After four years of negotiations, the EU and US have reached an agreement that will protect EU citizens’ personal data when shared for law enforcement purposes. The “Umbrella Agreement” covers all personal data (e.g. names, address, criminal convictions) exchanged between the EU and the US for the prevention, detection, investigation and prosecution of criminal offences, including terrorism. Crucially, it must not be used for further incompatible purposes. This will be a welcome development after Edward Snowden’s revelations of US government snooping on EU citizens in 2013. The agreement aims to “rebuild trust in EU-U.S. data flows” by putting in place “a comprehensive high-level data protection framework” between EU and US law enforcement bodies.

However, the EU Commission has said that it will not sign the agreement until the US passes legislation giving EU citizens the same “right to judicial redress” which US citizens enjoy. This will not only cover situations where EU citizens’ personal data is shared with US authorities, but also where US authorities deny access or rectification to EU data citizens, or unlawfully disclose their personal data to third parties.

The Umbrella Agreement has received strong backing from the US tech sector and privacy lobbyists alike. It may even help smooth the way for concluding the Safe Harbour negotiations. In the press release on the Umbrella Agreement, the European Commissioner Věra Jourová said that she is “also confident that we will be able to soon conclude our work on strengthening the Safe Harbour Arrangement for exchange of data for commercial purposes. We continue to work with determination with our US counterparts on the final details”.

For more information on the US-EU Umbrella Arrangement, see the EU Commission’s press release and Q&As.