Menu
EU official says US data-sharing deals functioning well, but will be kept under scrutiny

EU official says US data-sharing deals functioning well, but will be kept under scrutiny

US government says it has not breached the terms of the TFTP agreement

Europe's Home Affairs Commissioner said on Wednesday that she would be keeping a close eye on data-sharing deals with the U.S.

On the same day that she announced that the European Commission would not suspend the E.U.-U.S. safe harbor data privacy agreement, Commissioner Cecilia Malmström presented reviews of two other transatlantic data sharing deals -- the Terrorist Finance Tracking Programme (TFTP) and the Passenger Name Record (PNR).

The TFTP agreement allows the U.S. Treasury to access some data stored in Europe by international bank transfer network Swift. However, allegations of possible U.S. access to Swift financial data outside the scope of the TFTP agreement enraged politicians last month.

Documents leaked by former U.S. National Security Administration contractor Edward Snowden and reported by The Washington Post indicate the NSA spied on Swift. The company is included in an NSA training manual for new agents on how to target private computer networks, according to the documents.

Malmström, however, said she has received written assurances from the U.S. government that it has not breached the TFTP agreement and will continue to respect it fully. Nonetheless another review of the functioning of the agreement will be conducted in spring 2014, sooner than expected.

Over the last three years, in response to 158 requests made by the E.U., 924 investigative leads were obtained from the TFTP. Most recently, TFTP-derived information has been used to investigate the April 2013 Boston Marathon bombings, threats during the London Olympics and E.U.-based terrorists training in Syria, Malmström said.

Under the agreement, non-extracted data can be kept for no longer than five years and information extracted from the data can only be retained for as long as is strictly necessary for specific investigations or prosecutions.

The current E.U.-U.S. PNR agreement entered into force on July 1, 2012. According to the review presented on Wednesday, the U.S. authorities have been implementing the agreement in accordance with the standards and conditions it contains.

PNR data is collected by airlines and the current agreement with the U.S. uses information on passengers traveling between Europe and the U.S. to target, identify and prevent potential terrorists and terrorist weapons from entering the U.S.

PNR data is stored in airlines' reservation and departure control databases. It contains several different types of information, such as travel dates, travel itineraries, ticket information, contact details, the travel agent with which the flight was booked, the means of payment used, seat numbers and baggage information.

PNR data can only be used to fight terrorism and serious transnational crimes that are punishable by at least three years of imprisonment under U.S. law. According to the Commission, this excludes minor crimes, while allowing PNR to be used to tackle serious crimes such as drug or human trafficking.

The data collected under the PNR agreement can be retained for 15 years for terrorist-related offenses and for 10 years transnational crime. However it must be "depersonalized," with identifying information removed from the data, after just six months and moved to a dormant database with stricter controls after five years.

The next review of the agreement is due to take place during the first half of 2015.

The European Commission had proposed a similar plan for passengers traveling within the E.U. But last month the European Parliament delayed voting on it. Commissioner Malmström also said on Wednesday that any plans for an E.U.-wide TFTP had been shelved.

Follow Jennifer on Twitter at @BrusselsGeek or email tips and comments to jennifer_baker@idg.com.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags privacyregulationeuropean commission

Events

EDGE 2024

Register your interest now for EDGE 2024!

Featured

Slideshows

How MSPs can capitalise on integrating AI into existing services

How MSPs can capitalise on integrating AI into existing services

​Given the pace of change, scale of digitalisation and evolution of generative AI, partners must get ahead of the trends to capture the best use of innovative AI solutions to develop new service opportunities. For MSPs, integrating AI capabilities into existing service portfolios can unlock enhancements in key areas including managed hosting, cloud computing and data centre management. This exclusive Reseller News roundtable in association with rhipe, a Crayon company and VMware, focused on how partners can integrate generative AI solutions into existing service offerings and unlocking new revenue streams.

How MSPs can capitalise on integrating AI into existing services
Access4 holds inaugural A/NZ Annual Conference

Access4 holds inaugural A/NZ Annual Conference

​Access4 held its inaugural Annual Conference in Port Douglass, Queensland, for Australia and New Zealand from 9-11 October, hosting partners from across the region with presentations on Access4 product updates, its 2023 Partner of the Year awards and more.

Access4 holds inaugural A/NZ Annual Conference
Show Comments