back to article In EU-US data sharing we trust – but can we have that in writing, say MEPs

European lawmakers won’t blindly accept an EU-US agreement on new data sharing laws without important legal questions being answered and fine print being read, according to several prominent MEPs. After four years of talks, the EU and the US reached a “gentleman’s agreement” on data sharing for law enforcement last week. On …

  1. chivo243 Silver badge

    sign it in blood

    And they will find a way around it.... loop holes, loop holes.

  2. Will Godfrey Silver badge

    An obese deceased odiferous rodent.

    “processed beyond compatible purposes" means exactly what?

    1. LegalAlien

      Re: An obese deceased odiferous rodent.

      This is data protection legalese, but it means the data given to the USA will not be processed beyond the stated purpose, being "prevention, detection, investigation and prosecution of crime".... My biggest concern is that the US will say that collecting everyone's data about everything is to do with "prevention" of crime (i.e. they have to collect lots of innocent people's data to look through to see if there's anything criminal-related, i.e. this might give a fig-leaf to the already massive data harvesting being done by the USA.... Also, the definition of "criminal" is not the same on both sides of the atlantic (or indeed in the 28 EU member states).

  3. Doctor Syntax Silver badge

    Not good enough

    If someone in the EU sends personal data of a EU citizen to the US any redress for misuse must be in EU courts and the safeguards must be to EU standards, not the US (I'm dismissing any likelihood that US data protection standards will ever be better than those of the EU). The easiest way to do this would be to hold whoever sends the data from the EU to continue to be responsible in law for its handling in the US. That should concentrate minds.

    1. big_D Silver badge

      Re: Not good enough

      The sender of the data is already responsible. If you save your contacts on iCloud, GMail, etc. and the information gets handed to a third party outside the EU without an EU warrant or without them getting written permission from those identified in the personal data (i.e. if they hand over your contact list, the recipient has to get an EU court order or the hoster has to get written permission from each contact before handing over the data).

      If they fail to do that and it comes out, the DPR can prosecute you and the identified entities in your data can seek redress from you for not ensuring that the data was adequately secured.

      Using any of these data syncing cloud services is a trade-off between convenience and being liable if your providers hands over the data to a third party (or the cloud service gets hacked and your data leaks out).

  4. Wommit

    "the EU and the US reached a “gentleman’s agreement” on data sharing"

    Gentlemen's agreement? I thought that they were talking to the US government.

  5. Vimes

    Article 21 'effective oversight'...

    God help us then. We have to rely on the ICO and they have NEVER been effective.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like