The European Union and the US have started negotiations about how best to protect personal data exchanged between the two blocs.
According to a very brief statement issued by the European Commission (EC) on Tuesday, both sides hope to come to a formal agreement as soon as possible on the use of personal information when fighting crime and terrorism.
Last December, European justice ministers agreed to work toward an accord with the US that would provide a coherent and harmonised set of data protection standards including principles such as data minimisation, minimal retention periods, purpose limitation and independent oversight.
But Tuesday's announcement that talks have begun comes as the EU's privacy watchdog condemned one of the key data-sharing deals between the two entities. The European Data Protection Supervisor (EDPS) said any mass collection of data must follow the necessity principle and that Passenger Name Record (PNR) transfers fail to meet the standard.
PNR data is collected by airlines and includes personal information about all passengers coming into and leaving the EU including phone numbers, email addresses, travel itineraries and billing information. This information is then handed over to the US by EU authorities with the intent of fighting terrorism.
However the EDPS, Peter Hustinx, said that the commission has failed to demonstrate "the necessity and the proportionality of a system involving a large-scale collection of PNR data for the purpose of a systematic assessment of all passengers".
"Air passengers' personal data could certainly be necessary for law enforcement purposes in targeted cases, when there is a serious threat supported by concrete indicators. It is their use in a systematic and indiscriminate way, with regard to all passengers, which raises specific concerns," he added.
The second major deal to hand over European citizens' information to the US has proved equally controversial. The Terrorist Finance Tracking Program (or SWIFT) was criticised by European parliamentarians in February after a review of the agreement revealed that implementation was not thorough enough in protecting data privacy. The report said that the written requests made by the US for European banking data were too vague to assess whether they meet EU data standards. But they were approved anyway. Many members of the Parliament's civil liberties committee said they felt betrayed.
Elsewhere, official representatives from Washington and Brussels have been meeting to discuss implementation of privacy online. The aim is to bring data protection standards on opposite sides of the Atlantic closer together. But here, too, fundamental differences seem to stand in the way of harmonisation.
Civil liberties groups are uneasy that the current talks on data sharing are conducted in secret and that the European Parliament, member states and citizens could be presented with a fait accompli.