Recent work done by Hogan Lovells on EU national security access to data shows that the American intelligence-gathering framework imposes at least as much, if not more, due process and oversight on foreign intelligence surveillance than other countries afford in similar circumstances. In a detailed analysis of the misconceptions related to U.S. government intelligence-gathering for the IAPP Privacy Perspectives blog, Chis Wolf outlines “A Sober Look at National Security Access to Data in the Cloud,” a recently published Hogan Lovells white paper comparing U.S. intelligence-gathering under the FISA Amendments Act to the practices of five European countries.
Viviane Reding, Vice-President of the European Commission responsible for Justice, Fundamental Rights and Citizenship announced this week that she has begun exploratory talks with the United States for a comprehensive EU-US agreement for personal data protection standards to apply whenever personal data needs to be transferred across the Atlantic for the purposes of police and judicial cooperation in criminal matters. This blog entry explores that development and describes a related conversation the author had with Ms. Reding on the need for reappraisal by the EU of whether the US has “adequate protections” for the cross-border transfer of personal data.
The Düsseldorfer Kreis, a working group consisting of representatives from Germany’s sixteen state data protection authorities, issued a Decision (dated 28/29 April 2010) on the transfer of personal data from German companies to U.S. companies which are certified under the U.S.-EU Safe Harbor framework. It stated that Safe Harbor certification of the U.S. company alone is not sufficient to safeguard the transfer because European and U.S. regulators currently do not ensure that the U.S. companies comply with the self-certification. Therefore, German companies are now required to take additional steps when transferring data to the US under the Safe Harbor.