On September 8, 2015, European and US officials announced that they have concluded an agreement, the so-called Umbrella Agreement, which is a framework for transatlantic data transfer between the US and the EU. The proposed goal of the Agreement is to provide data protection safeguards for personal information transferred between the EU and the US. Despite the announcements, neither US officials nor their European counterparts made the text of the Agreement public.
On September 10, 2015 EPIC submitted expedited FOI requests to the Department of Homeland Security, Department of Justice and the State Department to obtain the secret agreement. Because of legislation pending in Congress and NGO concern about the scope of the data protection safeguards, EPIC said “there is an urgency to inform the public” about the contents of the agreement.
EPIC also filed a Freedom of Information request to DG Justice of the European Commission under EU law. The request was acknowledged by the Commission on September 14, 2015. The Commission has 15 business days to reply to the request. After EPIC’s requests, the document was made public by Statewatch.
On January 25, 2016, the Department of Justice released to EPIC an unredacated copy of the Umbrella Agreement.
EPIC supports the establishment of a comprehensive legal framework to enable transborder data flows. EPIC previously urged that the United States begin the process of ratification of Council of Europe Convention 108.
The federal Privacy Act of 1974 places a duty upon federal agencies that maintain personal information to protect that data. This duty and concomitant responsibilities arise from the collection of personal data. Therefore, it does not matter what the data owner’s citizenship or origin is.