It’s taken four years and some serious negotiating, but the joint data protection agreement spearheaded by the U.S. and the European Union — also known as the Umbrella Agreement — is finally moving forward. According to SC Magazine, both American and European officials have now signed off on the agreement. If the bill passes ratification in the U.S., it represents a solid first step in cleaning up the often confusing mess of capturing and prosecuting global cybercriminals and malware creators.

One critical aspect of the new agreement is reciprocal extradition. Ideally, this developing Umbrella legislation should help force more bad guys out of hiding in other countries and into the driving wind and rain of U.S. courtrooms.

The Off-Soil Issue

Tackling the issue of extradition helps mitigate one of the biggest problems with existing cybersecurity laws: They only work if attackers are physically located in the U.S. As noted by CSO Online, lawmakers often make the mistake of designing laws to deter cybercrime but have no viable way to deal with attackers who live outside American borders.

Thanks to the new Umbrella Agreement, however, cybercriminals captured in other nations will now be extradited to the U.S., where they’ll face justice for their crimes as if they occurred on U.S. soil. Congress needs to reciprocate these privileges for EU governments, but this is an excellent starting point.

Under the Umbrella

Extradition isn’t the only thing covered by the Umbrella Agreement. According to the European Commission, the new legislation includes a number of provisions to safeguard personal data:

• There are limitations on data use when transferred between government agencies; data may only be used for “preventing, investigating, detecting or prosecuting criminal offenses.”
• There are specific and limited data retention periods that must be made publicly available.
• There must be notification of all data breaches by agencies to the affected parties.

The agreement also creates a kind of equity between American and European citizens: Under the new Umbrella, residents of the EU will be able to seek judicial redress in U.S. courts if their data is misused or incorrectly processed.

Necessary Collaboration

Dropping the hammer on malware-makers is a necessary step for both the U.S. and Europe, which in many respects lag behind when it comes to sharing information about malicious code and high-profile attackers. Consider the emergence of new malware strains such as Ghost Push, which hides inside popular mobile apps sold in official app stores. Once installed, Ghost Push can both root devices and install unwanted apps. And as noted by the International Business Times, private companies like Visa and FireEye have now partnered to create a malware sharing Web portal designed to “increase threat awareness between merchants and the cybersecurity company” and detect just these kinds of emerging threats.

The Umbrella Agreement represents the first of many catch-up steps from both the American and EU governments since it effectively levels the playing field by giving malicious actors no safe place to hide. While this new agreement isn’t perfect, beefed-up extradition agreements and better data protection should help keep out the worst of any mal-weather.