The United States has set out limits to its use of data collected in bulk about European citizens after a new information-sharing pact was agreed this month, according to documents seen by Reuters.
A clear explanation of what information could be used for – preventing its “indiscriminate” and “arbitrary” use – was a key condition of the new Privacy Shield framework that enables firms to easily transfer personal data to the United States.
Under the deal, Washington agreed to create a specific new role within the State Department to deal with complaints and enquiries forwarded by EU data protection agencies. There will also be an alternative dispute resolution mechanism to resolve grievances and a joint annual review of the accord.
In a letter to the US Department of Commerce, Robert Litt, General Counsel of the Office of the Director of National Intelligence, says data collected in bulk can only be used for six specific purposes, including counterterrorism or cybersecurity.
Last-minute changes
Both EU and US businesses had lobbied hard to avoid transatlantic data flows being restricted after Safe Harbour was struck down by a top EU court.
Cross-border transfers are used in many industries for sharing employee information or when consumer data is shared to complete credit card, travel or e-commerce transactions.
The Privacy Shield will for the first time give Europeans a way to complain about US agents’ access to data transferred under the framework.
In another letter seen by Reuters, to EU Justice Commissioner Vera Jourova, US Secretary of State John Kerry commits to creating an “Ombudsperson” to deal with such complaints.
Under Secretary of State Catherine Novelli will take the role and ensure that where US agents’ access to data has been excessive, a remedy will be applied, the letter says.
But in a last-minute change to meet concerns raised by some EU data protection authorities, her remit will cover all forms of data transfers from the EU to the United States, not just those occurring under the Privacy Shield, Kerry’s letter said.