Legitimising EU Measures: EU-US Relations and Data Processing for Security Purposes

The EU-US relations in the field of internal and border security have been a site of diplomatic, political and juridical tensions. Controversies over transatlantic transfers of personal data, including financial transaction data (TFTP/SWIFT) and passenger data (PNR), and over Safe Harbor, have produced major confrontations between the executive, legislative and judiciary branches of the EU. These controversies and confrontations have been understood in the political science literature as the result of (policy) norm diffusion and internalisation. EU policymakers and lawmakers agree to and adopt measures such as EU-US agreements on PNR data and the transfer of financial data because they are subjected to norm promotion activities by US authorities. EU authorities are found to be ‘norm takers’ and likely to be persuaded to adopt US norms with few changes to their core characteristics. This paper argues that analyses in terms of policy norm diffusion and internalization need to be complemented by an examination of how data processing for security purposes has had over the last twenty an autonomous trajectory within European governmental arenas. The paper relies on an examination of two (fairly) recent policy and legislative initiatives related to the establishment of an EU entry/exit system (EES, smart borders legislative package) and a European Travel Information and Authorization System (ETIAS). The paper further argues that it is important to take into consideration the way in which references to US influence and ‘norm advocacy’ constitutes a legitimizing device for EU measures rather than indications of a direct influence of US authorities.