The United States and European Union agreed to the following Principle of Information Sharing, Privacy and Personal Data Protection on December 13, 2008.
Status Report and Agreed Text from the High Level Contact Group Experts as of 9 December 2008 following the final report of the High Level Contact Group of 28 May 2008:
On private entities’ obligations, any adverse impact on private entities resulting from data transfers, including those impacts deriving from diverging legal and regulatory requirements, should be avoided to the greatest extent possible.
On preventing undue impact on relations with third countries, when the European Union or the United States has international agreements or arrangements for information sharing with third countries, each should use their best endeavors to avoid putting those third countries in a difficult position because of differences relating to data privacy including legal and regulatory requirements.
On specific agreements relating to information exchanges and privacy and personal data protection, when the European Union and the United States agree that a clear legal necessity arises in particular due to a mutually-recognized conflict of laws, the processing of personal information in specific areas should be made subject to specific conditions and should include the necessary safeguards for the protection of privacy and personal data and individual liberties [through the negotiation of an information sharing agreement]. Such rules may offer individuals a wider measure of protection.
On issues related to the institutional framework of the EU and the U.S., the European Union and the United States intend to consult each other as necessary to discuss and if possible resolve matters arising from divergent legal and regulatory requirements.
The High Level Contact Group experts continue to examine issues related to the redress principle and issues related to the equivalent and reciprocal application of data privacy law principle.