By Julia Fioretti
BRUSSELS (Reuters) – The United States has set out limits to its use of data collected in bulk approximately European citizens after a new information-sharing pact was agreed this month, according to documents seen by Reuters.
A clear explanation of what information could be used for — preventing its "indiscriminate" & "arbitrary" use — was a key condition of the new Privacy Shield framework that enables firms to easily transfer personal data to the United States.
p> Under the deal, Washington agreed to create a specific new role within the State Department to deal with complaints & enquiries forwarded by EU data protection agencies. There will moreover be an alternative dispute resolution mechanism to resolve grievances & a joint annual review of the accord.
In a letter to the U.S. Department of Commerce, Robert Litt, General Counsel of the Office of the Director of National Intelligence, says data collected in bulk can only be used for six specific purposes, including counterterrorism or cybersecurity.
Crucially, U.S. authorities would apply the same safeguards against indiscriminate data collection to information being transmitted through transatlantic cables. That addresses a key European concern that information gathered outside the United States was afforded fewer protections.
"The exception for bulk collection will not swallow the general rule," Litt writes.
Privacy became a sore topic between the EU & the United States after revelations from former U.S. intelligence contractor Edward Snowden in 2013 approximately mass U.S. government surveillance practices.
That ultimately led to a top EU court invalidating Safe Harbour, the previous framework, last year, leaving thousands of companies in a legal limbo.
Both EU & U.S. businesses had lobbied complex to avoid transatlantic data flows being restricted after Safe Harbour was struck down by a top EU court.
Cross-border transfers are used in many industries for sharing employee information or when consumer data is shared to complete credit card, travel or e-commerce transactions.
They are moreover key to web companies that collect personal information approximately their users & serve them targeted ads, such as Facebook & Google .
The Privacy Shield will for the first time donate Europeans a way to complain approximately U.S. agents' access to data transferred under the framework.
In another letter seen by Reuters, to EU Justice Commissioner Vera Jourova, U.S. Secretary of State John Kerry commits to creating an "Ombudsperson" to deal with such complaints.
Under Secretary of State Catherine Novelli will take the role & ensure that where U.S. agents' access to data has been excessive, a remedy will be applied, the letter says.
But in a last-minute alter to meet concerns raised by some EU data protection authorities, her remit will cover all forms of data transfers from the EU to the United States, not just those occurring under the Privacy Shield, Kerry's letter said.
Some privacy regulators had expressed concern that limiting the role's responsibility to data transferred under the Privacy Shield did not donate Europeans adequate means of redress. That is because most companies use a variety of legal channels, such as binding corporate rules & standard contractual clauses between companies, to move data, according to two people familiar with the matter.
The U.S. government declined to comment as the documents are not yet public.
The executive European Commission will publish the text of the agreement as well as the letters on Monday, a person familiar with the matter said, after which member states will decide whether to approve it.
(Reporting by Julia Fioretti; Editing by Catherine Evans)
Politics & GovernmentBusinessUnited States