the same under the Privacy Act of
1974, but that statute does not extend to foreigners.
The Bush administration is trying to persuade the Europeans that other
options for correcting problems are satisfactory, including asking an
agency to correct any misinformation through administrative procedures.
For now, the European Union is holding to the position that its citizens
“require the ability to bring suit in U.S. courts specifically under the
Privacy Act for an agreement to be reached on redress,” the report said.
But the Bush administration does not want to make such a concession, in
part because it would require new legislation. The administration is
trying to achieve an agreement that would not require Congressional
action, Mr. Baker said.
David Sobel, a senior counsel with the Electronic Frontier Foundation, a
nonprofit organization dedicated to data-privacy rights, said the
administration’s depiction of the process of correcting mishandled data
through agency procedures sounds “very rosy,” but the reality is that it
is often impossible, even for American citizens, to win such a fight.
Officials said it remains unclear when the agreement can be completed.
But there are several pressures encouraging negotiators to sprint to the
finish.
Bush administration officials say they would like to resolve the problem
before they leave office next January. If the agreement does not require
legislative action, Mr. Bush could complete it with a signature.
European officials may have an easier time securing its approval now,
before the European Union completes proposed changes. Member nations now
ratify such accords, but the changes would hand ratification power to
the European Parliament, which has been skeptical of American
antiterrorism policies. The report says Europeans intended to wait until
2009 after the planned completion of the reforms to finish it. But the
changes are now facing likely delay after Irish voters rejected them in
a referendum this month.
In addition, businesses that operate on both sides of the Atlantic are
pushing to make sure they are not caught between conflicting legal
obligations.
“This will require compromise,” said Peter Fleischer, the global privacy
counsel for Google. “It will require people to agree on a framework that
balances two conflicting issues: privacy and security. But the need to
develop that kind of framework is becoming more important as more data
moves onto the Internet and circles across the global architecture.”
Home
* World
* U.S.
* N.Y. / Region
* Business
* Technology
* Science
* Health
* Sports
* Opinion
* Arts
* Style
* Travel
* Jobs
* Real Estate
* Automobiles
* Back to Top
Copyright 2008 The New York Times Company
U.S. and Europe Near Agreement on Private Data
By CHARLIE SAVAGE
WASHINGTON — The United States and the European Union are nearing
completion of an agreement allowing law enforcement and security
agencies to obtain private information — like credit card transactions,
travel histories and Internet browsing habits — about people on the
other side of the Atlantic Ocean.
The potential agreement, as outlined in an internal report obtained by
The New York Times, would represent a diplomatic breakthrough for
American counterterrorism officials, who have clashed with the European
Union over demands for personal data. Europe generally has more
stringent laws restricting how governments and businesses can collect
and transfer such information.
Negotiators, who have been meeting since February 2007, have largely
agreed on draft language for 12 major issues central to a “binding
international agreement,” the report said. The pact would make clear
that it is lawful for European governments and companies to transfer
personal information to the United States, and vice versa.
But the two sides are still at odds on several other matters, including
whether European citizens should be able to sue the United States
government over its handling of their personal data, the report said.
The report, which lays out the progress of the talks and lists the
completed draft language, was jointly written by the negotiators from
the United States Homeland Security, Justice and State Departments, and
by their European Union counterparts. The talks grew out of two
conflicts over information-sharing after the September 2001 terrorist
attacks. The United States government demanded access to customer data
held by airlines flying out of Europe and by a consortium, known as
Swift, which tracks global bank transfers.
American investigators wanted the data so they could look for suspicious
activity. But several European countries objected, citing violations of
their privacy laws. Each dispute frayed diplomatic relations and
required difficult negotiations to resolve.
American and European Union officials are trying to head off future
confrontations “by finding common ground on privacy and by agreeing not
to impose conflicting obligations on private companies,” said Stewart A.
Baker, the assistant secretary for policy at the Department of Homeland
Security, who is involved in the talks. “Globalization means that more
and more companies are going to get caught between U.S. and European
law,” he said.
Paul M. Schwartz, a law professor at the University of California,
Berkeley, said such a blanket agreement could transform international
privacy law by eliminating a problem that has led to negotiations of
“staggering” complexity between Europe and the United States.
“The reason it’s a big deal is that it is going to lower the whole
transaction cost for the U.S. government to get information from
Europe,” Mr. Schwartz said. “Most of the negotiations will already be
completed. They will just be able to say, ‘Look, we provide adequate
protection, so you’re required to turn it over.’ ”
But the prospect that the agreement might lower barriers to sending
personal information to the United States government has alarmed some
privacy rights advocates in Europe. While some praised the principles
laid out in the draft text, they warned that it was difficult to tell
whether the agreement would allow broad exceptions to such limits.
For example, the two sides have agreed that information that reveals
race, religion, political opinion, health or “ ual life” may not be
used by a government “unless domestic law provides appropriate
safeguards.” But the accord does not spell out what would be considered
an appropriate safeguard, suggesting that each government may decide for
itself whether it is complying with the rule.
“I am very worried that once this will be adopted, it will serve as a
pretext to freely share our personal data with anyone, so I want it to
be very clear about exactly what it means and how it will work,” said
Sophia in ’t Veld, a member of the European Parliament from the
Netherlands who has been an outspoken advocate of privacy rights.
The Bush administration and the European Commission have not publicized
their talks, but they referred to their progress in a little-noticed
paragraph deep in a joint statement after a summit meeting between
President Bush and European leaders in Slovenia this month.
Issued June 10, the statement declared that “the fight against
transnational crime and terrorism requires the ability to share personal
data for law enforcement,” and called for the creation of a “binding
international agreement” to aid such transfers while also ensuring that
citizens’ privacy is “fully” protected.
The negotiators are trying to agree on minimum standards to protect
privacy rights, such as limiting access to the information to
“authorized individuals with an identified purpose” for looking at it.
If a government’s policies are “effective” in meeting all standards, any
transfer of personal data to that government would be presumed lawful.
For example, European law sets up independent government agencies to
police whether personal data is being used lawfully and to help citizens
who are concerned about invasions of their privacy. The United States
has no such independent agency. But in a concession, the Europeans have
agreed that the American government’s internal oversight system may be
good enough to provide accountability for how Europeans’ data is used.
About a half-dozen issues remain unresolved, the report said. One
sticking point is what rights European citizens will have if the United
States government violates data privacy rules or takes an adverse action
against them — like denying them entry into the country or placing them
on a no-fly list — based on incorrect personal information.
European law generally allows people who think the government has
mishandled their personal information to file a lawsuit to seek damages
and to have the data corrected or expunged. American citizens and
permanent residents can generally do the same under the Privacy Act of
1974, but that statute does not extend to foreigners.
The Bush administration is trying to persuade the Europeans that other
options for correcting problems are satisfactory, including asking an
agency to correct any misinformation through administrative procedures.
For now, the European Union is holding to the position that its citizens
“require the ability to bring suit in U.S. courts specifically under the
Privacy Act for an agreement to be reached on redress,” the report said.
But the Bush administration does not want to make such a concession, in
part because it would require new legislation. The administration is
trying to achieve an agreement that would not require Congressional
action, Mr. Baker said.
David Sobel, a senior counsel with the Electronic Frontier Foundation, a
nonprofit organization dedicated to data-privacy rights, said the
administration’s depiction of the process of correcting mishandled data
through agency procedures sounds “very rosy,” but the reality is that it
is often impossible, even for American citizens, to win such a fight.
Officials said it remains unclear when the agreement can be completed.
But there are several pressures encouraging negotiators to sprint to the
finish.
Bush administration officials say they would like to resolve the problem
before they leave office next January. If the agreement does not require
legislative action, Mr. Bush could complete it with a signature.
European officials may have an easier time securing its approval now,
before the European Union completes proposed changes. Member nations now
ratify such accords, but the changes would hand ratification power to
the European Parliament, which has been skeptical of American
antiterrorism policies. The report says Europeans intended to wait until
2009 after the planned completion of the reforms to finish it. But the
changes are now facing likely delay after Irish voters rejected them in
a referendum this month.
In addition, businesses that operate on both sides of the Atlantic are
pushing to make sure they are not caught between conflicting legal
obligations.
“This will require compromise,” said Peter Fleischer, the global privacy
counsel for Google. “It will require people to agree on a framework that
balances two conflicting issues: privacy and security. But the need to
develop that kind of framework is becoming more important as more data
moves onto the Internet and circles across the global architecture.”
Home
* World
* U.S.
* N.Y. / Region
* Business
* Technology
* Science
* Health
* Sports
* Opinion
* Arts
* Style
* Travel
* Jobs
* Real Estate
* Automobiles
* Back to Top
Copyright 2008 The New York Times Company