EU lays down steps US must take to protect data

Brussels (AFP) - The EU on Wednesday laid down steps Washington must take to restore trust after a huge spy scandal, including giving EU citizens the right to US legal redress to protect personal data.

"Massive spying on our citizens, companies and leaders is unacceptable," EU Justice Commissioner Viviane Reding said, adding there was "now a window of opportunity to rebuild trust which we expect our American partners to use".

An umbrella agreement being negotiated on EU-US data protection "has to give European citizens concrete and enforceable rights, notably the right to judicial redress in the US whenever their personal data are being processed in the US," Reding said in a statement.

At the same time, EU Home Affairs Commissioner Cecilia Malmstroem said she was satisfied that separate EU-US accords on the transfer of airline passenger and financial transaction data were working properly.

A key concern in Europe -- where memories of surveillance by fascist and communist dictatorships remain alive -- is the pressure Washington exerts on giant US companies to hand over personal data, including those of EU citizens, on national security grounds.

Up to now, Brussels and Washington have reconciled their differences in a 2001 'Safe Harbour' agreement meant to ensure US companies respect EU norms on commercial use of personal data.

In the EU, personal data protection is considered to be a basic right whose commercial use must be carefully controlled.

Safe Harbour now needs to be tightened up, Redding said, setting a deadline of mid-2014 to agree the changes with Washington.

Among 13 suggested changes, she included a provision requiring US companies to make clear the extent to which US authorities have the right to collect and process personal data they may have gathered.

The "national security" justification often cited for such government access must also be used only if strictly necessary.

Reding said the EU should conclude reform of its own data protection laws and be actively involved to ensure that US reforms promised by President Barack Obama "also benefit EU citizens".

Highlighted by the reported US tapping of German Chancellor Angela Merkel's mobile phone, data protection has become a hugely sensitive topic since intelligence leaker Edward Snowden released evidence of a massive network of US spy operations on friend and foe alike earlier this year.

The uproar prompted the European Parliament to call for talks on a massive free trade deal with the United States to be scrapped, along with the Safe Harbour system.

The European Commission stressed again Wednesday that data protection standards would not be part of the negotiations on the planned Transatlantic Trade and Investment Partnership.

Malmstroem meanwhile said the Commission, the EU's executive arm, would not suspend data protection accords "just because of press articles" -- an apparent reference to reports based on Snowden's leaks.

The Passenger Name Record (PNR) system for airline passengers and the Terrorist Finance Tracking Programme (TFTP) "provide effective safeguards to protect the fundamental rights of European citizens," Malmstroem said.

The "clear and effective guarantees in place" allow the Commission to "make sure that the US authorities stick to agreed rules," she said.

On the TFTP, Malmstroem said Washington had given "written assurances" the accord had not been breached, as borne out by a review, and "so we have decided to close those consultations."

The EU will continue alert and monitor "the lawful implementationof EU-US agreements on data transfers," she added.