You are viewing an archived webpage. The information on this page may be out of date. Learn about EPIC's recent work at

EU-US Umbrella Agreement & Judicial Redress Act


The EU-US agreement, the so-called "Umbrella Agreement," is a framework for transatlantic data transfer between the US and the EU. The proposed goal of the Agreement is to provide data protection safeguards for personal information transferred between the EU and the US.

Top News


On September 8, 2015 European and US officials announced that they have concluded an agreement on data protection for transatlantic criminal investigations. The EU Justice Commissioner stated, "Once in force, this agreement will guarantee a high level of protection of all personal data when transferred between law enforcement authorities across the Atlantic." Despite the announcements, neither US officials nor their European counterparts made the text of the Agreement public.

Analysis of the Umbrella Agreement

The full text of the Agreement between the US and the EU on the Protection of Personal Information Relating to the Prevention, Investigation, Detection, and Prosecution of Criminal Offenses (Umbrella Agreement) was first made public by Statewatch. On September 14, 2015, the EU Parliament released the unofficial version of the agreement. EPIC pursues the public release of the document by US and EU agencies.

In-depth analysis of the Umbrella Agreement is here.

EPIC's Interest

EPIC supports the establishment of a comprehensive legal framework to enable transborder data flows. EPIC previously urged that the United States begin the process of ratification of Council of Europe Convention 108.

The federal Privacy Act of 1974 places a duty upon federal agencies that maintain personal information to protect that data. This duty and concomitant responsibilities arise from the collection of personal data. Therefore, it does not matter what the data owner's citizenship or origin is. EPIC has previously made recommendations regarding Privacy Act modernization.EPIC routinely provides comments to federal agencies regarding Privacy Act compliance, and we have provided amicus briefs to the U.S. Supreme Court in two Privacy Act cases, Doe v. Chao and FAA v. Cooper. EPIC has also written extensively on data protection concerns arising from the transfer of personal information between the European Union and the United States.

Judicial Redress Act of 2015

Significantly, the Umbrella Agreement requires amendment to the US Privacy Act of 1974 before it has legal effect. Congress has proposed this legislation in the Judicial Redress Act of 2015.

In a letter to the House Judiciary Committee, EPIC recommended changes to the Judicial Redress Act to provide meaningful protections for data collected on non-U.S. persons. The bill, also pending in the Senate, seeks to amend the federal Privacy Act. EPIC explained that the legislation under consideration fails to provide adequate protection to permit transborder data flows. EPIC also pointed to increasing public concern in the United States about failure to enforce the law. EPIC has previously recommended Congressional action to ensure adequate protections for all personal information collected by U.S. federal agencies. EPIC is also seeking public release of the text of the EU-US "Umbrella Agreement."



Share this page:

Defend Privacy. Support EPIC.
US Needs a Data Protection Agency
2020 Election Security