ALDE misgivings about EU-US Umbrella Agreement loopholes

The ALDE Group in the European Parliament has question marks about the compatibility of the EU-US data protection agreement with the EU treaties. This is the reason why European liberals and democrats proposed the European Parliament seeks an opinion from the Court of Justice. However, a majority of political groups in the European Parliament voted to give consent today to this agreement despite concerns expressed by legal experts of the Working Party 29 and the legal service of the European Parliament.

The purpose of the so called “umbrella agreement” is to ensure a high level of protection of personal information and enhance cooperation between the US and the EU in relation to the prevention, investigation, detection or prosecution of criminal offences, including terrorism.

Sophie in ‘t Veld, ALDE shadow rapporteur for the umbrella agreement and ALDE spokesperson for data protection, said: “We were the first ones to call for a data protection agreement with the US, as the flow of personal data was growing. A set of standards was clearly needed and this agreement represents significant progress in that sense”.

“However, although this new framework certainly strengthens data protection safeguards, legal concerns persist in the “small print” of the Umbrella Agreement”

“The European Commission considers that the commitment from the US government to fulfil the agreement is enough. However, the chances that all elements of the agreement will be effectively enacted are almost null”. “For the Umbrella Agreement to be valid, the US needs to ensure that certain data bases, such as those holding passenger data or bank data (“Swift” data), are no longer exempt from the Privacy Act.  For this to be fulfilled under the Obama administration was already doubtful; with the upcoming Trump administration it seems practically impossible. This is even more important because, once the agreement enters into force, the US are deemed to have fulfilled the ‘appropriate safeguards’ for data transfers required by the recently adopted EU Data Protection Directive for law enforcement”

Furthermore, the Alde group highlights that the right to judicial redress in the agreement is made conditional on the EU allowing the transfer of data for commercial purposes, and it excludes EU residents who are not EU citizens. Sophie in ‘t Veld added: “It is surprising to see that other groups, including the rapporteur of the Green Group, have so much confidence in the upcoming Trump administration with regards to privacy protection. Their argument that citizens may challenge the agreement in court puts the burden on the citizen. It should be for us, politicians, to take responsibility for the protection of citizens’ rights”. “Europe must stop the adoption of pieces of legislation that are not legally sound and declared invalid by the Court afterwards. We should have taken more time if needed, until we were sure that the agreement signed with the US fully respects European legislation”.

“The EU has just upgraded our standards for the protection of our personal data with the approval of the data protection package. We should not lower them again through the back door”.  Jan Philipp Albrecht (Greens/EFA, DE) – EU-US data protection agreement

The European Parliament has by a large majority agreed the EU-US data protection agreement for police and law enforcement authorities (“Umbrella agreement”).

Jan Philipp Albrecht, rapporteur and Green justice spokesperson, welcomed the agreement, which for the first time sets high and binding data protection standards for data transfers.

“Thanks to this agreement, we can now look forward to high, binding standards and strong rights for citizens on both sides of the Atlantic when data is exchanged between police and law enforcement agencies. This should mark the beginning of a new approach when it comes to negotiating fundamental rights, with an emphasis on setting high and legally binding standards, rather than simply ensuring the bare minimum standards are met. 

“I am pleased that we have secured binding clarification that the agreement does not represent a legal basis for new data transfers, but protects the data that is already exchanged legally. Data protection authorities will be able to check compliance at any time.”