Umbrella Agreement over EU-US citizen data heads to America

11 Sep 20158 Shares

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

EU citizens that have had their personal data misused by US authorities — in the US, within certain parameters — may soon be able to seek redress after the Umbrella Agreement headed over to Congress.

The long-running project sought to, basically, allow EU citizens similar rights to US citizens when dealing with the mishandling of personal data.

At the moment, it’s pretty much a one-way affair, with US citizens offered far bigger protections in the EU than EU citizens in the US.

If, for example, my name matched that of a wanted criminal in the US, they can grab my info and blacklist me from flights. As I don’t live over in the US, I can’t really sort that out.

A US citizen could go through EU courts to address it if it happened to them, though.

It’s nothing to do with consumer processes, it should be noted, merely dealing with the transfer of personal data, across the Atlantic, for police and judicial cooperation.

Think the current Microsoft court case, rather than Europe v Facebook, for example.

The text – which isn’t in the public domain just yet – sets rules for notifications in the case of a data breach, right to access and rectification, onward transfer to third states and retention periods.

“Once in force, this agreement will guarantee a high level of protection of all personal data when transferred between law enforcement authorities across the Atlantic,” said EU Commissioner Věra Jourová during the week.

“It will, in particular, guarantee that all EU citizens have the right to enforce their data protection rights in US courts.”

According to the guidelines of what this new agreement will actually do, if passed the data transferred between EU and US law enforcement authorities can only be shared for the purpose of preventing, investigating, detecting or prosecuting criminal offences.

As this is a deal involving politicians, this includes that surely now-defunct phrase “terrorism”, so hard to define, so easy to use.

The agreement has been sent through the EU processes ahead of the impending Europe v Facebook opinion, which the European Court of Justice is expected to give later this month.

It’s unclear how this Umbrella Agreement will make any difference to that case, though, as criminality is not a reason for Max Shrems’ details to be sent to the US.

Shrems’ dispute rests with Facebook’s handling of his personal data, and the madness that is Safe Harbour.

This all means nothing, though, until it passes through the US legal system.

Considering the ECJ opinion is coming soon, here is video of when Shrems spoke with us about data privacy earlier this year.

Main image, via Shutterstock

Gordon Hunt is senior communications and context executive at NDRC. He previously worked as a journalist with Silicon Republic.

editorial@siliconrepublic.com