BETA


2016/0126(NLE) EU/USA Agreement: protection of personal information relating to the prevention, investigation, detection, and prosecution of criminal offenses

Progress: Procedure completed

RoleCommitteeRapporteurShadows
Lead LIBE ALBRECHT Jan Philipp (icon: Verts/ALE Verts/ALE) VOSS Axel (icon: PPE PPE), LAURISTIN Marju (icon: S&D S&D), STEVENS Helga (icon: ECR ECR), IN 'T VELD Sophia (icon: ALDE ALDE), WINBERG Kristina (icon: EFDD EFDD)
Committee Opinion AFET
Committee Opinion JURI DZHAMBAZKI Angel (icon: ECR ECR) Max ANDERSSON (icon: Verts/ALE Verts/ALE), Mady DELVAUX (icon: S&D S&D), António MARINHO E PINTO (icon: ALDE ALDE)
Lead committee dossier:
Legal Basis:
TFEU 016-p2, TFEU 218-p6a

Events

2016/12/10
   Final act published in Official Journal
Details

PURPOSE: to conclude, on behalf of the European Union, an Agreement between the United States of America and the European Union on the protection of personal information relating to the prevention, investigation, detection, and prosecution of criminal offences.

LEGISLATIVE ACT: Council Decision (EU) 2016/2220 on the conclusion, on behalf of the European Union, of the Agreement between the United States of America and the European Union on the protection of personal information relating to the prevention, investigation, detection, and prosecution of criminal offences.

CONTENT: under this Decision, the Agreement between the United States of America and the European Union on the protection of personal information relating to the prevention, investigation, detection, and prosecution of criminal offences is approved on behalf of the European Union. It was signed on 2 June 2016, subject to its conclusion at a later date.

Purpose : the Agreement aims to ensure a high level of protection of personal information and enhance cooperation between the United States and the European Union and its Member States, in relation to the prevention, investigation, - detection or prosecution of criminal offences, including terrorism .

For this purpose, this Agreement establishes the framework for the protection of personal information when transferred between the United States, on the one hand, and the European Union or its Member States, on the other.

This Agreement in and of itself shall not be the legal basis for any transfers of personal information. A legal basis for such transfers shall always be required. The Agreement supplements data protection safeguards in existing and future data transfer agreements or national provisions authorising such transfers.

Data protection principles and safeguards : the Agreement covers important principles governing personal data processing as well as key safeguards and limitations:

purpose and use limitations : the transfer of personal information shall be for specific purposes authorised by the legal basis for the transfer and the further processing of personal information by a Party shall not be incompatible with the purposes for which it was transferred; onward transfer : where a Competent Authority of one Party has transferred personal information relating to a specific case to a Competent Authority of the other Party, that information may be transferred to a State not bound by the present Agreement or international body only where the prior consent of the Competent Authority originally sending that information has been obtained; maintaining quality and integrity of information: the Parties shall take reasonable steps to ensure that personal information is maintained with such accuracy, relevance, timeliness and completeness as is necessary and appropriate for lawful processing of the information;

- information security and notification of an information security incident : the Parties shall ensure that they have in place appropriate technical, security and organisational arrangements for the protection of personal information against all of the following: (a) accidental or unlawful destruction; (b) accidental loss; and (c) unauthorised disclosure, alteration, access, or other processing;

- the setting of precise retention periods to ensure that data will not be retained longer than is necessary and appropriate. Processing of personal information revealing racial or ethnic origin, political opinions or religious or other beliefs, trade union membership or personal information concerning health or sexual life shall only take place under appropriate safeguards in accordance with law.

The Parties shall ensure that any individual is entitled to seek access to his or her personal information and request a rectification if they consider it to be either inaccurate or has been improperly processed. They shall also ensure that any individual is entitled to seek administrative redress where he or she believes that his or her request for access has been improperly denied.

ENTRY INTO FORCE: 10.12.2016.

2016/12/01
   EP - Results of vote in Parliament
2016/12/01
   EP - Decision by Parliament
Details

The European Parliament adopted by 481 votes to 75, with 88 abstentions, a legislative resolution on the draft Council decision on the conclusion, on behalf of the European Union, of the Agreement between the United States of America and the European Union on the protection of personal information relating to the prevention, investigation, detection, and prosecution of criminal offenses.

In line with the Committee on Civil Liberties, Justice and Home Affairs, the European Parliament gave its consent to the conclusion of the Agreement.

The Agreement aims at establishing a comprehensive framework of data protection principles and safeguards when personal information is transferred for criminal law enforcement purposes between the United States, on the one hand, and the European Union or its Member States on the other. Its objective is to ensure a high level of data protection.

Documents
2016/12/01
   EP - End of procedure in Parliament
2016/11/30
   EP - Debate in Parliament
2016/11/28
   EP - Committee report tabled for plenary, 1st reading/single reading
Details

The Committee on Civil Liberties, Justice and Home Affairs adopted the report by Jan Philipp ALBRECHT (Greens/EFA, DE) on the draft Council decision on the conclusion, on behalf of the European Union, of the Agreement between the United States of America and the European Union on the protection of personal information relating to the prevention, investigation, detection, and prosecution of criminal offenses.

The committee recommended that the European Parliament give its consent to the conclusion of the Agreement.

In the short justification accompanying the draft resolution, it is recalled that, following calls by the European Parliament, on 3 December 2010, the Council adopted a decision authorising the Commission to open negotiations on an Agreement between the European Union and the United States of America on the protection of personal data when transferred and processed for the purpose of preventing investigating, detecting or prosecuting criminal offences, including terrorism, in the framework of police cooperation and judicial cooperation in criminal matters.

On 28 March 2011, the Commission opened negotiations with the U.S. Department of Justice. Over the course of the negotiations, the Parliament was regularly informed.

The text of the agreement was initialled on 8 September 2015.

Following the adoption by the U.S. Congress of the Judicial Redress Act on 24 February 2016, on 18 July 2016, the Council decided to request the European Parliament to give its consent to the conclusion of the Agreement.

The purpose of the Agreement is to ensure a high level of protection of the fundamental rights and freedoms of individuals, in particular the right to privacy with the respect to the processing of personal data when personal data are transferred to competent authorities of the European Union and its Member States and the US for these purposes.

The Agreement contains provisions setting out the basic data protection principles, namely:

purpose and use limitations of personal data transferred; data quality and integrity and retention periods; rules on onward transfers, both to domestic authorities of the contracting party and to third country authorities or international organisation not bound by the Agreement. In the latter case, the prior consent of the law enforcement authority originally transferring the data is required.

One of the main novelties of the Umbrella Agreement is that it will allow the citizens of each Party to be able to seek judicial redress for the i) denial of access, ii) denial of rectification or iii) unlawful disclosure by the authorities of the other Party . These rights are exercised pursuant to the law of the State where they are invoked.

In order to overcome the lack of rights for non-US citizens, the US Congress adopted the Judicial Redress Act on 24 February 2016. This Act will extend to the citizens of “covered countries” (e.g. the Member States) some judicial redress grounds provided under the 1974 US Privacy Act.

Regarding the exemptions possible under Section 552a(j)(2) of the US Privacy Act, the data subject rights conferred by the Umbrella Agreement are formulated in an unconditional manner and accordingly, the US authorities may not invoke exemptions of the US Privacy Act for law enforcement databases to deny an effective judicial redress to EU citizens as it is currently the case for law enforcement databases such as for PNR data or the TFTP.

The Umbrella Agreement provides that the Parties shall have in place one or more public oversight authorities that exercise independent oversight functions and powers, including review, investigation and intervention, where appropriate on their own initiative. It shall be subject to periodic joint reviews.

The Rapporteur concluded that the agreement constitutes major progress for the protection of personal data when transferred between the EU and the US in the context of law enforcement activities.

Documents
2016/11/24
   EP - Vote in committee
2016/11/16
   EP - Amendments tabled in committee
Documents
2016/11/09
   EP - Committee opinion
Documents
2016/10/21
   EP - Committee draft report
Documents
2016/09/12
   EP - Committee referral announced in Parliament
2016/09/12
   EP - ALBRECHT Jan Philipp (Verts/ALE) appointed as rapporteur in LIBE
2016/07/12
   CSL - Legislative proposal
Details

PURPOSE: to conclude, on behalf of the European Union, the Agreement between the United States of America and the European Union on the protection of personal information relating to the prevention, investigation, detection, and prosecution of criminal offenses.

PROPOSED ACT: Council Decision.

ROLE OF THE EUROPEAN PARLIAMENT: Council may adopt the act only if Parliament has given its consent to the act.

BACKGROUND: the Agreement between the United States of America and the European Union on the protection of personal information relating to the prevention, investigation, detection, and prosecution of criminal offenses was signed on 2 June 2016 , subject to its conclusion at a later date.

The Agreement should now be approved on behalf of the Union.

The Union has competence covering all the provisions of the Agreement.

In particular, the Union adopted Directive (EU) 2016/680 of the European Parliament and of the Council1 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data. This Directive provides transfers by Member States subject to appropriate safeguards.

CONTENT: the draft Council Decision seeks to approve, on behalf of the European Union , the Agreement between the United States of America and the European Union on the protection of personal information relating to the prevention, investigation, detection, and prosecution of criminal offenses.

The Agreement aims at establishing a comprehensive framework of data protection principles and safeguards when personal information is transferred for criminal law enforcement purposes between the United States, on the one hand, and the European Union or its Member States on the other. Its objective is to ensure a high level of data protection and, thereby, enhance cooperation between the parties.

Whilst not being itself the legal basis for any transfer of personal information to the United States, the Agreement supplements, where necessary, data protection safeguards in existing and future data transfer agreements or national provisions authorising such transfers.

The United Kingdom and Ireland are not bound by the rules laid down in the Agreement which relate to the processing of personal data by the Member States when carrying out activities which fall within the scope of Chapter 4 or 5 of Title V of Part Three of the TFEU where the United Kingdom and Ireland are not bound by the rules governing the forms of judicial cooperation in criminal matters or police cooperation which require compliance with the provisions laid down in the Agreement.

Denmark is not bound by the rules laid down in the Agreement or subject to their application which relate to the processing of personal data by the Member States when carrying out activities which fall within the scope of Chapter 4 or 5 of Title V of Part Three of the TFEU.

Documents
2016/07/11
   EC - Legislative proposal published
Details

PURPOSE: to conclude, on behalf of the European Union, the Agreement between the United States of America and the European Union on the protection of personal information relating to the prevention, investigation, detection, and prosecution of criminal offenses.

PROPOSED ACT: Council Decision.

ROLE OF THE EUROPEAN PARLIAMENT: Council may adopt the act only if Parliament has given its consent to the act.

BACKGROUND: the Agreement between the United States of America and the European Union on the protection of personal information relating to the prevention, investigation, detection, and prosecution of criminal offenses was signed on 2 June 2016 , subject to its conclusion at a later date.

The Agreement should now be approved on behalf of the Union.

The Union has competence covering all the provisions of the Agreement.

In particular, the Union adopted Directive (EU) 2016/680 of the European Parliament and of the Council1 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data. This Directive provides transfers by Member States subject to appropriate safeguards.

CONTENT: the draft Council Decision seeks to approve, on behalf of the European Union , the Agreement between the United States of America and the European Union on the protection of personal information relating to the prevention, investigation, detection, and prosecution of criminal offenses.

The Agreement aims at establishing a comprehensive framework of data protection principles and safeguards when personal information is transferred for criminal law enforcement purposes between the United States, on the one hand, and the European Union or its Member States on the other. Its objective is to ensure a high level of data protection and, thereby, enhance cooperation between the parties.

Whilst not being itself the legal basis for any transfer of personal information to the United States, the Agreement supplements, where necessary, data protection safeguards in existing and future data transfer agreements or national provisions authorising such transfers.

The United Kingdom and Ireland are not bound by the rules laid down in the Agreement which relate to the processing of personal data by the Member States when carrying out activities which fall within the scope of Chapter 4 or 5 of Title V of Part Three of the TFEU where the United Kingdom and Ireland are not bound by the rules governing the forms of judicial cooperation in criminal matters or police cooperation which require compliance with the provisions laid down in the Agreement.

Denmark is not bound by the rules laid down in the Agreement or subject to their application which relate to the processing of personal data by the Member States when carrying out activities which fall within the scope of Chapter 4 or 5 of Title V of Part Three of the TFEU.

Documents
2016/07/11
   EP - DZHAMBAZKI Angel (ECR) appointed as rapporteur in JURI
2016/05/20
   EP/CSL - Act adopted by Council after consultation of Parliament
2016/05/20
   CSL - Council Meeting
2016/05/18
   CSL - Document attached to the procedure
Documents
2016/04/29
   EC - Document attached to the procedure
2016/04/29
   EP - Preparatory document
Details

PURPOSE: to conclude, on behalf of the European Union, an Agreement between the United States of America and the European Union on the protection of personal information relating to the prevention, investigation, detection, and prosecution of criminal offenses.

PROPOSED ACT: Council Decision.

ROLE OF THE EUROPEAN PARLIAMENT: Council may adopt the act only if Parliament has given its consent to the act.

BACKGROUND: in 2006, a High Level Contact Group ("HLCG"), composed of senior officials from the Commission, the Council Presidency and the U.S. Departments of Justice, Homeland Security and State, was established to explore ways that would enable the EU and the U.S. to work more efficiently together in the exchange of law enforcement information while ensuring that the protection of personal data and privacy are guaranteed. The conclusion reached in the HLCG final report of October 20091 was that an international agreement binding both the EU and the U.S. to apply agreed common data protection principles for transatlantic data transfers in the law enforcement area was the best option.

On 3 December 2010, the Council adopted a decision authorising the Commission to open negotiations on such an agreement between the European Union and the United States of America. On 28 March 2011, the Commission opened negotiations. On 8 September 2015, the Parties initialled the text.

The Agreement should now be concluded on behalf of the European Union.

CONTENT: the Commission proposes that the Council adopt a decision approving, on behalf of the EU, the Agreement between the United States of America and the European Union on the protection of personal information relating to the prevention, investigation, detection, and prosecution of criminal offenses.

The Agreement aims to establish a comprehensive framework of data protection principles and safeguards when personal information is transferred for criminal law enforcement purposes between the U.S., on the one hand, and the EU or its Member States on the other . The objective is to ensure a high level of personal data protection when transferred between the U.S., on the one hand, and the EU or its Member States on the other, for law enforcement purposes and, thereby, enhance cooperation between the parties.

Whilst not being itself the legal basis for any transfer of personal information to the U.S., the Agreement supplements, where necessary, data protection safeguards in existing and future data transfer agreements or national provisions authorising such transfers.

1) Scope and general objectives : the Agreement aims to establish for the first time, a data protection instrument that covers in a comprehensive and consistent manner all data transfers in a given area (i.e. transatlantic data exchanges in the field of police cooperation and judicial cooperation in criminal matters).

Furthermore, the Agreement will substantiate in the transatlantic context the general requirements on international data transfers laid down in the future directive on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the free movement of such data adopted on 14 April 2016.

2) Data protection principles and safeguards: the Agreement covers important principles governing personal data processing as well as key safeguards and limitations:

Purpose and use limitations : processing (which includes transfers) can take place only for explicit and legitimate purposes within the scope of the Umbrella Agreement, i.e. the prevention, investigation, detection or prosecution of criminal offences.

The Agreement ensures the application of the safeguards to the entire "life cycle" of a given data set from the original transfer from the EU to its processing by a U.S. competent authority and vice-versa, as well as its possible further processing by another U.S. authority or, in the case of a data transfer from the U.S. to a competent authority of the EU or (one of) its Member States, its possible further sharing with/processing by another EU or Member State authority.

Onward transfer: if a U.S. authority intends to further transfer data it has received from the EU or one of its Member States to a third country/international organisation not bound by the agreement, it will first have to obtain consent from the law enforcement authority in the EU which has originally transferred the data to the United States. This rule equally applies where an authority of the EU or one of its Member States intends to further transfer data it has received from the U.S. to a third country/international organisation.

The provisions expressly take into account the special sensitivity of the transfer in bulk of data of unsuspected persons (e.g. PNR data of every passenger taking a flight, independently of any specific suspicion). The Agreement requires that any further transfer of personal information other than in relation to specific cases, may only take place under specific conditions that provide due justification for the onward transfer.

In addition, the Parties to the Agreement must take measures to ensure:

data quality a nd integrity of information ; information security and notification of an information security incident ; effective methods (such as logs) for demonstrating the lawfulness of processing and use of personal information; specific retention periods in order to ensure that data will not be retained for longer than necessary and appropriate. The retention periods will be subject to periodic reviews and will have to be published or otherwise made publicly available.

Special categories of data : the processing of personal data revealing racial or ethnic origin, political opinions or religious or other beliefs, trade-union membership or personal information concerning health or sexual life, may only take place when appropriate safeguards are in place in accordance with law (e.g. masking the information after effecting the purpose for which the data was processed or requiring supervisory approval to access the information).

3) Individual rights: data subjects will be able, for the first time, to avail themselves of rights of general application for any transatlantic transfer of personal data in the criminal law enforcement sector, these being:

the right to access data and the right to rectification of data which concern them ; the right to administrative redress if an individual disagrees with the outcome of his or her request for access/rectification of personal data; the right to seek judicial redress for the i) denial of access, ii) denial of rectification or iii) unlawful disclosure by the authorities of the other Party

4 ) Aspects relating to the application of the Agreement and oversight : measures must be put in pace in order to:

promote accountability of the authorities processing personal data covered by the Agreement; establish one or more public authorities exercising independent oversight functions and powers, including review, investigation and intervention; ensure cooperation between oversight authorities; national contact points shall be established to assist with the identification of the oversight authority to be addressed in a particular case; conduct periodic joint reviews of the implementation and effectiveness of the Agreement.

The Agreement will be of unlimited duration (which is justified by the nature of the Agreement as a framework providing for protections and safeguards, as well as in the light of the possibility of suspending and terminating the Agreement).

Documents

Activities

Votes

A8-0354/2016 - Jan Philipp Albrecht - Approbation #

2016/12/01 Outcome: +: 481, 0: 88, -: 75
DE IT PL GB ES RO BE FR HU BG PT CZ SK NL SE FI HR SI AT LT MT LU DK EE LV CY IE EL
Total
82
65
49
59
42
24
21
61
16
16
20
17
12
23
16
12
11
8
16
9
6
5
9
6
6
4
10
18
icon: PPE PPE
188

Finland PPE

2

Luxembourg PPE

2

Estonia PPE

For (1)

1
icon: S&D S&D
165

Belgium S&D

4
3

Netherlands S&D

2

Croatia S&D

2

Slovenia S&D

For (1)

1

Austria S&D

For (1)

4

Malta S&D

3

Luxembourg S&D

For (1)

1

Estonia S&D

For (1)

1

Latvia S&D

Against (1)

1

Cyprus S&D

2

Ireland S&D

For (1)

1
icon: ECR ECR
65

Italy ECR

2

Romania ECR

For (1)

1

Bulgaria ECR

2

Czechia ECR

2

Netherlands ECR

2
2

Croatia ECR

For (1)

1

Denmark ECR

2

Latvia ECR

For (1)

1

Cyprus ECR

1

Greece ECR

Against (1)

1
icon: Verts/ALE Verts/ALE
42

United Kingdom Verts/ALE

5

Belgium Verts/ALE

2
4

Hungary Verts/ALE

For (1)

1

Netherlands Verts/ALE

2

Sweden Verts/ALE

3

Finland Verts/ALE

For (1)

1

Croatia Verts/ALE

For (1)

1

Slovenia Verts/ALE

For (1)

1

Austria Verts/ALE

3

Lithuania Verts/ALE

For (1)

1

Luxembourg Verts/ALE

For (1)

1

Estonia Verts/ALE

For (1)

1

Latvia Verts/ALE

1
icon: ALDE ALDE
62

Germany ALDE

Abstain (1)

3

United Kingdom ALDE

Abstain (1)

1

Romania ALDE

3

Bulgaria ALDE

4

Sweden ALDE

2

Croatia ALDE

2

Slovenia ALDE

For (1)

1

Austria ALDE

Against (1)

1

Lithuania ALDE

3

Luxembourg ALDE

For (1)

1

Denmark ALDE

3

Estonia ALDE

For (1)

Abstain (2)

3

Ireland ALDE

Abstain (1)

1
icon: EFDD EFDD
34

Germany EFDD

1

Poland EFDD

1

France EFDD

1

Sweden EFDD

2

Lithuania EFDD

Abstain (1)

1
icon: NI NI
14

Germany NI

1

Italy NI

1

Poland NI

Against (1)

1

United Kingdom NI

For (1)

Against (2)

3

France NI

Against (1)

2

Hungary NI

Abstain (1)

1
icon: ENF ENF
35

Germany ENF

Against (1)

1

Poland ENF

2

United Kingdom ENF

Abstain (1)

1

Romania ENF

Abstain (1)

1

Belgium ENF

For (1)

1

Netherlands ENF

3
icon: GUE/NGL GUE/NGL
38

Germany GUE/NGL

4

Italy GUE/NGL

Abstain (1)

3

United Kingdom GUE/NGL

Against (1)

1

France GUE/NGL

2

Portugal GUE/NGL

3

Czechia GUE/NGL

2

Netherlands GUE/NGL

3

Sweden GUE/NGL

Against (1)

1

Finland GUE/NGL

For (1)

1

Denmark GUE/NGL

Abstain (1)

1

Cyprus GUE/NGL

Against (1)

1
4
AmendmentsDossier
2 2016/0126(NLE)
2016/11/16 LIBE 2 amendments...
source: 594.012

History

(these mark the time of scraping, not the official date of the change)

docs/2
date
2016-07-12T00:00:00
docs
url: http://register.consilium.europa.eu/content/out?lang=EN&typ=SET&i=ADV&RESULTSET=1&DOC_ID=8523%2F16&DOC_LANCD=EN&ROWSPP=25&NRROWS=500&ORDERBY=DOC_DATE+DESC title: 08523/2016
summary
type
Legislative proposal
body
CSL
events/2/date
Old
2016-07-12T00:00:00
New
2016-07-11T00:00:00
procedure/subtype
Old
Consent by Parliament
New
  • Consent by Parliament
  • See also 2016/3004(RSP)
committees/0/shadows/4
name
ERNST Cornelia
group
European United Left - Nordic Green Left
abbr
GUE/NGL
docs/2/docs/0/url
Old
http://www.europarl.europa.eu/sides/getDoc.do?type=COMPARL&mode=XML&language=EN&reference=PE592.131
New
https://www.europarl.europa.eu/doceo/document/LIBE-PR-592131_EN.html
docs/3/docs/0/url
Old
http://www.europarl.europa.eu/sides/getDoc.do?type=COMPARL&mode=XML&language=EN&reference=PE592.225&secondRef=02
New
https://www.europarl.europa.eu/doceo/document/JURI-AD-592225_EN.html
docs/4/docs/0/url
Old
http://www.europarl.europa.eu/sides/getDoc.do?type=COMPARL&mode=XML&language=EN&reference=PE594.012
New
https://www.europarl.europa.eu/doceo/document/LIBE-AM-594012_EN.html
events/3/type
Old
Committee referral announced in Parliament, 1st reading/single reading
New
Committee referral announced in Parliament
events/4/type
Old
Vote in committee, 1st reading/single reading
New
Vote in committee
events/5/docs/0/url
Old
http://www.europarl.europa.eu/doceo/document/A-8-2016-0354_EN.html
New
https://www.europarl.europa.eu/doceo/document/A-8-2016-0354_EN.html
events/6/docs/0/url
Old
http://www.europarl.europa.eu/sides/getDoc.do?secondRef=TOC&language=EN&reference=20161130&type=CRE
New
https://www.europarl.europa.eu/doceo/document/CRE-8-2016-11-30-TOC_EN.html
events/8
date
2016-12-01T00:00:00
type
Decision by Parliament
body
EP
docs
url: https://www.europarl.europa.eu/doceo/document/TA-8-2016-0465_EN.html title: T8-0465/2016
summary
events/8
date
2016-12-01T00:00:00
type
Decision by Parliament, 1st reading/single reading
body
EP
docs
url: http://www.europarl.europa.eu/doceo/document/TA-8-2016-0465_EN.html title: T8-0465/2016
summary
procedure/Modified legal basis
Rules of Procedure EP 159
procedure/Other legal basis
Rules of Procedure EP 159
procedure/subtype
Old
  • Consent by Parliament
  • See also 2016/3004(RSP)
New
Consent by Parliament
committees/0
type
Responsible Committee
body
EP
associated
False
committee_full
Civil Liberties, Justice and Home Affairs
committee
LIBE
rapporteur
name: ALBRECHT Jan Philipp date: 2016-09-12T00:00:00 group: Greens/European Free Alliance abbr: Verts/ALE
shadows
committees/0
type
Responsible Committee
body
EP
associated
False
committee_full
Civil Liberties, Justice and Home Affairs
committee
LIBE
date
2016-09-12T00:00:00
rapporteur
name: ALBRECHT Jan Philipp group: Greens/European Free Alliance abbr: Verts/ALE
shadows
committees/2
type
Committee Opinion
body
EP
associated
False
committee_full
Legal Affairs
committee
JURI
rapporteur
name: DZHAMBAZKI Angel date: 2016-07-11T00:00:00 group: European Conservatives and Reformists abbr: ECR
committees/2
type
Committee Opinion
body
EP
associated
False
committee_full
Legal Affairs
committee
JURI
date
2016-07-11T00:00:00
rapporteur
name: DZHAMBAZKI Angel group: European Conservatives and Reformists abbr: ECR
events/0
date
2016-04-29T00:00:00
type
Preparatory document
body
EP
docs
summary
events/0
date
2016-04-29T00:00:00
type
Initial legislative proposal published
body
EC
docs
summary
events/5/docs/0/url
Old
http://www.europarl.europa.eu/sides/getDoc.do?type=REPORT&mode=XML&reference=A8-2016-0354&language=EN
New
http://www.europarl.europa.eu/doceo/document/A-8-2016-0354_EN.html
events/8/docs/0/url
Old
http://www.europarl.europa.eu/sides/getDoc.do?type=TA&language=EN&reference=P8-TA-2016-0465
New
http://www.europarl.europa.eu/doceo/document/TA-8-2016-0465_EN.html
committees/0
type
Responsible Committee
body
EP
associated
False
committee_full
Civil Liberties, Justice and Home Affairs
committee
LIBE
date
2016-09-12T00:00:00
rapporteur
name: ALBRECHT Jan Philipp group: Greens/European Free Alliance abbr: Verts/ALE
shadows
committees/0
type
Responsible Committee
body
EP
associated
False
committee_full
Civil Liberties, Justice and Home Affairs
committee
LIBE
date
2016-09-12T00:00:00
rapporteur
name: ALBRECHT Jan Philipp group: Greens/European Free Alliance abbr: Verts/ALE
shadows
activities
  • date: 2016-04-29T00:00:00 docs: url: http://www.europarl.europa.eu/RegData/docs_autres_institutions/commission_europeenne/com/2016/0237/COM_COM(2016)0237_EN.pdf title: COM(2016)0237 type: Initial legislative proposal published celexid: CELEX:52016PC0237:EN body: EC commission: DG: url: http://ec.europa.eu/justice/ title: Justice Commissioner: JOUROVÁ Věra type: Initial legislative proposal published
  • date: 2016-05-20T00:00:00 body: CSL type: Council Meeting council: Justice and Home Affairs (JHA) meeting_id: 3465
  • date: 2016-05-20T00:00:00 body: EP/CSL type: Act adopted by Council after consultation of Parliament
  • date: 2016-07-12T00:00:00 docs: url: http://register.consilium.europa.eu/content/out?lang=EN&typ=SET&i=ADV&RESULTSET=1&DOC_ID=8523%2F16&DOC_LANCD=EN&ROWSPP=25&NRROWS=500&ORDERBY=DOC_DATE+DESC type: Legislative proposal published title: 08523/2016 body: EC commission: DG: url: http://ec.europa.eu/justice/ title: Justice Commissioner: JOUROVÁ Věra type: Legislative proposal published
  • date: 2016-09-12T00:00:00 body: EP type: Committee referral announced in Parliament, 1st reading/single reading committees: body: EP responsible: False committee_full: Foreign Affairs committee: AFET body: EP responsible: False committee: JURI date: 2016-07-11T00:00:00 committee_full: Legal Affairs rapporteur: group: ECR name: DZHAMBAZKI Angel body: EP shadows: group: EPP name: VOSS Axel group: S&D name: LAURISTIN Marju group: ECR name: STEVENS Helga group: ALDE name: IN 'T VELD Sophia group: GUE/NGL name: ERNST Cornelia group: EFD name: WINBERG Kristina responsible: True committee: LIBE date: 2016-09-12T00:00:00 committee_full: Civil Liberties, Justice and Home Affairs rapporteur: group: Verts/ALE name: ALBRECHT Jan Philipp
  • date: 2016-11-24T00:00:00 body: EP type: Vote in committee, 1st reading/single reading committees: body: EP responsible: False committee_full: Foreign Affairs committee: AFET body: EP responsible: False committee: JURI date: 2016-07-11T00:00:00 committee_full: Legal Affairs rapporteur: group: ECR name: DZHAMBAZKI Angel body: EP shadows: group: EPP name: VOSS Axel group: S&D name: LAURISTIN Marju group: ECR name: STEVENS Helga group: ALDE name: IN 'T VELD Sophia group: GUE/NGL name: ERNST Cornelia group: EFD name: WINBERG Kristina responsible: True committee: LIBE date: 2016-09-12T00:00:00 committee_full: Civil Liberties, Justice and Home Affairs rapporteur: group: Verts/ALE name: ALBRECHT Jan Philipp
  • body: EP docs: url: http://www.europarl.europa.eu/sides/getDoc.do?type=REPORT&mode=XML&reference=A8-2016-0354&language=EN type: Committee report tabled for plenary, 1st reading/single reading title: A8-0354/2016 type: Committee report tabled for plenary, 1st reading/single reading committees: body: EP responsible: False committee_full: Foreign Affairs committee: AFET body: EP responsible: False committee: JURI date: 2016-07-11T00:00:00 committee_full: Legal Affairs rapporteur: group: ECR name: DZHAMBAZKI Angel body: EP shadows: group: EPP name: VOSS Axel group: S&D name: LAURISTIN Marju group: ECR name: STEVENS Helga group: ALDE name: IN 'T VELD Sophia group: GUE/NGL name: ERNST Cornelia group: EFD name: WINBERG Kristina responsible: True committee: LIBE date: 2016-09-12T00:00:00 committee_full: Civil Liberties, Justice and Home Affairs rapporteur: group: Verts/ALE name: ALBRECHT Jan Philipp date: 2016-11-28T00:00:00
  • date: 2016-11-30T00:00:00 docs: url: http://www.europarl.europa.eu/sides/getDoc.do?secondRef=TOC&language=EN&reference=20161130&type=CRE type: Debate in Parliament title: Debate in Parliament body: EP type: Debate in Parliament
  • date: 2016-12-01T00:00:00 docs: url: http://www.europarl.europa.eu/sides/getDoc.do?type=TA&language=EN&reference=P8-TA-2016-0465 type: Decision by Parliament, 1st reading/single reading title: T8-0465/2016 body: EP type: Decision by Parliament, 1st reading/single reading
  • date: 2016-12-10T00:00:00 type: Final act published in Official Journal
commission
  • body: EC dg: Justice and Consumers commissioner: JOUROVÁ Věra
committees/0
type
Responsible Committee
body
EP
associated
False
committee_full
Civil Liberties, Justice and Home Affairs
committee
LIBE
date
2016-09-12T00:00:00
rapporteur
name: ALBRECHT Jan Philipp group: Greens/European Free Alliance abbr: Verts/ALE
shadows
committees/0
body
EP
responsible
False
committee_full
Foreign Affairs
committee
AFET
committees/1
type
Committee Opinion
body
EP
associated
False
committee_full
Foreign Affairs
committee
AFET
opinion
False
committees/1
body
EP
responsible
False
committee
JURI
date
2016-07-11T00:00:00
committee_full
Legal Affairs
rapporteur
group: ECR name: DZHAMBAZKI Angel
committees/2
type
Committee Opinion
body
EP
associated
False
committee_full
Legal Affairs
committee
JURI
date
2016-07-11T00:00:00
rapporteur
name: DZHAMBAZKI Angel group: European Conservatives and Reformists abbr: ECR
committees/2
body
EP
shadows
responsible
True
committee
LIBE
date
2016-09-12T00:00:00
committee_full
Civil Liberties, Justice and Home Affairs
rapporteur
group: Verts/ALE name: ALBRECHT Jan Philipp
council
  • body: CSL type: Council Meeting council: Justice and Home Affairs (JHA) meeting_id: 3465 url: http://register.consilium.europa.eu/content/out?lang=EN&typ=SET&i=SMPL&ROWSPP=25&RESULTSET=1&NRROWS=500&DOC_LANCD=EN&ORDERBY=DOC_DATE+DESC&CONTENTS=3465*&MEET_DATE=20/05/2016 date: 2016-05-20T00:00:00
docs
  • date: 2016-04-29T00:00:00 docs: url: http://www.europarl.europa.eu/RegData/docs_autres_institutions/commission_europeenne/com/2016/0238/COM_COM(2016)0238_EN.pdf title: COM(2016)0238 url: https://eur-lex.europa.eu/smartapi/cgi/sga_doc?smartapi!celexplus!prod!DocNumber&lg=EN&type_doc=COMfinal&an_doc=2016&nu_doc=0238 title: EUR-Lex type: Document attached to the procedure body: EC
  • date: 2016-05-18T00:00:00 docs: url: http://register.consilium.europa.eu/content/out?lang=EN&typ=SET&i=ADV&RESULTSET=1&DOC_ID=8557%2F16&DOC_LANCD=EN&ROWSPP=25&NRROWS=500&ORDERBY=DOC_DATE+DESC title: 08557/2016 type: Document attached to the procedure body: CSL
  • date: 2016-10-21T00:00:00 docs: url: http://www.europarl.europa.eu/sides/getDoc.do?type=COMPARL&mode=XML&language=EN&reference=PE592.131 title: PE592.131 type: Committee draft report body: EP
  • date: 2016-11-09T00:00:00 docs: url: http://www.europarl.europa.eu/sides/getDoc.do?type=COMPARL&mode=XML&language=EN&reference=PE592.225&secondRef=02 title: PE592.225 committee: JURI type: Committee opinion body: EP
  • date: 2016-11-16T00:00:00 docs: url: http://www.europarl.europa.eu/sides/getDoc.do?type=COMPARL&mode=XML&language=EN&reference=PE594.012 title: PE594.012 type: Amendments tabled in committee body: EP
events
  • date: 2016-04-29T00:00:00 type: Initial legislative proposal published body: EC docs: url: http://www.europarl.europa.eu/RegData/docs_autres_institutions/commission_europeenne/com/2016/0237/COM_COM(2016)0237_EN.pdf title: COM(2016)0237 url: https://eur-lex.europa.eu/smartapi/cgi/sga_doc?smartapi!celexplus!prod!DocNumber&lg=EN&type_doc=COMfinal&an_doc=2016&nu_doc=0237 title: EUR-Lex summary: PURPOSE: to conclude, on behalf of the European Union, an Agreement between the United States of America and the European Union on the protection of personal information relating to the prevention, investigation, detection, and prosecution of criminal offenses. PROPOSED ACT: Council Decision. ROLE OF THE EUROPEAN PARLIAMENT: Council may adopt the act only if Parliament has given its consent to the act. BACKGROUND: in 2006, a High Level Contact Group ("HLCG"), composed of senior officials from the Commission, the Council Presidency and the U.S. Departments of Justice, Homeland Security and State, was established to explore ways that would enable the EU and the U.S. to work more efficiently together in the exchange of law enforcement information while ensuring that the protection of personal data and privacy are guaranteed. The conclusion reached in the HLCG final report of October 20091 was that an international agreement binding both the EU and the U.S. to apply agreed common data protection principles for transatlantic data transfers in the law enforcement area was the best option. On 3 December 2010, the Council adopted a decision authorising the Commission to open negotiations on such an agreement between the European Union and the United States of America. On 28 March 2011, the Commission opened negotiations. On 8 September 2015, the Parties initialled the text. The Agreement should now be concluded on behalf of the European Union. CONTENT: the Commission proposes that the Council adopt a decision approving, on behalf of the EU, the Agreement between the United States of America and the European Union on the protection of personal information relating to the prevention, investigation, detection, and prosecution of criminal offenses. The Agreement aims to establish a comprehensive framework of data protection principles and safeguards when personal information is transferred for criminal law enforcement purposes between the U.S., on the one hand, and the EU or its Member States on the other . The objective is to ensure a high level of personal data protection when transferred between the U.S., on the one hand, and the EU or its Member States on the other, for law enforcement purposes and, thereby, enhance cooperation between the parties. Whilst not being itself the legal basis for any transfer of personal information to the U.S., the Agreement supplements, where necessary, data protection safeguards in existing and future data transfer agreements or national provisions authorising such transfers. 1) Scope and general objectives : the Agreement aims to establish for the first time, a data protection instrument that covers in a comprehensive and consistent manner all data transfers in a given area (i.e. transatlantic data exchanges in the field of police cooperation and judicial cooperation in criminal matters). Furthermore, the Agreement will substantiate in the transatlantic context the general requirements on international data transfers laid down in the future directive on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the free movement of such data adopted on 14 April 2016. 2) Data protection principles and safeguards: the Agreement covers important principles governing personal data processing as well as key safeguards and limitations: Purpose and use limitations : processing (which includes transfers) can take place only for explicit and legitimate purposes within the scope of the Umbrella Agreement, i.e. the prevention, investigation, detection or prosecution of criminal offences. The Agreement ensures the application of the safeguards to the entire "life cycle" of a given data set from the original transfer from the EU to its processing by a U.S. competent authority and vice-versa, as well as its possible further processing by another U.S. authority or, in the case of a data transfer from the U.S. to a competent authority of the EU or (one of) its Member States, its possible further sharing with/processing by another EU or Member State authority. Onward transfer: if a U.S. authority intends to further transfer data it has received from the EU or one of its Member States to a third country/international organisation not bound by the agreement, it will first have to obtain consent from the law enforcement authority in the EU which has originally transferred the data to the United States. This rule equally applies where an authority of the EU or one of its Member States intends to further transfer data it has received from the U.S. to a third country/international organisation. The provisions expressly take into account the special sensitivity of the transfer in bulk of data of unsuspected persons (e.g. PNR data of every passenger taking a flight, independently of any specific suspicion). The Agreement requires that any further transfer of personal information other than in relation to specific cases, may only take place under specific conditions that provide due justification for the onward transfer. In addition, the Parties to the Agreement must take measures to ensure: data quality a nd integrity of information ; information security and notification of an information security incident ; effective methods (such as logs) for demonstrating the lawfulness of processing and use of personal information; specific retention periods in order to ensure that data will not be retained for longer than necessary and appropriate. The retention periods will be subject to periodic reviews and will have to be published or otherwise made publicly available. Special categories of data : the processing of personal data revealing racial or ethnic origin, political opinions or religious or other beliefs, trade-union membership or personal information concerning health or sexual life, may only take place when appropriate safeguards are in place in accordance with law (e.g. masking the information after effecting the purpose for which the data was processed or requiring supervisory approval to access the information). 3) Individual rights: data subjects will be able, for the first time, to avail themselves of rights of general application for any transatlantic transfer of personal data in the criminal law enforcement sector, these being: the right to access data and the right to rectification of data which concern them ; the right to administrative redress if an individual disagrees with the outcome of his or her request for access/rectification of personal data; the right to seek judicial redress for the i) denial of access, ii) denial of rectification or iii) unlawful disclosure by the authorities of the other Party 4 ) Aspects relating to the application of the Agreement and oversight : measures must be put in pace in order to: promote accountability of the authorities processing personal data covered by the Agreement; establish one or more public authorities exercising independent oversight functions and powers, including review, investigation and intervention; ensure cooperation between oversight authorities; national contact points shall be established to assist with the identification of the oversight authority to be addressed in a particular case; conduct periodic joint reviews of the implementation and effectiveness of the Agreement. The Agreement will be of unlimited duration (which is justified by the nature of the Agreement as a framework providing for protections and safeguards, as well as in the light of the possibility of suspending and terminating the Agreement).
  • date: 2016-05-20T00:00:00 type: Act adopted by Council after consultation of Parliament body: EP/CSL
  • date: 2016-07-12T00:00:00 type: Legislative proposal published body: EC docs: url: http://register.consilium.europa.eu/content/out?lang=EN&typ=SET&i=ADV&RESULTSET=1&DOC_ID=8523%2F16&DOC_LANCD=EN&ROWSPP=25&NRROWS=500&ORDERBY=DOC_DATE+DESC title: 08523/2016 summary: PURPOSE: to conclude, on behalf of the European Union, the Agreement between the United States of America and the European Union on the protection of personal information relating to the prevention, investigation, detection, and prosecution of criminal offenses. PROPOSED ACT: Council Decision. ROLE OF THE EUROPEAN PARLIAMENT: Council may adopt the act only if Parliament has given its consent to the act. BACKGROUND: the Agreement between the United States of America and the European Union on the protection of personal information relating to the prevention, investigation, detection, and prosecution of criminal offenses was signed on 2 June 2016 , subject to its conclusion at a later date. The Agreement should now be approved on behalf of the Union. The Union has competence covering all the provisions of the Agreement. In particular, the Union adopted Directive (EU) 2016/680 of the European Parliament and of the Council1 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data. This Directive provides transfers by Member States subject to appropriate safeguards. CONTENT: the draft Council Decision seeks to approve, on behalf of the European Union , the Agreement between the United States of America and the European Union on the protection of personal information relating to the prevention, investigation, detection, and prosecution of criminal offenses. The Agreement aims at establishing a comprehensive framework of data protection principles and safeguards when personal information is transferred for criminal law enforcement purposes between the United States, on the one hand, and the European Union or its Member States on the other. Its objective is to ensure a high level of data protection and, thereby, enhance cooperation between the parties. Whilst not being itself the legal basis for any transfer of personal information to the United States, the Agreement supplements, where necessary, data protection safeguards in existing and future data transfer agreements or national provisions authorising such transfers. The United Kingdom and Ireland are not bound by the rules laid down in the Agreement which relate to the processing of personal data by the Member States when carrying out activities which fall within the scope of Chapter 4 or 5 of Title V of Part Three of the TFEU where the United Kingdom and Ireland are not bound by the rules governing the forms of judicial cooperation in criminal matters or police cooperation which require compliance with the provisions laid down in the Agreement. Denmark is not bound by the rules laid down in the Agreement or subject to their application which relate to the processing of personal data by the Member States when carrying out activities which fall within the scope of Chapter 4 or 5 of Title V of Part Three of the TFEU.
  • date: 2016-09-12T00:00:00 type: Committee referral announced in Parliament, 1st reading/single reading body: EP
  • date: 2016-11-24T00:00:00 type: Vote in committee, 1st reading/single reading body: EP
  • date: 2016-11-28T00:00:00 type: Committee report tabled for plenary, 1st reading/single reading body: EP docs: url: http://www.europarl.europa.eu/sides/getDoc.do?type=REPORT&mode=XML&reference=A8-2016-0354&language=EN title: A8-0354/2016 summary: The Committee on Civil Liberties, Justice and Home Affairs adopted the report by Jan Philipp ALBRECHT (Greens/EFA, DE) on the draft Council decision on the conclusion, on behalf of the European Union, of the Agreement between the United States of America and the European Union on the protection of personal information relating to the prevention, investigation, detection, and prosecution of criminal offenses. The committee recommended that the European Parliament give its consent to the conclusion of the Agreement. In the short justification accompanying the draft resolution, it is recalled that, following calls by the European Parliament, on 3 December 2010, the Council adopted a decision authorising the Commission to open negotiations on an Agreement between the European Union and the United States of America on the protection of personal data when transferred and processed for the purpose of preventing investigating, detecting or prosecuting criminal offences, including terrorism, in the framework of police cooperation and judicial cooperation in criminal matters. On 28 March 2011, the Commission opened negotiations with the U.S. Department of Justice. Over the course of the negotiations, the Parliament was regularly informed. The text of the agreement was initialled on 8 September 2015. Following the adoption by the U.S. Congress of the Judicial Redress Act on 24 February 2016, on 18 July 2016, the Council decided to request the European Parliament to give its consent to the conclusion of the Agreement. The purpose of the Agreement is to ensure a high level of protection of the fundamental rights and freedoms of individuals, in particular the right to privacy with the respect to the processing of personal data when personal data are transferred to competent authorities of the European Union and its Member States and the US for these purposes. The Agreement contains provisions setting out the basic data protection principles, namely: purpose and use limitations of personal data transferred; data quality and integrity and retention periods; rules on onward transfers, both to domestic authorities of the contracting party and to third country authorities or international organisation not bound by the Agreement. In the latter case, the prior consent of the law enforcement authority originally transferring the data is required. One of the main novelties of the Umbrella Agreement is that it will allow the citizens of each Party to be able to seek judicial redress for the i) denial of access, ii) denial of rectification or iii) unlawful disclosure by the authorities of the other Party . These rights are exercised pursuant to the law of the State where they are invoked. In order to overcome the lack of rights for non-US citizens, the US Congress adopted the Judicial Redress Act on 24 February 2016. This Act will extend to the citizens of “covered countries” (e.g. the Member States) some judicial redress grounds provided under the 1974 US Privacy Act. Regarding the exemptions possible under Section 552a(j)(2) of the US Privacy Act, the data subject rights conferred by the Umbrella Agreement are formulated in an unconditional manner and accordingly, the US authorities may not invoke exemptions of the US Privacy Act for law enforcement databases to deny an effective judicial redress to EU citizens as it is currently the case for law enforcement databases such as for PNR data or the TFTP. The Umbrella Agreement provides that the Parties shall have in place one or more public oversight authorities that exercise independent oversight functions and powers, including review, investigation and intervention, where appropriate on their own initiative. It shall be subject to periodic joint reviews. The Rapporteur concluded that the agreement constitutes major progress for the protection of personal data when transferred between the EU and the US in the context of law enforcement activities.
  • date: 2016-11-30T00:00:00 type: Debate in Parliament body: EP docs: url: http://www.europarl.europa.eu/sides/getDoc.do?secondRef=TOC&language=EN&reference=20161130&type=CRE title: Debate in Parliament
  • date: 2016-12-01T00:00:00 type: Results of vote in Parliament body: EP docs: url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=27896&l=en title: Results of vote in Parliament
  • date: 2016-12-01T00:00:00 type: Decision by Parliament, 1st reading/single reading body: EP docs: url: http://www.europarl.europa.eu/sides/getDoc.do?type=TA&language=EN&reference=P8-TA-2016-0465 title: T8-0465/2016 summary: The European Parliament adopted by 481 votes to 75, with 88 abstentions, a legislative resolution on the draft Council decision on the conclusion, on behalf of the European Union, of the Agreement between the United States of America and the European Union on the protection of personal information relating to the prevention, investigation, detection, and prosecution of criminal offenses. In line with the Committee on Civil Liberties, Justice and Home Affairs, the European Parliament gave its consent to the conclusion of the Agreement. The Agreement aims at establishing a comprehensive framework of data protection principles and safeguards when personal information is transferred for criminal law enforcement purposes between the United States, on the one hand, and the European Union or its Member States on the other. Its objective is to ensure a high level of data protection.
  • date: 2016-12-01T00:00:00 type: End of procedure in Parliament body: EP
  • date: 2016-12-10T00:00:00 type: Final act published in Official Journal summary: PURPOSE: to conclude, on behalf of the European Union, an Agreement between the United States of America and the European Union on the protection of personal information relating to the prevention, investigation, detection, and prosecution of criminal offences. LEGISLATIVE ACT: Council Decision (EU) 2016/2220 on the conclusion, on behalf of the European Union, of the Agreement between the United States of America and the European Union on the protection of personal information relating to the prevention, investigation, detection, and prosecution of criminal offences. CONTENT: under this Decision, the Agreement between the United States of America and the European Union on the protection of personal information relating to the prevention, investigation, detection, and prosecution of criminal offences is approved on behalf of the European Union. It was signed on 2 June 2016, subject to its conclusion at a later date. Purpose : the Agreement aims to ensure a high level of protection of personal information and enhance cooperation between the United States and the European Union and its Member States, in relation to the prevention, investigation, - detection or prosecution of criminal offences, including terrorism . For this purpose, this Agreement establishes the framework for the protection of personal information when transferred between the United States, on the one hand, and the European Union or its Member States, on the other. This Agreement in and of itself shall not be the legal basis for any transfers of personal information. A legal basis for such transfers shall always be required. The Agreement supplements data protection safeguards in existing and future data transfer agreements or national provisions authorising such transfers. Data protection principles and safeguards : the Agreement covers important principles governing personal data processing as well as key safeguards and limitations: purpose and use limitations : the transfer of personal information shall be for specific purposes authorised by the legal basis for the transfer and the further processing of personal information by a Party shall not be incompatible with the purposes for which it was transferred; onward transfer : where a Competent Authority of one Party has transferred personal information relating to a specific case to a Competent Authority of the other Party, that information may be transferred to a State not bound by the present Agreement or international body only where the prior consent of the Competent Authority originally sending that information has been obtained; maintaining quality and integrity of information: the Parties shall take reasonable steps to ensure that personal information is maintained with such accuracy, relevance, timeliness and completeness as is necessary and appropriate for lawful processing of the information; - information security and notification of an information security incident : the Parties shall ensure that they have in place appropriate technical, security and organisational arrangements for the protection of personal information against all of the following: (a) accidental or unlawful destruction; (b) accidental loss; and (c) unauthorised disclosure, alteration, access, or other processing; - the setting of precise retention periods to ensure that data will not be retained longer than is necessary and appropriate. Processing of personal information revealing racial or ethnic origin, political opinions or religious or other beliefs, trade union membership or personal information concerning health or sexual life shall only take place under appropriate safeguards in accordance with law. The Parties shall ensure that any individual is entitled to seek access to his or her personal information and request a rectification if they consider it to be either inaccurate or has been improperly processed. They shall also ensure that any individual is entitled to seek administrative redress where he or she believes that his or her request for access has been improperly denied. ENTRY INTO FORCE: 10.12.2016. docs: title: Decision 2016/2220 url: https://eur-lex.europa.eu/smartapi/cgi/sga_doc?smartapi!celexplus!prod!CELEXnumdoc&lg=EN&numdoc=32016D2220 title: OJ L 336 10.12.2016, p. 0001 url: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:L:2016:336:TOC
links
other
  • body: EC dg: url: http://ec.europa.eu/justice/ title: Justice commissioner: JOUROVÁ Věra
procedure/Modified legal basis
Old
Rules of Procedure of the European Parliament EP 150
New
Rules of Procedure EP 159
procedure/dossier_of_the_committee
Old
LIBE/8/06417
New
  • LIBE/8/06417
procedure/final/title
Old
OJ L 336 10.12.2016, p. 0001
New
Decision 2016/2220
procedure/final/url
Old
http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:L:2016:336:TOC
New
https://eur-lex.europa.eu/smartapi/cgi/sga_doc?smartapi!celexplus!prod!CELEXnumdoc&lg=EN&numdoc=32016D2220
procedure/subject
Old
  • 1.20.09 Protection of privacy and data protection
  • 6.40.11 Relations with industrialised countries
  • 7.40.04 Judicial cooperation in criminal matters
New
1.20.09
Protection of privacy and data protection
6.40.11
Relations with industrialised countries
7.40.04
Judicial cooperation in criminal matters
procedure/subtype
Old
Consent by Parliament
New
  • Consent by Parliament
  • See also 2016/3004(RSP)
procedure/summary
  • See also
procedure/title
Old
EU/USA Agreement: protection of personal information relating to the prevention, investigation, detection, and prosecution of criminal offenses
New
EU/USA Agreement: protection of personal information relating to the prevention, investigation, detection, and prosecution of criminal offenses
activities/9
date
2016-12-10T00:00:00
type
Final act published in Official Journal
procedure/final
url
http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:L:2016:336:TOC
title
OJ L 336 10.12.2016, p. 0001
procedure/stage_reached
Old
Procedure completed, awaiting publication in Official Journal
New
Procedure completed
activities/6/docs/0/text
  • The Committee on Civil Liberties, Justice and Home Affairs adopted the report by Jan Philipp ALBRECHT (Greens/EFA, DE) on the draft Council decision on the conclusion, on behalf of the European Union, of the Agreement between the United States of America and the European Union on the protection of personal information relating to the prevention, investigation, detection, and prosecution of criminal offenses.

    The committee recommended that the European Parliament give its consent to the conclusion of the Agreement.

    In the short justification accompanying the draft resolution, it is recalled that, following calls by the European Parliament, on 3 December 2010, the Council adopted a decision authorising the Commission to open negotiations on an Agreement between the European Union and the United States of America on the protection of personal data when transferred and processed for the purpose of preventing investigating, detecting or prosecuting criminal offences, including terrorism, in the framework of police cooperation and judicial cooperation in criminal matters.

    On 28 March 2011, the Commission opened negotiations with the U.S. Department of Justice. Over the course of the negotiations, the Parliament was regularly informed.

    The text of the agreement was initialled on 8 September 2015.

    Following the adoption by the U.S. Congress of the Judicial Redress Act on 24 February 2016, on 18 July 2016, the Council decided to request the European Parliament to give its consent to the conclusion of the Agreement.

    The purpose of the Agreement is to ensure a high level of protection of the fundamental rights and freedoms of individuals, in particular the right to privacy with the respect to the processing of personal data when personal data are transferred to competent authorities of the European Union and its Member States and the US for these purposes.

    The Agreement contains provisions setting out the basic data protection principles, namely: 

    • purpose and use limitations of personal data transferred;
    • data quality and integrity and retention periods;
    • rules on onward transfers, both to domestic authorities of the contracting party and to third country authorities or international organisation not bound by the Agreement. In the latter case, the prior consent of the law enforcement authority originally transferring the data is required. 

    One of the main novelties of the Umbrella Agreement is that it will allow the citizens of each Party to be able to seek judicial redress for the i) denial of access, ii) denial of rectification or iii) unlawful disclosure by the authorities of the other Party. These rights are exercised pursuant to the law of the State where they are invoked.

    In order to overcome the lack of rights for non-US citizens, the US Congress adopted the Judicial Redress Act on 24 February 2016. This Act will extend to the citizens of “covered countries” (e.g. the Member States) some judicial redress grounds provided under the 1974 US Privacy Act.

    Regarding the exemptions possible under Section 552a(j)(2) of the US Privacy Act, the data subject rights conferred by the Umbrella Agreement are formulated in an unconditional manner and accordingly, the US authorities may not invoke exemptions of the US Privacy Act for law enforcement databases to deny an effective judicial redress to EU citizens as it is currently the case for law enforcement databases such as for PNR data or the TFTP.

    The Umbrella Agreement provides that the Parties shall have in place one or more public oversight authorities that exercise independent oversight functions and powers, including review, investigation and intervention, where appropriate on their own initiative. It shall be subject to periodic joint reviews.

    The Rapporteur concluded that the agreement constitutes major progress for the protection of personal data when transferred between the EU and the US in the context of law enforcement activities.

activities/8/docs/0/text
  • The European Parliament adopted by 481 votes to 75, with 88 abstentions, a legislative resolution on the draft Council decision on the conclusion, on behalf of the European Union, of the Agreement between the United States of America and the European Union on the protection of personal information relating to the prevention, investigation, detection, and prosecution of criminal offenses.

    In line with the Committee on Civil Liberties, Justice and Home Affairs, the European Parliament gave its consent to the conclusion of the Agreement.

    The Agreement aims at establishing a comprehensive framework of data protection principles and safeguards when personal information is transferred for criminal law enforcement purposes between the United States, on the one hand, and the European Union or its Member States on the other. Its objective is to ensure a high level of data protection.

activities/7/docs
  • url: http://www.europarl.europa.eu/sides/getDoc.do?secondRef=TOC&language=EN&reference=20161130&type=CRE type: Debate in Parliament title: Debate in Parliament
activities/8/docs
  • url: http://www.europarl.europa.eu/sides/getDoc.do?type=TA&language=EN&reference=P8-TA-2016-0465 type: Decision by Parliament, 1st reading/single reading title: T8-0465/2016
activities/8/type
Old
Vote in plenary scheduled
New
Decision by Parliament, 1st reading/single reading
procedure/stage_reached
Old
Awaiting Parliament 1st reading / single reading / budget 1st stage
New
Procedure completed, awaiting publication in Official Journal
activities/7/type
Old
Debate in plenary scheduled
New
Debate in Parliament
procedure/summary
  • See also
activities/6
date
2016-11-28T00:00:00
docs
url: http://www.europarl.europa.eu/sides/getDoc.do?type=REPORT&mode=XML&reference=A8-2016-0354&language=EN type: Committee report tabled for plenary, 1st reading/single reading title: A8-0354/2016
body
EP
committees
type
Committee report tabled for plenary, 1st reading/single reading
procedure/stage_reached
Old
Awaiting committee decision
New
Awaiting Parliament 1st reading / single reading / budget 1st stage
activities/5
date
2016-11-24T00:00:00
body
EP
type
Vote in committee, 1st reading/single reading
committees
activities/6/type
Old
Indicative plenary sitting date, 1st reading/single reading
New
Debate in plenary scheduled
activities/7
date
2016-12-01T00:00:00
body
EP
type
Vote in plenary scheduled
procedure/Modified legal basis
Rules of Procedure of the European Parliament EP 150
activities/4
date
2016-09-12T00:00:00
body
EP
type
Committee referral announced in Parliament, 1st reading/single reading
committees
activities/5/committees
  • body: EP responsible: False committee_full: Foreign Affairs committee: AFET
  • body: EP responsible: False committee: JURI date: 2016-07-11T00:00:00 committee_full: Legal Affairs rapporteur: group: ECR name: DZHAMBAZKI Angel
  • body: EP responsible: True committee_full: Civil Liberties, Justice and Home Affairs committee: LIBE
activities/5/date
Old
2016-09-12T00:00:00
New
2016-11-30T00:00:00
activities/5/type
Old
Committee referral announced in Parliament, 1st reading/single reading
New
Indicative plenary sitting date, 1st reading/single reading
committees/2/date
2016-09-12T00:00:00
committees/2/rapporteur
  • group: Verts/ALE name: ALBRECHT Jan Philipp
committees/2/shadows
  • group: EPP name: VOSS Axel
  • group: S&D name: LAURISTIN Marju
  • group: ECR name: STEVENS Helga
  • group: ALDE name: IN 'T VELD Sophia
  • group: GUE/NGL name: ERNST Cornelia
  • group: EFD name: WINBERG Kristina
activities/4
date
2016-09-12T00:00:00
body
EP
type
Committee referral announced in Parliament, 1st reading/single reading
committees
procedure/dossier_of_the_committee
LIBE/8/06417
procedure/stage_reached
Old
Preparatory phase in Parliament
New
Awaiting committee decision
activities/3/docs/0/text
  • PURPOSE: to conclude, on behalf of the European Union, the Agreement between the United States of America and the European Union on the protection of personal information relating to the prevention, investigation, detection, and prosecution of criminal offenses.

    PROPOSED ACT: Council Decision.

    ROLE OF THE EUROPEAN PARLIAMENT: Council may adopt the act only if Parliament has given its consent to the act. 

    BACKGROUND: the Agreement between the United States of America and the European Union on the protection of personal information relating to the prevention, investigation, detection, and prosecution of criminal offenses was signed on 2 June 2016, subject to its conclusion at a later date.

    The Agreement should now be approved on behalf of the Union.

    The Union has competence covering all the provisions of the Agreement.

    In particular, the Union adopted Directive (EU) 2016/680 of the European Parliament and of the Council1 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data. This Directive provides transfers by Member States subject to appropriate safeguards.

    CONTENT: the draft Council Decision seeks to approve, on behalf of the European Union, the Agreement between the United States of America and the European Union on the protection of personal information relating to the prevention, investigation, detection, and prosecution of criminal offenses.

    The Agreement aims at establishing a comprehensive framework of data protection principles and safeguards when personal information is transferred for criminal law enforcement purposes between the United States, on the one hand, and the European Union or its Member States on the other. Its objective is to ensure a high level of data protection and, thereby, enhance cooperation between the parties.

    Whilst not being itself the legal basis for any transfer of personal information to the United States, the Agreement supplements, where necessary, data protection safeguards in existing and future data transfer agreements or national provisions authorising such transfers.

    The United Kingdom and Ireland are not bound by the rules laid down in the Agreement which relate to the processing of personal data by the Member States when carrying out activities which fall within the scope of Chapter 4 or 5 of Title V of Part Three of the TFEU where the United Kingdom and Ireland are not bound by the rules governing the forms of judicial cooperation in criminal matters or police cooperation which require compliance with the provisions laid down in the Agreement.

    Denmark is not bound by the rules laid down in the Agreement or subject to their application which relate to the processing of personal data by the Member States when carrying out activities which fall within the scope of Chapter 4 or 5 of Title V of Part Three of the TFEU.

activities/0/docs/0/text
  • PURPOSE: to conclude, on behalf of the European Union, an Agreement between the United States of America and the European Union on the protection of personal information relating to the prevention, investigation, detection, and prosecution of criminal offenses.

    PROPOSED ACT: Council Decision.

    ROLE OF THE EUROPEAN PARLIAMENT: Council may adopt the act only if Parliament has given its consent to the act.

    BACKGROUND: in 2006, a High Level Contact Group ("HLCG"), composed of senior officials from the Commission, the Council Presidency and the U.S. Departments of Justice, Homeland Security and State, was established to explore ways that would enable the EU and the U.S. to work more efficiently together in the exchange of law enforcement information while ensuring that the protection of personal data and privacy are guaranteed. The conclusion reached in the HLCG final report of October 20091 was that an international agreement binding both the EU and the U.S. to apply agreed common data protection principles for transatlantic data transfers in the law enforcement area was the best option.

    On 3 December 2010, the Council adopted a decision authorising the Commission to open negotiations on such an agreement between the European Union and the United States of America. On 28 March 2011, the Commission opened negotiations. On 8 September 2015, the Parties initialled the text.

    The Agreement should now be concluded on behalf of the European Union.

    CONTENT: the Commission proposes that the Council adopt a decision approving, on behalf of the EU, the Agreement between the United States of America and the European Union on the protection of personal information relating to the prevention, investigation, detection, and prosecution of criminal offenses.

    The Agreement aims to establish a comprehensive framework of data protection principles and safeguards when personal information is transferred for criminal law enforcement purposes between the U.S., on the one hand, and the EU or its Member States on the other. The objective is to ensure a high level of personal data protection when transferred between the U.S., on the one hand, and the EU or its Member States on the other, for law enforcement purposes and, thereby, enhance cooperation between the parties.

    Whilst not being itself the legal basis for any transfer of personal information to the U.S., the Agreement supplements, where necessary, data protection safeguards in existing and future data transfer agreements or national provisions authorising such transfers.

    1) Scope and general objectives: the Agreement aims to establish for the first time, a data protection instrument that covers in a comprehensive and consistent manner all data transfers in a given area (i.e. transatlantic data exchanges in the field of police cooperation and judicial cooperation in criminal matters).

    Furthermore, the Agreement will substantiate in the transatlantic context the general requirements on international data transfers laid down in the future directive on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the free movement of such data adopted on 14 April 2016.

    2) Data protection principles and safeguards: the Agreement covers important principles governing personal data processing as well as key safeguards and limitations:

    Purpose and use limitations: processing (which includes transfers) can take place only for explicit and legitimate purposes within the scope of the Umbrella Agreement, i.e. the prevention, investigation, detection or prosecution of criminal offences.

    The Agreement ensures the application of the safeguards to the entire "life cycle" of a given data set from the original transfer from the EU to its processing by a U.S. competent authority and vice-versa, as well as its possible further processing by another U.S. authority or, in the case of a data transfer from the U.S. to a competent authority of the EU or (one of) its Member States, its possible further sharing with/processing by another EU or Member State authority.

    Onward transfer: if a U.S. authority intends to further transfer data it has received from the EU or one of its Member States to a third country/international organisation not bound by the agreement, it will first have to obtain consent from the law enforcement authority in the EU which has originally transferred the data to the United States. This rule equally applies where an authority of the EU or one of its Member States intends to further transfer data it has received from the U.S. to a third country/international organisation.

    The provisions expressly take into account the special sensitivity of the transfer in bulk of data of unsuspected persons (e.g. PNR data of every passenger taking a flight, independently of any specific suspicion). The Agreement requires that any further transfer of personal information other than in relation to specific cases, may only take place under specific conditions that provide due justification for the onward transfer.

    In addition, the Parties to the Agreement must take measures to ensure:

    • data quality and integrity of information ;
    • information security and notification of an information security incident ;
    • effective methods (such as logs) for demonstrating the lawfulness of processing and use of personal information;
    • specific retention periods in order to ensure that data will not be retained for longer than necessary and appropriate.  The retention periods will be subject to periodic reviews and will have to be published or otherwise made publicly available.

    Special categories of data: the processing of personal data revealing racial or ethnic origin, political opinions or religious or other beliefs, trade-union membership or personal information concerning health or sexual life, may only take place when appropriate safeguards are in place in accordance with law (e.g. masking the information after effecting the purpose for which the data was processed or requiring supervisory approval to access the information).

    3) Individual rights: data subjects will be able, for the first time, to avail themselves of rights of general application for any transatlantic transfer of personal data in the criminal law enforcement sector, these being:

    • the right to access data and the right to rectification of data which concern them ;
    • the right to administrative redress if an individual disagrees with the outcome of his or her request for access/rectification of personal data;
    • the right to seek judicial redress for the i) denial of access, ii) denial of rectification or iii) unlawful disclosure by the authorities of the other Party

    4) Aspects relating to the application of the Agreement and oversight: measures must be put in pace in order to:

    • promote accountability of the authorities processing personal data covered by the Agreement;
    • establish one or more public authorities exercising independent oversight functions and powers, including review, investigation and intervention;
    • ensure cooperation between oversight authorities; national contact points shall be established to assist with the identification of the oversight authority to be addressed in a particular case;
    • conduct periodic joint reviews of the implementation and effectiveness of the Agreement.

    The Agreement will be of unlimited duration (which is justified by the nature of the Agreement as a framework providing for protections and safeguards, as well as in the light of the possibility of suspending and terminating the Agreement).

activities/0/docs/0/text
  • PURPOSE: to conclude, on behalf of the European Union, an Agreement between the United States of America and the European Union on the protection of personal information relating to the prevention, investigation, detection, and prosecution of criminal offenses.

    PROPOSED ACT: Council Decision.

    ROLE OF THE EUROPEAN PARLIAMENT: Council may adopt the act only if Parliament has given its consent to the act.

    BACKGROUND: in 2006, a High Level Contact Group ("HLCG"), composed of senior officials from the Commission, the Council Presidency and the U.S. Departments of Justice, Homeland Security and State, was established to explore ways that would enable the EU and the U.S. to work more efficiently together in the exchange of law enforcement information while ensuring that the protection of personal data and privacy are guaranteed. The conclusion reached in the HLCG final report of October 20091 was that an international agreement binding both the EU and the U.S. to apply agreed common data protection principles for transatlantic data transfers in the law enforcement area was the best option.

    On 3 December 2010, the Council adopted a decision authorising the Commission to open negotiations on such an agreement between the European Union and the United States of America. On 28 March 2011, the Commission opened negotiations. On 8 September 2015, the Parties initialled the text.

    The Agreement should now be concluded on behalf of the European Union.

    CONTENT: the Commission proposes that the Council adopt a decision approving, on behalf of the EU, the Agreement between the United States of America and the European Union on the protection of personal information relating to the prevention, investigation, detection, and prosecution of criminal offenses.

    The Agreement aims to establish a comprehensive framework of data protection principles and safeguards when personal information is transferred for criminal law enforcement purposes between the U.S., on the one hand, and the EU or its Member States on the other. The objective is to ensure a high level of personal data protection when transferred between the U.S., on the one hand, and the EU or its Member States on the other, for law enforcement purposes and, thereby, enhance cooperation between the parties.

    Whilst not being itself the legal basis for any transfer of personal information to the U.S., the Agreement supplements, where necessary, data protection safeguards in existing and future data transfer agreements or national provisions authorising such transfers.

    1) Scope and general objectives: the Agreement aims to establish for the first time, a data protection instrument that covers in a comprehensive and consistent manner all data transfers in a given area (i.e. transatlantic data exchanges in the field of police cooperation and judicial cooperation in criminal matters).

    Furthermore, the Agreement will substantiate in the transatlantic context the general requirements on international data transfers laid down in the future directive on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the free movement of such data adopted on 14 April 2016.

    2) Data protection principles and safeguards: the Agreement covers important principles governing personal data processing as well as key safeguards and limitations:

    Purpose and use limitations: processing (which includes transfers) can take place only for explicit and legitimate purposes within the scope of the Umbrella Agreement, i.e. the prevention, investigation, detection or prosecution of criminal offences.

    The Agreement ensures the application of the safeguards to the entire "life cycle" of a given data set from the original transfer from the EU to its processing by a U.S. competent authority and vice-versa, as well as its possible further processing by another U.S. authority or, in the case of a data transfer from the U.S. to a competent authority of the EU or (one of) its Member States, its possible further sharing with/processing by another EU or Member State authority.

    Onward transfer: if a U.S. authority intends to further transfer data it has received from the EU or one of its Member States to a third country/international organisation not bound by the agreement, it will first have to obtain consent from the law enforcement authority in the EU which has originally transferred the data to the United States. This rule equally applies where an authority of the EU or one of its Member States intends to further transfer data it has received from the U.S. to a third country/international organisation.

    The provisions expressly take into account the special sensitivity of the transfer in bulk of data of unsuspected persons (e.g. PNR data of every passenger taking a flight, independently of any specific suspicion). The Agreement requires that any further transfer of personal information other than in relation to specific cases, may only take place under specific conditions that provide due justification for the onward transfer.

    In addition, the Parties to the Agreement must take measures to ensure:

    • data quality and integrity of information ;
    • information security and notification of an information security incident ;
    • effective methods (such as logs) for demonstrating the lawfulness of processing and use of personal information;
    • specific retention periods in order to ensure that data will not be retained for longer than necessary and appropriate.  The retention periods will be subject to periodic reviews and will have to be published or otherwise made publicly available.

    Special categories of data: the processing of personal data revealing racial or ethnic origin, political opinions or religious or other beliefs, trade-union membership or personal information concerning health or sexual life, may only take place when appropriate safeguards are in place in accordance with law (e.g. masking the information after effecting the purpose for which the data was processed or requiring supervisory approval to access the information).

    3) Individual rights: data subjects will be able, for the first time, to avail themselves of rights of general application for any transatlantic transfer of personal data in the criminal law enforcement sector, these being:

    • the right to access data and the right to rectification of data which concern them ;
    • the right to administrative redress if an individual disagrees with the outcome of his or her request for access/rectification of personal data;
    • the right to seek judicial redress for the i) denial of access, ii) denial of rectification or iii) unlawful disclosure by the authorities of the other Party

    4) Aspects relating to the application of the Agreement and oversight: measures must be put in pace in order to:

    • promote accountability of the authorities processing personal data covered by the Agreement;
    • establish one or more public authorities exercising independent oversight functions and powers, including review, investigation and intervention;
    • ensure cooperation between oversight authorities; national contact points shall be established to assist with the identification of the oversight authority to be addressed in a particular case;
    • conduct periodic joint reviews of the implementation and effectiveness of the Agreement.

    The Agreement will be of unlimited duration (which is justified by the nature of the Agreement as a framework providing for protections and safeguards, as well as in the light of the possibility of suspending and terminating the Agreement).

activities/0/docs/0/type
Old
Legislative proposal published
New
Initial legislative proposal published
activities/0/type
Old
Legislative proposal published
New
Initial legislative proposal published
activities/3
date
2016-07-12T00:00:00
docs
url: http://register.consilium.europa.eu/content/out?lang=EN&typ=SET&i=ADV&RESULTSET=1&DOC_ID=8523%2F16&DOC_LANCD=EN&ROWSPP=25&NRROWS=500&ORDERBY=DOC_DATE+DESC type: Legislative proposal published title: 08523/2016
body
EC
type
Legislative proposal published
commission
DG: url: http://ec.europa.eu/justice/ title: Justice Commissioner: JOUROVÁ Věra
committees/1/date
2016-07-11T00:00:00
committees/1/rapporteur
  • group: ECR name: DZHAMBAZKI Angel
activities/0/docs/0/text
  • PURPOSE: to conclude, on behalf of the European Union, an Agreement between the United States of America and the European Union on the protection of personal information relating to the prevention, investigation, detection, and prosecution of criminal offenses.

    PROPOSED ACT: Council Decision.

    ROLE OF THE EUROPEAN PARLIAMENT: Council may adopt the act only if Parliament has given its consent to the act.

    BACKGROUND: in 2006, a High Level Contact Group ("HLCG"), composed of senior officials from the Commission, the Council Presidency and the U.S. Departments of Justice, Homeland Security and State, was established to explore ways that would enable the EU and the U.S. to work more efficiently together in the exchange of law enforcement information while ensuring that the protection of personal data and privacy are guaranteed. The conclusion reached in the HLCG final report of October 20091 was that an international agreement binding both the EU and the U.S. to apply agreed common data protection principles for transatlantic data transfers in the law enforcement area was the best option.

    On 3 December 2010, the Council adopted a decision authorising the Commission to open negotiations on such an agreement between the European Union and the United States of America. On 28 March 2011, the Commission opened negotiations. On 8 September 2015, the Parties initialled the text.

    The Agreement should now be concluded on behalf of the European Union.

    CONTENT: the Commission proposes that the Council adopt a decision approving, on behalf of the EU, the Agreement between the United States of America and the European Union on the protection of personal information relating to the prevention, investigation, detection, and prosecution of criminal offenses.

    The Agreement aims to establish a comprehensive framework of data protection principles and safeguards when personal information is transferred for criminal law enforcement purposes between the U.S., on the one hand, and the EU or its Member States on the other. The objective is to ensure a high level of personal data protection when transferred between the U.S., on the one hand, and the EU or its Member States on the other, for law enforcement purposes and, thereby, enhance cooperation between the parties.

    Whilst not being itself the legal basis for any transfer of personal information to the U.S., the Agreement supplements, where necessary, data protection safeguards in existing and future data transfer agreements or national provisions authorising such transfers.

    1) Scope and general objectives: the Agreement aims to establish for the first time, a data protection instrument that covers in a comprehensive and consistent manner all data transfers in a given area (i.e. transatlantic data exchanges in the field of police cooperation and judicial cooperation in criminal matters).

    Furthermore, the Agreement will substantiate in the transatlantic context the general requirements on international data transfers laid down in the future directive on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the free movement of such data adopted on 14 April 2016.

    2) Data protection principles and safeguards: the Agreement covers important principles governing personal data processing as well as key safeguards and limitations:

    Purpose and use limitations: processing (which includes transfers) can take place only for explicit and legitimate purposes within the scope of the Umbrella Agreement, i.e. the prevention, investigation, detection or prosecution of criminal offences.

    The Agreement ensures the application of the safeguards to the entire "life cycle" of a given data set from the original transfer from the EU to its processing by a U.S. competent authority and vice-versa, as well as its possible further processing by another U.S. authority or, in the case of a data transfer from the U.S. to a competent authority of the EU or (one of) its Member States, its possible further sharing with/processing by another EU or Member State authority.

    Onward transfer: if a U.S. authority intends to further transfer data it has received from the EU or one of its Member States to a third country/international organisation not bound by the agreement, it will first have to obtain consent from the law enforcement authority in the EU which has originally transferred the data to the United States. This rule equally applies where an authority of the EU or one of its Member States intends to further transfer data it has received from the U.S. to a third country/international organisation.

    The provisions expressly take into account the special sensitivity of the transfer in bulk of data of unsuspected persons (e.g. PNR data of every passenger taking a flight, independently of any specific suspicion). The Agreement requires that any further transfer of personal information other than in relation to specific cases, may only take place under specific conditions that provide due justification for the onward transfer.

    In addition, the Parties to the Agreement must take measures to ensure:

    • data quality and integrity of information ;
    • information security and notification of an information security incident ;
    • effective methods (such as logs) for demonstrating the lawfulness of processing and use of personal information;
    • specific retention periods in order to ensure that data will not be retained for longer than necessary and appropriate.  The retention periods will be subject to periodic reviews and will have to be published or otherwise made publicly available.

    Special categories of data: the processing of personal data revealing racial or ethnic origin, political opinions or religious or other beliefs, trade-union membership or personal information concerning health or sexual life, may only take place when appropriate safeguards are in place in accordance with law (e.g. masking the information after effecting the purpose for which the data was processed or requiring supervisory approval to access the information).

    3) Individual rights: data subjects will be able, for the first time, to avail themselves of rights of general application for any transatlantic transfer of personal data in the criminal law enforcement sector, these being:

    • the right to access data and the right to rectification of data which concern them ;
    • the right to administrative redress if an individual disagrees with the outcome of his or her request for access/rectification of personal data;
    • the right to seek judicial redress for the i) denial of access, ii) denial of rectification or iii) unlawful disclosure by the authorities of the other Party

    4) Aspects relating to the application of the Agreement and oversight: measures must be put in pace in order to:

    • promote accountability of the authorities processing personal data covered by the Agreement;
    • establish one or more public authorities exercising independent oversight functions and powers, including review, investigation and intervention;
    • ensure cooperation between oversight authorities; national contact points shall be established to assist with the identification of the oversight authority to be addressed in a particular case;
    • conduct periodic joint reviews of the implementation and effectiveness of the Agreement.

    The Agreement will be of unlimited duration (which is justified by the nature of the Agreement as a framework providing for protections and safeguards, as well as in the light of the possibility of suspending and terminating the Agreement).

activities/1
date
2016-05-20T00:00:00
body
CSL
type
Council Meeting
council
Justice and Home Affairs (JHA)
meeting_id
3465
activities/2
date
2016-05-20T00:00:00
body
EP/CSL
type
Act adopted by Council after consultation of Parliament
activities
  • date: 2016-04-29T00:00:00 docs: url: http://www.europarl.europa.eu/RegData/docs_autres_institutions/commission_europeenne/com/2016/0237/COM_COM(2016)0237_EN.pdf title: COM(2016)0237 type: Legislative proposal published celexid: CELEX:52016PC0237:EN body: EC type: Legislative proposal published commission: DG: url: http://ec.europa.eu/justice/ title: Justice Commissioner: JOUROVÁ Věra
committees
  • body: EP responsible: False committee_full: Foreign Affairs committee: AFET
  • body: EP responsible: False committee_full: Legal Affairs committee: JURI
  • body: EP responsible: True committee_full: Civil Liberties, Justice and Home Affairs committee: LIBE
links
other
  • body: EC dg: url: http://ec.europa.eu/justice/ title: Justice commissioner: JOUROVÁ Věra
procedure
legal_basis
reference
2016/0126(NLE)
title
EU/USA Agreement: protection of personal information relating to the prevention, investigation, detection, and prosecution of criminal offenses
geographical_area
United States
stage_reached
Preparatory phase in Parliament
subtype
Consent by Parliament
type
NLE - Non-legislative enactments
subject