EU urges US to bolster data protection practices

Internet companies in Europe are now offering cloud computing services whose selling point is that they shelter users from the U.S. Patriot Act, European Union Justice Commissioner Viviane Reding noted. The anti-terrorism law has been widely criticized by civil libertarians.

"I do encourage cloud computing centers in Europe ... but this cannot be the only solution," Reding said. "We need free flow of data between our continents (and) it doesn't make much sense for us to retreat from each other."

The EU and U.S. are currently negotiating a new umbrella agreement on data protection, which the Europeans would like to see go into effect by the end of 2012.

It would set out the main principles of data protection, and would be the basis for any new accords on specific issues - such as passenger name recognition or data on bank transfers used in the fight against terrorism and organized crime.

Since 2001, Europe and the United States have had a series of disagreements on how to strike the proper balance between protecting privacy and battling terrorism. European officials have insisted on the need to defend data privacy rights amid pressure from U.S. officials to get access to information about European citizens for security reasons.

Last month, Brussels and Washington initialed an accord over air-passenger data for flights from Europe to America that will limit what information U.S. officials can use. The accord will replace a 2007 agreement that the European Parliament criticized for giving U.S. authorities too much authority to view the private data of EU citizens.

Reding said substantial progress still needs to be made on the umbrella accord.

"Europeans should be confident that their rights are respected whenever their personal information is transmitted in Europe or over the Atlantic for law enforcement purposes," she told a conference on data protection in Brussels.

Separately, the EU is preparing a continentwide law on sensitive information that would simplify procedures for businesses such as Internet companies. It aims to eliminate unnecessary costs and administrative burdens by having a single data protection authority for each business.

"The rule is simple: A business will be subject to the data protection authority in the member state of its main establishment in the EU," Reding said.

©2011 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.