The Privacy Office is an integral part of the Department’s international engagement efforts, since much of the Department’s work entails cooperation with international partners. Because privacy frameworks vary around the world, it is important to work closely with these partners to ensure that collaborative efforts are consistent with all relevant privacy laws and policies.
Through participation in multilateral organizations, the Privacy Office promotes dialogue with international partners about the core ideals that underlie the U.S. privacy framework. On a bilateral basis, the office supports the Department’s negotiation and implementation of cross border information sharing programs by explaining to international partners the means by which the Department protects the privacy rights of U.S. and non-U.S. citizens while meeting its goals and objectives.
Privacy's Role in the International Privacy Arena
In support of the Department’s mission, the Privacy Office:
- Provides counsel on international agreements related to personal information collection and sharing;
- Offers educational outreach and leadership on the Department’s privacy policies and emerging international privacy issues;
- Interprets international data protection frameworks to aid in interaction with international partners; and
- Counsels the Department and other agency partners on global privacy practices and policy approaches.
More information on the work of the Privacy Office can be found in the Annual Reports.
U.S. - Canada Beyond the Border
On February 4, 2011, President Obama and Prime Minister Harper announced the United States-Canada joint declaration, Beyond the Border: A Shared Vision for Perimeter Security and Economic Competitiveness. The Beyond the Border Action Plan articulates a shared approach to security in which both countries work together to address threats within, at, and away from our borders, while expediting lawful trade and travel. One cornerstone of the Action Plan is the U.S.-Canada Joint Statement of Privacy Principles. These principles inform and guide information and intelligence sharing of personal information in the Beyond the Border initiatives. The Statement of Privacy Principles, completed in May 2012, demonstrates the United States’ and Canada’s continued commitment to sharing information responsibly and respecting our separate constitutional and legal frameworks that protect privacy.
The Fair Information Practice Principles
- Examples of how the Privacy Office implements the FIPPs are contained in the factsheet, "The FIPPS At Work" (PDF, 2 pages - 220 KB), which can inform international partners as you consider your privacy compliance protocol.
Five Country Joint Enrollment and Information Sharing Project
The Five Country Conference (FCC) is a forum for cooperation on migration and border security between the countries of Australia, Canada, New Zealand, the United Kingdom, and the United States. The FCC’s Joint Enrollment and Information Sharing Project helps carry out the Department’s mission in support of the immigration process by facilitating identification of individuals whose identities were previously unknown. By doing so, the project enables the Department to enhance the security of our citizens and visitors, facilitate legitimate travel and trade, and ensure the integrity of the immigration system, while simultaneously ensuring that privacy and security safeguards are in place for the project.
- US-VISIT conducted the Department’s Privacy Impact Assessment (PIA) of the protocol: Five Country Joint Enrollment and Information-Sharing Project (FCC), November 2, 2009, (PDF, 15 pages - 201 KB).
- The United Kingdom Home Office published its own Privacy Impact Assessment, June 30, 2010, (PDF, 38 pages - 366 KB).
Transatlantic Information Sharing and Data Privacy
The High Level Contact Group (HLCG), composed of senior officials from the European Commission, the European Council Presidency, Departments of Homeland Security, Justice and State, was formed in late 2006 to start discussions on data privacy in the exchange of information for law enforcement purposes. HLCG efforts were part of a wider reflection between the European Union (EU) and the United States on how best to prevent and fight terrorism and serious transnational crime.
The goal of the HLCG was to explore ways that would enable the EU and the U.S. to work more closely and efficiently together to exchange law enforcement information while ensuring that the protection of personal data and privacy are guaranteed. In October 2009, the group concluded the first step of that goal, producing a text that identifies the fundamentals or “common principles” of an effective regime for privacy.
While the work of the HLCG has concluded, the Department looks forward to being a part of the negotiation of a binding international EU-U.S. agreement that embodies these principles, which would serve as a solid basis for law enforcement authorities for even further enhanced cooperation, while ensuring the availability of full protection for citizens.
- EU-U.S. Joint Statement (PDF, 7 pages - 117 KB) on “Enhancing transatlantic cooperation in the area of Justice, Freedom and Security”. The joint statement was adopted at the October 28, 2009, U.S.-EU Justice and Home Affairs Ministerial. It acknowledges the completion of the High Level Contact Group’s (HLCG) common principles to protect personal data.
- Addendum to the Final Report by EU-U.S. High Level Contact Group (PDF, 18 pages - 187 KB) on information sharing and privacy and personal data protection. An addendum to the HLCG final report was issued on November 29, 2009 to explain consensus reached regarding the redress principle and issues pertinent to the transatlantic relationship (specific agreements regulating information exchanges and privacy and personal data protection).
- Principles on Privacy and Personal Data Protection for Law Enforcement Purposes for which common language has been developed (common principles) October 28, 2009 - A complete listing of the United States and European Union agreed upon language for data privacy principles when applied for law enforcement purposes.
- CPO Callahan’s November 3, 2009, Leadership Journal Entry on the U.S. and EU’s achievement of a major milestone in data privacy and data sharing.
U.S. – EU Passenger Name Record Agreement
The 2007 Passenger Name Record (PNR) Agreement between the United States and the European Union (EU) made possible the transfer of certain passenger data to Customs and Border Protection (CBP) in order to facilitate safe and efficient travel. Privacy Office Reports demonstrate the progression of the Agreement since its inception, including subsequent reviews conducted by both the United States and the EU to ensure compliance with the Agreement.
The International Conference of Data Protection and Privacy Commissioners and the "Madrid Resolution"
The International Conference of Data Protection and Privacy Commissioners (ICDPPC) is a global forum of field experts and the highest authorities and institutions guaranteeing data protection and privacy. The ICDPPC is dedicated to identifying major challenges in the realm of privacy and data protection.
In 2009, the United States, represented by the Department of Homeland Security Privacy Office and the Federal Trade Commission (FTC), had the opportunity to participate as observers in the ICDPPC experts' meetings that took place in Barcelona in January 2009 and Bilbao in June 2009, as well as the annual ICDPPC conference held in Madrid in November of 2009. At the ICDPPC experts' meetings in January and June 2009, participants discussed the development of a resolution on international privacy standards. In November 2009, the Joint Proposal for International Standards on the Protection of Privacy with Regard to the Processing of Personal Data (or “the Madrid Resolution”) was unveiled. This resolution provides an additional forum to engage in important international dialogue on different approaches to privacy and areas of common ground. In August 2010, the Homeland Security Privacy Office and staff of the FTC issued comments on the Madrid Resolution.
- Comments on Draft Joint Proposal for International Standards on the Protection of Privacy with Regard to the Processing of Personal Data (the “Madrid Resolution”) August 10, 2010, (PDF, 7 pages - 45 KB) The points raised in this document are based on observer participation in the January and June 2009 meetings, as well as review of the final Madrid Resolution issued in November 2009.
Interim Report on EU Hotel Guest Registration Data
Interim Report on the EU Approach to the Commercial Collection of Personal Data for Security Purposes: The Special Case of Hotel Guest Registration Data (PDF, 43 pages – 1.19 MB) This report stems from High Level Contact Group discussions that demonstrated a lack of knowledge by U.S. Government officials about the EU’s application of data protection laws to law enforcement, intelligence, and security agencies; about oversight of law enforcement, intelligence, and security agency-use (collectively, security service use) of personal data; and about the effectiveness of that oversight.
To bolster understanding in this area and recognizing that over 12 million Americans visit countries in Europe every year, the Privacy Office studied the application of EU data protection law and practice in the context of the commercial collection of personal data for security service use, specifically the EU practice of mandatory collection of hotel guest registration data for use by security services. This report was conducted pursuant to Section 222(b)(1)(B) of the Homeland Security Act, in order to enforce the provisions of Article 5 of the 2007 Passenger Name Records (PNR) Agreement.
- Privacy and Information Sharing: The Search for an Intelligent Border (PDF, 24 pages – 4.96 MB) In her essay, Mary Ellen Callahan, the Department’s Chief Privacy Officer, sets out the privacy framework for information sharing and shows how the Department is mandated to involve its Privacy Office in making all its policies and programs before they are launched.Published in One Issue, Two Voices, Canada Institute, Woodrow Wilson International Center for Scholars, October 10, 2010.
- New International Privacy Principles for Law Enforcement and Security (PDF, 3 pages - 27 KB) Chief Privacy Officer Mary Ellen Callahan as published in The Privacy Advisor, The official newsletter of the International Association of Privacy Professionals (IAPP), January 2010.
- Privacy Issues in Border Searches of Electronic Devices (PDF, 4 pages - 83 KB) Chief Privacy Officer Mary Ellen Callahan as published in Data Protection Law and Policy, October 2009.
- US: Finding Relief for Privacy Infringements (PDF, 6 pages - 48 KB) Chief Privacy Officer Mary Ellen Callahan as published in Data Protection Law and Policy, June 2009.
- Networked and Layered: Understanding the U.S. Framework for Protecting Personally Identifiable Information (PDF, 10 pages - 121 KB) Deputy Chief Privacy Officer John Kropf as published in World Data Protection Report, BNA, June 2007.