US ICReach programme

27.8.2014

Question for written answer P-006380-14
to the Commission
Rule 130
Sophia in 't Veld (ALDE)

The media have reported on the unwarranted sharing of personal data by the NSA with other US agencies, such as the FBI, the CIA and the DEA, through the ICReach programme.

What action — for instance requesting clarification from the US authorities — is the Commission going to take regarding these revelations, and can it clarify whether EU citizens’ personal data collected under the provisions of EU-US agreements, such as the PNR and SWIFT agreements, are also shared through ICReach?

Where EU citizens’ personal data collected by means of the PNR and SWIFT agreements are indeed shared via ICReach, what would be the Commission’s understanding of the value of these agreements, and does it consider this practice of data sharing, which involves EU citizens’ personal data, to be in violation of EU data protection legislation?

Can the Commission guarantee that personal data shared with third countries under the provisions of agreements such as that in place with Canada are not somehow transferred to any US authorities, through which the data can be shared via the ICReach system? Should such a situation arise, what would be the value of a PNR agreement, for instance, with Canada?