The European Union and the U.S. have started negotiations about how best to protect personal data exchanged between the two blocs.
According to a very brief statement issued by the European Commission on Tuesday, both sides hope to come to a formal agreement as soon as possible on the use of personal information when fighting crime and terrorism.
Last December, European justice ministers agreed to work toward an accord with the U.S. that would provide a coherent and harmonized set of data protection standards including principles such as data minimization, minimal retention periods, purpose limitation and independent oversight.
But Tuesday's announcement that talks have begun comes as the E.U.'s privacy watchdog condemned one of the key data-sharing deals between the two entities. The European Data Protection Supervisor (EDPS) said any mass collection of data must follow the necessity principle and that Passenger Name Record (PNR) transfers fail to meet the standard.
PNR data is collected by airlines and includes personal information about all passengers coming into and leaving the E.U. including phone numbers, e-mail addresses, travel itineraries and billing information. This information is then handed over to the U.S. by E.U. authorities with the intent of fighting terrorism.
However the EDPS, Peter Hustinx, said that the Commission has failed to demonstrate "the necessity and the proportionality of a system involving a large-scale collection of PNR data for the purpose of a systematic assessment of all passengers."
"Air passengers' personal data could certainly be necessary for law enforcement purposes in targeted cases, when there is a serious threat supported by concrete indicators. It is their use in a systematic and indiscriminate way, with regard to all passengers, which raises specific concerns," he added.
The second major deal to hand over European citizens' information to the U.S. has proved equally controversial. The Terrorist Finance Tracking Program (or SWIFT) was criticized by European parliamentarians in February after a review of the agreement revealed that implementation was not thorough enough in protecting data privacy. The report said that the written requests made by the United States for European banking data were too vague to assess whether they meet European Union data standards. But they were approved anyway. Many members of the Parliament's civil liberties committee said they felt betrayed.
Elsewhere, official representatives from Washington and Brussels have been meeting to discuss implementation of privacy online. The aim is to bring data protection standards on opposite sides of the Atlantic closer together. But here, too, fundamental differences seem to stand in the way of harmonization.
Civil liberties groups are uneasy that the current talks on data sharing are conducted in secret and that the European Parliament, member states and citizens could be presented with a fait accompli.