According to The New York Times, the US and the EU are nearing completion of precedent-breaking agreement allowing law enforcement and security agencies to trade private information (credit card transactions, travel histories and Internet browsing habits) about citizens. The talks leading to this agreement, which establishes that US measures to protect the privacy of information are "good enough" even without an independent oversight board, was not publicized, merely "referred to [...] in a little-noticed paragraph deep in a joint statement after a summit meeting" in Slovenia between President Bush and EU leaders in June 2008.

http://www.nytimes.com/2008/06/28/washington/28privacy.html

Issued June 10, the statement declared that "the fight against transnational crime and terrorism requires the ability to share personal data for law enforcement," and called for the creation of a "binding international agreement" to aid such transfers while also ensuring that citizens' privacy is "fully" protected.

The talks grew out of two conflicts over information-sharing after the September 2001 terrorist attacks. The United States government demanded access to customer data held by airlines flying out of Europe and by a consortium, known as Swift, which tracks global bank transfers.

But the two sides are still at odds on several other matters, including whether European citizens should be able to sue the United States government over its handling of their personal data, the report said.

The Times quotes Paul M. Schwartz, a law professor at the University of California, Berkeley, as saying, "The reason it's a big deal is that it is going to lower the whole transaction cost for the U.S. government to get information from Europe. [The US] will just be able to say, 'Look, we provide adequate protection, so you're required to turn it over.'"

[The] prospect that the agreement might lower barriers to sending personal information to the United States government has alarmed some privacy rights advocates in Europe. [...] The accord does not spell out what would be considered an appropriate safeguard, suggesting that each government may decide for itself whether it is complying with the rule.

"I am very worried that once this will be adopted, it will serve as a pretext to freely share our personal data with anyone, so I want it to be very clear about exactly what it means and how it will work," said Sophia in 't Veld, a member of the European Parliament from the Netherlands who has been an outspoken advocate of privacy rights.

Officials on both sides are interested in swift adoption of the agreement. Bush administration officials want it completed without Congressional action so that the president can complete it with a signature, before he leaves office in January 2009. EU are hoping to ratify the agreement before the EU itself completes proposed changes to ratification procedures, changing hands from member nations to the European Parliament.