About a-team Marketing Services
The knowledge platform for the financial technology industry
The knowledge platform for the financial technology industry

A-Team Insight Blogs

European Commission Adopts Draft Mandate for EU-US Data Protection Agreement

Subscribe to our newsletter

Following months of negotiations, the European Commission has finally published a draft mandate to negotiate a personal data protection agreement between the European Union and the United States when cooperating to fight terrorism or crime. European politicians, including Viviane Reding, the EU’s Commissioner for Justice, Fundamental Rights and Citizenship, are keen that bulk data transfers of sensitive customer data across the Swift network for counter terrorism purposes be avoided and that increased protections be introduced for this data, bringing it into line with US legislation.

According to the Commission, the aim is to ensure a high level of protection for personal financial information that is transferred as part of transatlantic cooperation in criminal matters. The agreement would therefore enhance the right of citizens to access, rectify or delete data, where appropriate. EU citizens would receive a right to seek judicial redress in the US if their data is unlawfully processed. Independent public authorities would be given a stronger role in helping people exercise their privacy rights and in supervising transatlantic data transfers.

To this end, it would give the Commission a mandate to negotiate a new data protection agreement for personal data transferred to and processed by enforcement authorities in the EU and the US. It would also commit the Commission to keeping the European Parliament fully informed at all stages of the negotiations.

Reding in particular has been outspoken on the subject over the last few months and has been campaigning to ensure data protection is enhanced. “Fundamental rights must be protected and respected at all times. I want an EU-US agreement that protects personal data rights while fighting crime and terrorism. I urge the Council to approve the mandate as soon as possible so we can swiftly proceed with negotiations on this and other important agreements between the EU and the US,” she says.

As indicated by Reding, now that the draft mandate has been published, the European Council must approve the Commission’s negotiating mandate before talks can begin again. The transfer of financial data cross border has been a topic of discussion for some years and there has been some controversy in the past about what has been dubbed the “Swift agreement” in light of the fact that the rights guaranteed under the US Privacy Act can be invoked only by citizens and permanent residents of the US.

The Commission says that it aims to establish legally binding and enforceable personal data protection standards that will ensure that individuals’ fundamental rights and freedoms are protected. Compliance with these standards would be controlled by independent public authorities on both sides of the Atlantic.

Under the Commission’s proposal the transfer or processing of personal data by EU or US authorities would only be permitted for specified, explicit and legitimate purposes in the framework of fighting crime and terrorism. There would also be a right to access one’s personal data and this would be enforceable in courts and there would be a right to have one’s personal data corrected or erased if it is found to be inaccurate. Moreover, there would be an individual right of administrative and judicial redress regardless of nationality or place of residence.

The agreement would not provide the legal basis for any specific transfers of personal data between the EU and the US. A specific legal basis for such data transfers would always be required, such as a data transfer agreement or a national law in an EU Member State. The new EU-US data protection agreement would then apply to these data transfers.

Subscribe to our newsletter

Related content

WEBINAR

Recorded Webinar: ESG data sourcing and management to meet your ESG strategy, objectives and timeline

ESG data plays a key role in research, fund product development, fund selection, asset selection, performance tracking, and client and regulatory reporting, yet it is not always easy to source and manage in a complete, transparent and timely manner. This webinar will review the state-of-play on ESG data, consider the challenges of sourcing and managing...

BLOG

DSB Forms Governance Advisory Committee for ISIN and UPI Services

The Derivatives Service Bureau (DSB) has formed a Governance Advisory Committee (GAC) to provide additional industry guidance for both the International Securities Identification Number (ISIN) and the Unique Product Identifier (UPI) services. A call for participation in the committee will be made on 17 January 2024, along with publication of the GAC Charter. The GAC...

EVENT

ESG Data & Tech Summit London

The ESG Data & Tech Summit will explore challenges around assembling and evaluating ESG data for reporting and the impact of regulatory measures and industry collaboration on transparency and standardisation efforts. Expert speakers will address how the evolving market infrastructure is developing and the role of new technologies and alternative data in improving insight and filling data gaps.

GUIDE

Dealing with Reality – How to Ensure Data Quality in the Changing Entity Identifier Landscape

“The Global LEI will be a marathon, not a sprint” is a phrase heard more than once during our series of Hot Topic webinars that’s charted the emergence of a standard identifier for entity data. Doubtless, it will be heard again. But if we’re not exactly sprinting, we are moving pretty swiftly. Every time I...