Thank you, Mr. Chairman. It is an honor to address the distinguished members of this committee and to discuss the goals – and the sacred responsibilities – that we share. During my tenure as Attorney General, I have had the opportunity to work closely with many of you – and with leaders from the European Commission and Council, as well as with Justice and Interior Ministers from across the European Union. America’s law enforcement relationship with the European Union and its Member States is one of my highest priorities. Since taking office, I have co-chaired EU/U.S. Justice and Home Affairs Ministerials every six months – and I look forward to co-hosting the next such Ministerial, during the Polish Presidency, at the United States Department of Justice in November. It has been a privilege to be part of this work – and to contribute to the special relationships that exist between our nations and that, for so many years, have helped to protect our collective security, prosperity, and civil liberties.
Like each of you, I am committed to building on this record of progress. And that commitment is what brings me here today.
On behalf of President Obama and the American people, I want to thank you for inviting me to join you – and for welcoming me to this beautiful city. Today, I hope – and I am confident – that it will serve, as it has so often in the past, as the meeting ground for our critical international cooperation.
Over the years, by working together – in common cause, in good faith, and with mutual respect and shared commitment to reciprocity – we have built a safer world. We’ve identified and dismantled international organized crime networks, illegal human trafficking rings, and global financial fraud schemes . We’ve made meaningful strides in combating gang violence, cybercrime, intellectual property theft, government corruption, and child exploitation. And as we’ve bolstered our crime-fighting efforts, we’ve also upheld civil liberties and the rule of law, and succeeded in protecting essential privacy rights.
Particularly during the last decade, our cooperative efforts have led to historic steps forward in fighting crime and terrorism, while protecting privacy. There are three U.S./EU Agreements, in particular, that should be noted in this regard: the U.S.-Europol Agreement; the U.S.-Eurojust Agreement; and the EU/U.S. Extradition and Mutual Legal Assistance Agreements, which provided the basis for 54 extradition and mutual legal assistance treaties. These three agreements have permitted exchanges of law enforcement and counterterrorism information in connection with hundreds of investigations that have helped protect EU and U.S. citizens, while also protecting their privacy. They stand as brilliant successes for all of our nations.
Indeed, I am unaware of any suggestion that there ever has been a single data protection violation under these law enforcement agreements.
Let me give one recent illustration of what they have allowed us to accomplish. By putting our modern Mutual Legal Assistance treaties to use – and by working with Eurojust and Europol – law enforcement officials and prosecutors from across Europe and the United States recently were able to shut down a major international ring of child pornographers and sexual predators. What might otherwise have been a single arrest quickly developed into a comprehensive investigation and prosecution of more than 20 defendants in five different countries. Together, we rescued more than 50 children, and put a stop to some of the most heinous crimes committed anywhere in the world.
This is just one example of the impact of our joint public safety efforts. And, of course, no aspect of this work is more important – or more urgent – than advancing the global fight against terrorism.
We were reminded of this fact just last week – as we marked the tenth anniversary of the most devastating terrorist attacks ever carried out. On the morning of September 11th, 2001, nearly 3,000 innocent people – from across America and far beyond – were senselessly and tragically killed. Among the victims were dozens of European citizens – from France, Germany, Ireland, Italy, Lithuania, the Netherlands, Portugal, Poland, Romania, Spain, Sweden, the United Kingdom – and Belgium.
In the wake of the 9/11 attacks, our nations came together as never before – bound by our shared grief, as well as our collective resolve: to act as partners; to work as allies; and to meet the unprecedented threats before us with an historic commitment to our joint security, and to our common values. In fact, as an immediate response to 9/11, the EU and the U.S. came together to negotiate the new Mutual Legal Assistance and Extradition Agreements – to demonstrate to the world our partnership in protecting the security and liberties of our citizens, as well as our determination to stand together in combating terrorism. In recent years, we have been reminded – in London and in Madrid, in Kampala and Mumbai, and, most recently, in Abuja – that the threats we face are real. They demand our constant attention, our continued vigilance, and our increased cooperation.
We now have before us an opportunity – an opportunity to further advance our joint commitment to working together to fight crime and terrorism, while also protecting civil liberties and personal privacy. We can do so by extending the proven data protection provisions in the U.S./EU Europol, Eurojust, and Mutual Legal Assistance Agreements across the full range of law enforcement sharing between the U.S. and EU Member States. I should stress that such sharing already is subject to extensive data protection guarantees at the domestic level – and again, I am aware of no violations of those guarantees. But now we have a chance – to consolidate those guarantees in an umbrella data protection and privacy agreement that will provide further assurances to our citizens.
This might seem like an ambitious and complicated undertaking. In one sense, it is – because it reaches beyond specific types of exchanges and specific counterterrorism programs, such as those that are the focus of the Passenger Name Record Agreement, as well as the Terrorist Finance Tracking Program Agreement. But we have good reason to be hopeful about this effort, provided that we work from the data protection provisions we already have negotiated in other agreements, which we know to be both realizable and effective in protecting data privacy within respective legal systems.
While I am unable, of course, to discuss the state of current negotiations, I can report that our negotiators – from both sides of the Atlantic – have been working hard. Since negotiations began in March, they have met in person or by video-conference nine times – for dozens of hours – and have made significant progress on a number of issues that are close to being resolved.
And, as we continue to consider these questions and strive to work toward consensus, I would like to briefly address some of the issues that have become key areas of focus.
First of all, although we can rightly celebrate the common values that underlie our various legal systems, we must recognize that basic legal structures and regulations may differ greatly between the United States and Europe. It is impractical to suggest that we can impose the particularities of our respective legal systems on each other. Instead, we must mutually recognize that each of our systems protect civil liberties – including privacy – effectively, but in our own ways. This is precisely the mutual recognition that we have reached in our previous agreements – and must do once again.
Rather than pursuing a “checklist” approach – to see if specific rules exist under each others’ systems – I would argue that our paramount consideration must be the overall effectiveness of the procedures that are already in place. Broadly speaking, this means accepting that different histories may breed different legal frameworks – while protecting the same values.
In fact, as we’ve seen, the debate about data protection between the U.S. and EU is largely academic – about how specific laws differ, and what procedures exist in various jurisdictions – but with little discussion of the fact that the U.S and EU Member States have successfully exchanged, and protected, data in the law enforcement and public security sector for decades.
We should work to highlight these areas of commonality, along with many other similarities between our data privacy regimes – not only when it comes to the appropriate use of information, but also the ways in which we ensure transparency in our operations.
For example, in the U.S., our Freedom of Information Act provides all individuals, regardless of nationality, with a judicially enforceable process for learning what information the government has about them. Of course, both the U.S. and the EU must refuse individual access to some data in the law enforcement context – and, when necessary, must retain information such as judicial and criminal investigative files for extended periods of time. But we’ve proven that transparency can be a priority – without sacrificing public safety. On this front, I am unaware of any other country that has enacted a law as powerful as the Freedom of Information Act.
I would also like to note that, through our collective efforts to share criminal justice information, perpetrators of the most serious crimes – from all across the globe – have consistently been prosecuted and brought to justice in both the U.S. and EU Member States, based on the strength of evidence provided through mutual legal assistance.
And we have obtained these results while at the same time protecting the privacy of our citizens. At least in part, this is because of the stringent protections currently in place in the United States – as well as Europe – to safeguard the personal data of our citizens. But I believe this commitment to privacy runs much deeper – on both sides of the Atlantic -- than individual rules and regulations. It is a defining principle of who we are – and stands among the many common values that unite our nations.
I want to emphasize just how important those values are to President Obama, to his Administration, and to me personally. I would not have the opportunity, and privilege, to appear before you today, and to serve as my nation’s Attorney General, if generations of brave Americans had not been willing to fight for equal justice, equal opportunity, and civil rights for all.
In the United States, and here in Europe, one of our most fundamental and cherished freedoms is the right to personal privacy. Many of the leaders in this room have spoken about this right and stood in support of it. The United States is proud to stand with you.
America’s origins – as well as its modern-day systems – reflect a core belief in the importance of protecting citizens from government intrusion. Our most important legal document – our Constitution – established a federal government with limited powers, and with extensive checks and balances; and our Bill of Rights ensures the freedom to speak and worship freely – along with protection from self incrimination, as well as unreasonable searches and seizures. And the U.S. Supreme Court has determined that the right of privacy is a Constitutional right in the United States.
For more than two centuries, the American people have fought to defend these rights. But this is not mere constitutional history. It is the spirit that continues to guide how we view and protect privacy in the United States. So, as our discussions continue, know this: Not only do the American people understand your concerns about, and commitment to, privacy rights. We share them.
This doesn’t mean that our framework for protecting privacy is the mirror image of yours. For one thing, we do not have Data Protection Commissioners in the U.S. But we do maintain other independent oversight mechanisms that achieve the same ends. Our independent Inspectors General are legally obligated to uncover violations of law and policy, including violations of privacy protections. The Justice Department has a strong record of criminal prosecutions of privacy violations that, I believe, is unmatched by any other country, including EU Member States. In fact, between 2009 and 2010, we prosecuted 18 defendants in US federal court for crimes that were essentially data protection violations, such as unauthorized access to personal data or misuse of personal data. Privacy officers are also embedded in our government agencies and, similarly, are charged with ensuring that privacy laws and policies are enforced --and that privacy concerns are taken into account as new policies are developed and implemented. Indeed, I’m confident that the robust protections we’ve built into our data collection programs are second to none.
In addition, the United States Congress is responsible for rigorous oversight of government agencies’ privacy practices. And our Government Accountability Office, which is an arm of Congress, frequently conducts investigations across government to fulfill this important obligation.
And in discussing this topic, I feel it’s important to note that – in a number of significant contexts, and contrary to the popular perception of many within the EU – privacy rules in the United States are stricter than those within the EU. For instance, in the critical context of securing the interception of a telephone or email account during a criminal investigation, the U.S. has among the most – if not the most – stringent requirements in the world. Similar levels of scrutiny – accompanied by equally robust protections – are applied in the United States to other forms of personal information, including the results of DNA testing, health records, financial records, and tax information. Moreover, as implemented, our privacy laws provide comparable protection to all people.
When you consider all of this, it’s hardly surprising that EU and U.S. privacy experts, after careful study over three years in our joint High Level Contact Group, together concluded that both the United States and the European Union “have important commonalities and a deeply rooted commitment to the protection of personal data and privacy.”
It was on this basis – and in light of our record of successful, and mutually beneficial, information sharing agreements with Europol, Eurojust, and under the Mutual Legal Assistance Agreement – that the U.S. and EU first agreed to pursue a binding data privacy and protection agreement. As negotiations continue, I am hopeful – and optimistic – that our commitment to cooperation will remain strong; and that if we mutually recognize that our respective systems both protect civil liberties, including privacy, effectively – though, at times, differently – then we’ll be able to draw on our experiences operating under existing agreements and treaties to create an umbrella agreement that will enshrine these achievements in a comprehensive form for the future.
No matter the challenge, no matter the obstacle, no matter the differences that, at times, can seem to divide us from one another – we are, and always must be, partners. We are united by our values, and by our shared responsibilities: to protect the security and civil liberties of our fellow citizens – and to carry forward the difficult but essential work of building a more peaceful world.
This is the challenge that lies before us. So, today, let us pledge ourselves to this work once again. And let us do – not just what is necessary, but what is right.
Thank you. And, now, I look forward to hearing from you – and am happy to answer some questions.