EU extends data deals with UK, starts negotiating with US on access to traveler databases

The EU has renewed adequacy decisions with the UK, keeping the door open for free data flows between the two sides. Meanwhile, it is also considering an agreement that would grant U.S. border agencies access to personal data stored in EU databases.

​The renewal of two 2021 adequacy decisions with the UK – one under the General Data Protection Regulation GDPR) and the other concerning the Law Enforcement Directive (LED) – was announced by the European Commission on Wednesday.

​The Commission issued a renewal after a temporary technical extension, allowing itself six months to assess the UK legal framework, including the new Data (Use and Access) Act, which established a legal basis for the acceptance of digital verification. The UK legal framework was deemed essentially equivalent to the EU’s data protection safeguards.

The new decisions are subject to a sunset clause of six years, running until December 27th, 2031, with the possibility for renewal.

The free flow of data between the two sides underpin both commercial exchanges and cooperation in the fields of justice and law enforcement, according to Henna Virkkunen, executive vice-president for Tech Sovereignty, Security and Democracy.

“The United Kingdom is an important strategic partner for the European Union and the adequacy decisions form a central pillar of this partnership,” says Virkkunen.

EU-U.S. ‘framework agreement’ on accessing EU databases

Last week, EU lawmakers also agreed to launch negotiations with the U.S. on a framework agreement for the reciprocal exchange of data needed for border procedures and visa applications, including the biometric data of European citizens. The request from U.S. authorities for information from national databases of EU countries has fueled privacy concerns, as well as legal questions.

​The U.S. may not get direct access to EU member states’ databases, but the framework would provide terms for individual European countries to negotiate the terms for searching their databases. The EU will also seek similar access to data held by the U.S., according to documents drafted by the Danish Council presidency and obtained by Statewatch.

The back-and-forth between the two sides has been ongoing for some time. The U.S. has been proposing an arrangement called the Enhanced Border Security Partnership (EBSP) that would give the Department of Homeland Security (DHS) access to biometric records in national databases through real-time information sharing.

Countries that refuse to take part in the EBSP may not be included in the U.S. Visa Waiver Programme (VWP) from 2027 onwards, reimposing visa requirements for some EU nationals. According to the VWP, travelers must obtain preclearance to board a flight to the U.S. through the Electronic System for Travel Authorization (ESTA), managed by the Department of Homeland Security (DHS).

“There is a need for a common framework on the European Union side for information exchange in the context of the EBSP,” the Danish presidency writes in the draft. “Negotiations should therefore be opened with a view to concluding a framework agreement between the Union and the United States of America on the exchange of information for the screening and verification of identity of travelers.”

Currently, the EU and U.S. exchange data through various treaties and arrangements, including the EU-U.S. Umbrella Agreement.. The new data demands from the U.S., however, may run afoul of strict GDPR rules.

At the same time, the administration of U.S. President Donald Trump has been increasing the collection of immigration data through other initiatives, some of which are seen as intrusive.

U.S. Customs and Border Protection (CBP) has requested approval to capture a “comprehensive set of biometric identifiers,” including face, fingerprint, DNA and iris, through a closed-source CBP smartphone app. Travelers would also be required to submit identifiers for all social media accounts they have used in the last five years, as well as other personal information.

Article Topics

biometric data  |  biometrics  |  border security  |  data sharing  |  EU  |  United States