U.S. Surveillance Brouhaha Sparks EU Privacy, Internet Trust Fears
Programs such as Prism and the laws which authorize them “potentially endanger” Europeans’ rights to privacy and data protection, European Commissioner for Health and Consumer Policy Tonio Borg told the European Parliament Tuesday. The Prism case, as reported by the media, is also likely to boost concerns about the use of personal data online and in the cloud, he said. Most European Parliament political party representatives who spoke at the session were fuming, but several, like Borg, urged lawmakers not to jeopardize the special relationship with the U.S.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
The EC is “concerned" about reports that U.S. authorities are accessing, and processing on a large scale, the data of EU citizens using major U.S. online service providers, said Borg, speaking for Justice, Fundamental Rights and Citizenship Commissioner Viviane Reding. Besides threatening human rights and scaring citizens about how Internet companies use their personal data, the Prism matter also highlights the difference between the EU and U.S. approaches to data protection, he said. In the U.S. system, only American citizens and residents benefit from constitutional safeguards, but in the EU, everyone’s personal information and the confidentiality of their communications are protected as basic rights, he said.
The legal issue in Prism isn’t new, Borg said. The EC has already brought up the matter of law enforcement access to Europeans’ personal data in the context of ongoing negotiations with the U.S. on a general data protection accord in the area of police and judicial cooperation, he said. Reding heads the negotiating team. The EC wants “clear commitments” from the U.S. that EU citizens have the same right to data protection and access to judicial redress as Americans, he said.
The EC will raise Prism concerns with the U.S. “at the earliest possible opportunity” and seek clarification on whether access to personal data is limited to individual cases, based on concrete suspicion, or involves bulk transfers of data, Borg said. Reding will raise the issue “with force and determination” at a ministerial meeting Friday in Dublin, he said. Also on the agenda is an update on EU cyberstrategy and U.S. legislation, and future priorities of the EU-U.S. working group on cybersecurity and cybercrime, the Irish Presidency said. There will be more information tomorrow on exactly what Reding will say about Prism, her spokeswoman told us.
In addition to talks with the U.S., the EU can protect itself by making sure that it adopts “robust legislation” to confront such situations, said Borg. He urged lawmakers and governments to get behind the EC proposal for a general data protection regulation. From a broader perspective, Europe must reverse the trend of waning trust in the way companies handle data, he said. Data protection reform should ensure that the EU can tackle situations like Prism with rules on territorial scope, so non-European companies that offer goods and services in the EU have to apply EU data protection laws, he said. Quick adoption of the proposal “would resolve any legal loopholes created when companies collect and handle personal data of Europeans and face two different sovereigns,” he said.
It’s “completely unacceptable” that the U.S. has different rules on access to personal data for its own citizens than for those of other countries, said Manfred Weber, of Germany and the European People’s Party. He called for transparency from Google, Facebook and other companies working in Europe. But he stressed that the U.S. is Europe’s partner and that the two sides should work together.
Security is important but the U.S. must be held to account for this breach of trust, said Claude Moraes, of the U.K. and the Socialists and Democrats. There’s a vital balance between security and the need to protect data, he said. He called for special attention to be paid to data protection and data flows in talks on the EU-U.S. Transatlantic Trade and Investment Partnership between the U.S.
One legislator blasted the EC for not sending the appropriate official to speak, as well as her colleagues, most of whom didn’t show for the debate. Parliament is failing European citizens at a time when trust in the EU is at an all-time low, said Sophie In'T Veld, of the Netherlands and the Alliance of Liberals and Democrats for Europe: “We should be ashamed of ourselves.” Lawmakers knew the U.S. was spying on Europe, and have asked the EC about it many times, but it’s like talking to a wall, she said. EU governments are doing the same, using doublespeak on their own citizens, she said. Europe is losing the moral authority to criticize places such as Egypt and Iran about spying, she said.
As for the special relationship with the U.S., In'T Veld said, President Barack Obama made clear that the National Security Agency isn’t spying on Americans, only on “foreigners,” she said. That’s not much of a special relationship, she said. The EU has bent over backwards to accommodate the U.S. over the years, but “the time is now” to defend the rights of Europeans, she said. The EU was “taken for a ride” by U.S. authorities on passenger name records and Society for Worldwide Interbank Financial Telecommunication issues, and Parliament must now show its mettle, said non-attached Austrian member Martin Ehrenhauser.
Companies named and shamed have so far denied flouting the law, said Timothy Kirkhope, of the U.K. and the European Conservatives and Reformists Group. Governments have said it’s too early to draw conclusions, he said. But lawmakers are already pointing fingers at the U.S. and grandstanding, he said. The key to protecting the rights of EU citizens is to make agreements with other countries, Kirkhope said. Some Parliament members should remember who the real enemy is and where, he said. When dealing with allies, friends listen most when you talk, not when you shout, he said.
The EC “shares the European Parliament’s concerns on the Prism scandal,” Borg said in response. The legislative debate revealed two trends of thought, he said. The first is that the EU must clarify things with the U.S. and make sure European rules apply when European citizens are concerned. At the same time, he said, no one should forget who the enemy is. Europe has a special relationship with the U.S. but no one should use it to ignore law and international standards, he said.
The European Data Protection Supervisor is “following the NSA story closely” and is concerned about its possible implications for privacy, the office said Monday. National data protection authorities have asked the EC to seek clarification of the facts as soon as possible, it said.