For more than a year, the United States and the European Union have been engaged in negotiations over a data protection framework covering trans-Atlantic law enforcement cooperation. Last week, U.S. Attorney General Eric Holder and EU Vice-President Viviane Reding met in Washington to discuss that and other topics. Both expressed optimism in a joint press release issued after the meeting, but it remains to be seen whether the enormous gap between U.S. and EU notions of data privacy can be bridged through such an agreement.

In the EU, the privacy of one’s personal data is a fundamental civil right, whereas in the U.S. such privacy considerations are routinely subordinated in the context of law enforcement investigations and prosecutions. The EU’s stringent data protection rules have thus become a recurring sticking point in joint law enforcement efforts between the two governments because the U.S. has been unable to guarantee an “adequate” level of protection for data transfers as far as the EU is concerned.

In an effort to address those difficulties, in March 2012, the U.S. and EU officially commenced negotiations on a framework agreement regarding the protection of personal data exchanged by law enforcement authorities. While U.S. authorities hope that the EU will ultimately agree that U.S. data protection standards are adequate, there are some significant hurdles. These include European citizens’ right to judicial redress in U.S. courts, and retroactive application of the new framework agreement to prior U.S.-EU data sharing arrangements in specific contexts such as terrorism financing and airline passenger information.

At the same time, the EU is moving forward with a comprehensive reform of its domestic data protection rules, including both: (1) a new “Data Protection Regulation” setting out a general data protection regime that would directly apply in all EU member states without implementation at the national level being required, and (2) a new “Data Protection Directive” that would specifically govern how personal data is handled in criminal investigations, prosecutions and related judicial activities. Unlike the new Data Protection Regulation, the law-enforcement-focused Directive would require implementation at national level.

Negotiations over the U.S.-EU framework agreement are, of course, part of a much larger picture in another respect as well. Fundamental cultural differences have triggered clashes between strict EU data privacy protections and broad U.S. evidence-gathering procedures for decades. And while that disconnect has been difficult for U.S. law enforcement officials to navigate, they at least have the option of government-to-government dialogue and negotiation. The situation is even more difficult for private parties who are put in the untenable position of defying U.S. legal requirements for the preservation and production of data on the one hand, or violating EU member state law on the other, with potentially severe sanctions looming from both sides. That state of affairs may only get worse if and when the sweeping EU-wide Data Protection Regulation, mentioned above and described in our prior blog posts, is adopted.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Stephen M. Byers Stephen M. Byers

Stephen M. Byers is a partner in the firm’s White Collar & Regulatory Enforcement Group and serves on the group’s steering committee. He is also a member of the firm’s Government Contracts Group and E-Discovery & Information Management Group. Mr. Byers’s practice involves…

Stephen M. Byers is a partner in the firm’s White Collar & Regulatory Enforcement Group and serves on the group’s steering committee. He is also a member of the firm’s Government Contracts Group and E-Discovery & Information Management Group. Mr. Byers’s practice involves counseling and representation of corporate and individual clients in all phases of white collar criminal and related civil matters, including: internal corporate investigations; federal grand jury, inspector general, civil enforcement and congressional investigations; and trials and appeals.

Mr. Byers’s practice focuses on matters involving procurement fraud, health care fraud and abuse, trade secrets theft, foreign bribery, computer crimes and cybersecurity, and antitrust conspiracies. He has extensive experience with the federal False Claims Act and qui tam litigation, the Foreign Corrupt Practices Act, the Economic Espionage Act, and the Computer Fraud and Abuse Act. In addition to defense of government investigations and prosecutions, Mr. Byers has represented corporate victims of trade secrets theft, cybercrime, and other offenses. For example, he represented a Fortune 100 U.S. company in parallel civil and criminal proceedings that resulted in a $275 million criminal restitution order against a foreign competitor upon its conviction for trade secrets theft.