But the prospect that the agreement might lower barriers to sending personal information to the United States government has alarmed some privacy rights advocates in Europe. While some praised the principles laid out in the draft text, they warned that it was difficult to tell whether the agreement would allow broad exceptions to such limits.

For example, the two sides have agreed that information that reveals race, religion, political opinion, health or “sexual life” may not be used by a government “unless domestic law provides appropriate safeguards.” But the accord does not spell out what would be considered an appropriate safeguard, suggesting that each government may decide for itself whether it is complying with the rule.

“I am very worried that once this will be adopted, it will serve as a pretext to freely share our personal data with anyone, so I want it to be very clear about exactly what it means and how it will work,” said Sophia in ’t Veld, a member of the European Parliament from the Netherlands who has been an outspoken advocate of privacy rights.

The Bush administration and the European Commission have not publicized their talks, but they referred to their progress in a little-noticed paragraph deep in a joint statement after a summit meeting between President Bush and European leaders in Slovenia this month.

Issued June 10, the statement declared that “the fight against transnational crime and terrorism requires the ability to share personal data for law enforcement,” and called for the creation of a “binding international agreement” to aid such transfers while also ensuring that citizens’ privacy is “fully” protected.

The negotiators are trying to agree on minimum standards to protect privacy rights, such as limiting access to the information to “authorized individuals with an identified purpose” for looking at it. If a government’s policies are “effective” in meeting all standards, any transfer of personal data to that government would be presumed lawful.

For example, European law sets up independent government agencies to police whether personal data is being used lawfully and to help citizens who are concerned about invasions of their privacy. The United States has no such independent agency. But in a concession, the Europeans have agreed that the American government’s internal oversight system may be good enough to provide accountability for how Europeans’ data is used.