On February 1, 2017, the EU-U.S. “Umbrella” agreement on the protection of personal data in the prevention, investigation and prosecution of criminal offences came into force. It establishes a common framework for the protection of data exchanged and processed by law enforcement authorities. Yesterday, the European Parliament voted in favour of the adoption of the EU-US Umbrella Agreement, a framework for the exchange of personal data for repressive purposes (including counter-terrorism purposes) between the EU and the US. As we have already explained, negotiations have been going on for some time and the European Parliament first requested it in March 2009. Decision (EU) 2016/920 on the signing of the agreement between the United States and the European Union on the protection of personal data in the context of the prevention, research, detection and prosecution of criminal offences The Federal Data Protection Act 1974 obliges federal authorities that keep personal data to protect such data. This obligation and responsibility arises from the collection of personal data. Therefore, it does not matter what the citizenship or origin of the data owner is. EPIC has already made recommendations on modernizing the Data Protection Act. EPIC provided routine feedback to federal authorities on compliance with the Data Protection Act, and we appealed to the U.S. Supreme Court in two cases of the Data Protection Act, Doe v. Chao and FAA against Cooper.
EPIC has also written in detail about data protection issues related to the transfer of personal data between the European Union and the United States. On 8 September 2015, European and US officials announced that they had reached a data protection agreement for transatlantic criminal investigations. The EUROPEAN Commissioner for Justice said: “Once this agreement is in force, it will guarantee a high level of protection for all personal data if it is transferred between law enforcement agencies across the Atlantic.” Despite the announcements, neither U.S. officials nor their European counterparts have made the text of the agreement public. EPIC supports the establishment of a comprehensive legal framework for cross-border data flows. Epic had previously insisted that the United States begin ratifying Council of Europe Convention 108. The agreement provides for a number of safeguards for personal data when it is exchanged between police and criminal justice services, including: EU-US agreement on protection standards for the transfer of personal data between EU and US law enforcement agencies The full text of the US-EU agreement on the protection of personal data in the context of the prevention, investigation, detection and prosecution of criminal offences (Umbrella Agreement) was first published by Statewatch. On 14 September 2015, the European Parliament published the unofficial version of the agreement. EPIC follows the publication of the document by U.S.
and European agencies. EU officials were quite inflated when voting on the adoption of the agreement. The European Commission press release describes this as a “historic” and “unique” agreement, which “guarantees a high level of protection of the personal data of EU citizens transmitted to judicial and police authorities on the other side of the Atlantic”. And Jan Philipp Albrecht, MEP in charge of reviewing the agreement and rapporteur of the General Data Protection Regulation, said the agreement would guarantee “high and binding standards and strong rights for citizens on both sides of the Atlantic” and “take data protection with the United States to a new level.” But finalizing the agreement is hampered by the potentially conflicting priorities of the future Trump administration regarding the protections required under the Umbrella agreement.