EU: Viviane Reding on the future of transatlantic information sharing

In her speech at the 2nd Annual European Data Protection and Privacy Conference, Viviane Reding, Vice President of the EU Commission, outlined her ideas on how the future of transatlantic information sharing should look.

Mrs. Reding again emphasized that data protection must not become a stumbling block for transatlantic business, while on the other hand individual rights of those involved in such business transactions must be upheld. First she traced back the situation as it stands in Europe, highlighting the planned simplifications in the area of Binding Corporate Rules and the standardization and simplification of the European Data Protection Law. In this respect she made it clear, that according to her draft proposal of the revised data protection guideline for European companies, solely the supervisory body of that member state ought to be responsible in which the principle place of business is situated. This ought to go hand in hand with a harmonization of the European Data Protection Law.

As regards to cloud computing, Mrs. Reding addressed the necessary data portability and stressed that a respective individual ought to obtain more control over his or her data in future.

One aspect that can also be of importance in transatlantic data protection relations, was law enforcement and judicial cooperation. In this segment a further harmonization in terms of data transfers to countries outside of the EU was intended. She said the discussion around the impact of the Patriot Act had already resulted in great uncertainties in the area of cloud computing.

At the end of her speech Mrs. Reding expressed her concern that the self-regulation approach applied in the USA in the area of data protection was not sufficient enough to achieve compatibility with the EU.

Following Mrs. Reding's recent review of potential new changes to the data protection guideline, more and more details are now emerging. In view of the easing and simplification of the information sharing with the USA it is indeed of great importance whether there is going to be a binding obligation about legal regulations as regards to the data protection standard in the USA, or whether the USA will continue to trust in self-regulation. If the latter is the case, checking the safe harbor preconditions, the use of EU standard contract clauses, or the existence of binding corporate rules, will play an important part. In these cases the simplified approval procedure could mean an easing of the burden on European data transmitters.

The practical problem of access to personal data by police or jurisdiction remains for those companies involved in transatlantic operations. In this area Mrs. Reding did not disclose any concrete details. If one wanted to protect the data from access by police and investigating authorities outside of Europe, the regulations would have to be inherently connected to the data to effectively prevent illegitimate access under European data protection law. This kind of balancing act is unlikely to be successful if the EU was to attempt this single-handedly. This area needs further agreement with the USA so as to improve compatibility.

Further information at: europa.eu/rapid/pressReleasesAction.do