In his Opinion, published today, the European Data Protection Supervisor (EDPS) expressed his support for the EU-US Umbrella Agreement initiative. He recommended three essential improvements in the arrangement designed to set a global precedent for the sustainable sharing and transfer of personal data for law enforcement purposes, and to increase trust between the two strategic partners. He also encouraged other clarifications before the initialled Agreement is signed.
Giovanni Buttarelli, EDPS, said: "Globalisation means that governments are working harder than ever to combat crime which implies more structured sharing of relevant information. The EU-US Umbrella Agreement may set a new international standard. To succeed, we encourage the Parties to carefully consider significant recent developments. They will help to introduce an arrangement fully compatible with the EU constitutional principles, in particular the EU Charter of Fundamental Rights".
The EDPS welcomes and shares the intention of both the EU and US negotiators to ensure a high level of protection for personal data in transfers between the Parties for law enforcement purposes, and appreciates their commitment to introducing effective safeguards.
The last round of negotiations on the ´Umbrella Agreement´ was concluded in advance of recent legal developments (in particular, the political agreement on the EU data protection reform package and the EU Court of Justice ruling on the Schrems case). Also in the light of this context, some improvements and clarifications are considered as necessary to ensure that the proposed Agreement reflects their spirit.
In his Opinion, the EDPS provides constructive and objective advice on the clarifications and improvements necessary to ensure that the proposed Agreement adequately upholds the rights of individuals. Particular concerns include the effectiveness of judicial redress, the prevention of bulk transfer of sensitive data and ensuring that all the envisaged safeguards will apply to everyone protected by the Charter, not only EU nationals.
By providing a framework for transatlantic data transfers, the EU-US Umbrella Agreement should show how the EU can lead by example in reinforcing the rights to privacy and to the protection of personal data.
Privacy and data protection are fundamental rights in the EU. Data protection is a fundamental right, protected by European law and enshrined in Article 8 of the Charter of Fundamental Rights of the European Union.
More specifically, the rules for data protection in the EU institutions - as well as the duties of the European Data Protection Supervisor (EDPS) - are set out in Regulation (EC) No 45/2001. The EDPS is a relatively new but increasingly influential independent supervisory authority with responsibility for monitoring the processing of personal data by the EU institutions and bodies, advising on policies and legislation that affect privacy and cooperating with similar authorities to ensure consistent data protection.
Giovanni Buttarelli (EDPS) and Wojciech Wiewiórowski (Assistant EDPS) are members of the institution, appointed by a joint decision of the European Parliament and the Council. Assigned for a five year term, they took office on 4 December 2014.
Personal information or data: Any information relating to an identified or identifiable natural (living) person. Examples include names, dates of birth, photographs, video footage, email addresses and telephone numbers. Other details such as IP addresses and communications content - related to or provided by end-users of communications services - are also considered as personal data.
Privacy: the right of an individual to be left alone and in control of information about his or herself. The right to privacy or private life is enshrined in the Universal Declaration of Human Rights (Article 12), the European Convention of Human Rights (Article 8) and the European Charter of Fundamental Rights (Article 7). The Charter also contains an explicit right to the protection of personal data (Article 8)
Processing of personal data: According to Article 2(b) of Regulation (EC) No 45/2001, processing of personal data refers to "any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction." See the glossary on the EDPS website.