US flag   Official website of the Department of Homeland Security

International Privacy Policy

Promoting International Engagement on Privacy Policy

The Privacy Office is an integral part of the Department’s international engagement efforts, since much of the Department’s work entails cooperation with international partners. Because privacy frameworks vary around the world, it is important to work closely with these partners to ensure that collaborative efforts are consistent with all relevant privacy laws and policies.

Through participation in multilateral organizations, the Privacy Office promotes dialogue with international partners about the core ideals that underlie the U.S. privacy framework. On a bilateral basis, the office supports the Department’s negotiation and implementation of cross border information sharing programs by explaining to international partners the means by which the Department protects the privacy rights of U.S. and non-U.S. citizens while meeting its goals and objectives.

Privacy's Role in the International Privacy Arena

In support of the Department’s mission, the Privacy Office:

  • Provides counsel on international agreements related to personal information collection and sharing;
  • Offers educational outreach and leadership on the Department’s privacy policies and emerging international privacy issues;
  • Interprets international data protection frameworks to aid in interaction with international partners; and
  • Counsels the Department and other agency partners on global privacy practices and policy approaches.

More information on the work of the Privacy Office can be found in the Annual Reports.

Back To Top

International Activities

U.S. - Canada Beyond the Border

On February 4, 2011, President Obama and Prime Minister Harper announced the United States-Canada joint declaration, Beyond the Border: A Shared Vision for Perimeter Security and Economic Competitiveness. The Beyond the Border Action Plan articulates a shared approach to security in which both countries work together to address threats within, at, and away from our borders, while expediting lawful trade and travel. One cornerstone of the Action Plan is the U.S.-Canada Joint Statement of Privacy Principles. These principles inform and guide information and intelligence sharing of personal information in the Beyond the Border initiatives. The Statement of Privacy Principles, completed in May 2012, demonstrates the United States’ and Canada’s continued commitment to sharing information responsibly and respecting our separate constitutional and legal frameworks that protect privacy.

The Fair Information Practice Principles

We issued Privacy Policy Guidance Memorandum 2008-01 (PDF, 4 pages - 101 KB) in 2008 to memorialize the Fair Information Practice Principles (FIPPs) as the foundational principles for privacy policy and implementation at the Department. The eight FIPPs form the basis of our privacy compliance policies and procedures governing the use of personally identifiable information (PII). The FIPPs are embedded into departmental privacy sensitive systems, programs, and information sharing arrangements and are derived from the Privacy Act and other federal and international privacy guidelines.

  • Examples of how the Privacy Office implements the FIPPs are contained in the factsheet, "The FIPPS At Work" (PDF, 2 pages - 220 KB), which can inform international partners as you consider your privacy compliance protocol.

Five Country Joint Enrollment and Information Sharing Project

The Five Country Conference (FCC) is a forum for cooperation on migration and border security between the countries of Australia, Canada, New Zealand, the United Kingdom, and the United States. The FCC’s Joint Enrollment and Information Sharing Project helps carry out the Department’s mission in support of the immigration process by facilitating identification of individuals whose identities were previously unknown. By doing so, the project enables the Department to enhance the security of our citizens and visitors, facilitate legitimate travel and trade, and ensure the integrity of the immigration system, while simultaneously ensuring that privacy and security safeguards are in place for the project.

Related Documents:

Transatlantic Information Sharing and Data Privacy

The High Level Contact Group (HLCG), composed of senior officials from the European Commission, the European Council Presidency, Departments of Homeland Security, Justice and State, was formed in late 2006 to start discussions on data privacy in the exchange of information for law enforcement purposes. HLCG efforts were part of a wider reflection between the European Union (EU) and the United States on how best to prevent and fight terrorism and serious transnational crime.

The goal of the HLCG was to explore ways that would enable the EU and the U.S. to work more closely and efficiently together to exchange law enforcement information while ensuring that the protection of personal data and privacy are guaranteed. In October 2009, the group concluded the first step of that goal, producing a text that identifies the fundamentals or “common principles” of an effective regime for privacy.

While the work of the HLCG has concluded, the Department looks forward to being a part of the negotiation of a binding international EU-U.S. agreement that embodies these principles, which would serve as a solid basis for law enforcement authorities for even further enhanced cooperation, while ensuring the availability of full protection for citizens.

HLCG Documents:

U.S. – EU Passenger Name Record Agreement

The 2007 Passenger Name Record (PNR) Agreement between the United States and the European Union (EU) made possible the transfer of certain passenger data to Customs and Border Protection (CBP) in order to facilitate safe and efficient travel. Privacy Office Reports demonstrate the progression of the Agreement since its inception, including subsequent reviews conducted by both the United States and the EU to ensure compliance with the Agreement.

The International Conference of Data Protection and Privacy Commissioners and the "Madrid Resolution"

The International Conference of Data Protection and Privacy Commissioners (ICDPPC) is a global forum of field experts and the highest authorities and institutions guaranteeing data protection and privacy. The ICDPPC is dedicated to identifying major challenges in the realm of privacy and data protection.

In 2009, the United States, represented by the Department of Homeland Security Privacy Office and the Federal Trade Commission (FTC), had the opportunity to participate as observers in the ICDPPC experts' meetings that took place in Barcelona in January 2009 and Bilbao in June 2009, as well as the annual ICDPPC conference held in Madrid in November of 2009. At the ICDPPC experts' meetings in January and June 2009, participants discussed the development of a resolution on international privacy standards. In November 2009, the Joint Proposal for International Standards on the Protection of Privacy with Regard to the Processing of Personal Data (or “the Madrid Resolution”) was unveiled. This resolution provides an additional forum to engage in important international dialogue on different approaches to privacy and areas of common ground. In August 2010, the Homeland Security Privacy Office and staff of the FTC issued comments on the Madrid Resolution.

Related Documents:

Interim Report on EU Hotel Guest Registration Data

Interim Report on the EU Approach to the Commercial Collection of Personal Data for Security Purposes: The Special Case of Hotel Guest Registration Data (PDF, 43 pages – 1.19 MB) This report stems from High Level Contact Group discussions that demonstrated a lack of knowledge by U.S. Government officials about the EU’s application of data protection laws to law enforcement, intelligence, and security agencies; about oversight of law enforcement, intelligence, and security agency-use (collectively, security service use) of personal data; and about the effectiveness of that oversight.

To bolster understanding in this area and recognizing that over 12 million Americans visit countries in Europe every year, the Privacy Office studied the application of EU data protection law and practice in the context of the commercial collection of personal data for security service use, specifically the EU practice of mandatory collection of hotel guest registration data for use by security services. This report was conducted pursuant to Section 222(b)(1)(B) of the Homeland Security Act, in order to enforce the provisions of Article 5 of the 2007 Passenger Name Records (PNR) Agreement.

Back To Top

Media Outreach

Back To Top

Back to Top