US-EU Data Sharing Can’t Happen Without U.S. Legislation (7/1/2008)
FOR IMMEDIATE RELEASE
Contact: (202) 715-0818 or email@example.com
Statement of Barry Steinhardt
Director, ACLU Technology and Liberty Project
The negotiations underway between U.S. security agencies and their European counterparts over the transatlantic transfer of personal data are just the latest attempt to overcome a looming problem that has consistently interfered with the Bush Administration’s attempts to collect the personal information of an ever-increasing share of the world’s population.
That problem is the utter absence of real and enforceable privacy laws in the United States.
There is only so much that executive-branch officials – even officials of an administration more committed to privacy than the current one – can do to overcome this problem. The European Union, having enacted strong legislation to protect the privacy of its citizens, cannot be asked to render that legislation meaningless by allowing its citizens’ data to be shared with a country that is, in privacy terms, all but lawless.
While there are undoubtedly security bureaucrats in Europe who are hungering to betray their own laws and strike a deal, bureaucratic action and unenforceable administrative assurances cannot make up for the lack of good U.S. privacy laws. The United States should not be pressuring the Europeans into weakening their privacy laws; we should be strengthening ours.
We have carefully examined the report referenced in recent news reports, and it is clear that the negotiations are not nearly as far along as has been reported. As the report makes plain, it is not easy to bridge the gap in privacy protection between the United States and Europe. U.S. officials try to talk a good game in this document about “a networked and layered set of authorities” for protecting privacy here, but their effort is a laughable stretch. The report makes clear that, like the ugly stepsister trying to force her foot into Cinderella’s shoe, this project is destined to fail. And there’s no fairy godmother in sight – we just need good U.S. privacy laws.
Whatever limited agreements are reached through this negotiation must be completely open and thoroughly vetted by the public in both the United States and Europe, including by the Congress, European Parliament and the new U.S. presidential administration.