US, EU may align on private data

Some nations express concern

WASHINGTON - The United States and the European Union are nearing completion of an agreement allowing law enforcement and security agencies to obtain private information - like credit card transactions, travel histories, and Internet browsing habits - about people on the other side of the Atlantic.

The potential agreement, as outlined in an internal report obtained by The New York Times, would represent a diplomatic breakthrough for US counterterrorism officials, who have clashed with the European Union over demands for personal data.

Europe generally has more stringent laws restricting how governments and businesses can collect and transfer such information.

Negotiators, who have been meeting since February 2007, have largely agreed on draft language for 12 major issues central to a "binding international agreement," the report said.

The pact would make clear that it is lawful for European governments and companies to transfer personal information to the United States, and vice versa.

But the two sides are still at odds on several other matters, including whether European citizens should be able to sue the US government over its handling of their personal data, the report said.

The report, which lays out the progress of the talks and lists the completed draft language, was jointly written by the negotiators from the US Homeland Security, Justice, and State departments and by their EU counterparts.

The talks grew out of two conflicts over information-sharing after the Sept. 11, 2001, terrorist attacks. The US government demanded access to customer data held by airlines flying out of Europe and by a consortium, known as Swift, which tracks global bank transfers.

US investigators wanted the data so they could look for suspicious activity.

But several European countries objected, citing violations of their privacy laws.

Each dispute frayed diplomatic relations and required difficult negotiations to resolve.

US and EU officials are trying to head off future confrontations "by finding common ground on privacy and by agreeing not to impose conflicting obligations on private companies," said Stewart A. Baker, the assistant secretary for policy at the Department of Homeland Security, who is involved in the talks. "Globalization means that more and more companies are going to get caught between US and European law."

Paul M. Schwartz, a law professor at the University of California, Berkeley, said such a blanket agreement could transform international privacy law by eliminating a problem that has led to negotiations of "staggering" complexity between Europe and the United States.

"The reason it's a big deal is that it is going to lower the whole transaction cost for the US government to get information from Europe," Schwartz said. "Most of the negotiations will already be completed. They will just be able to say, 'Look, we provide adequate protection, so you're required to turn it over.' "

But the prospect that the agreement might lower barriers to sending personal information to the US government has alarmed some privacy rights advocates in Europe.

While some praised the principles laid out in the draft text, they warned that it is difficult to tell whether the agreement would allow broad exceptions to such limits.