On September 8, 2015, the EU-US data protection “Umbrella agreement” negotiations were finalized.
The “Umbrella Agreement” establishes a comprehensive data protection framework for EU-US law enforcement cooperation. The agreement covers all personal data (for example names, addresses, criminal records) exchanged between the EU and the U.S. for the purpose of prevention, detection, investigation and prosecution of criminal offences, including terrorism.
The purpose is creating harmonized data protection rules when personal data are exchanged between police and criminal justice authorities.
In particular, the Umbrella Agreement provides the following protections:
- Clear limitations on data use – Personal data may only be used for the purpose of preventing, investigating, detecting or prosecuting criminal offences, and may not be processed beyond compatible purposes.
- Onward transfer – Any onward transfer to a non-US, non-EU country is subject to prior consent of the competent authority of the country which had originally transferred personal data.
- Retention periods – Individuals’ personal data may not be retained for longer than necessary. Retention periods will have to be publicly available.
- Right to access and rectification – Individual are entitled to access their personal data – subject to certain conditions, given the law enforcement context – and to request corrections.
- Information in case of data security breaches – A mechanism will be put in place so as to ensure notification of data security breaches to the competent authority and, where appropriate, the data subject.
- Judicial redress and enforceability of rights – EU citizens will have the right to seek judicial redress before US courts in case the US authorities deny access, or unlawfully disclose their personal data.
The Umbrella Agreement will be signed and formally concluded only after the US Judicial Redress Bill (H.R. 1428, the Judicial Redress Act), granting judicial redress rights to EU citizens, is adopted.
More information is available at http://ec.europa.eu…
More information on data protection in the EU is available at http://ec.europa.eu…
More information on Bill H.R. 1428 is available at https://www.congress.gov…
For more information, Francesca Giannoni-Crystal