U.S. Spying Could Harm Transatlantic Data-Sharing Accords, EU Data Protection Supervisor Says
If reports about mass U.S. surveillance of Europeans’ Internet and telecom data are true, the situation could have a significant impact on existing and future U.S.-EU agreements on data-sharing, said European Data Protection Supervisor Peter Hustinx, in an interview Wednesday. The “mind-blowing story” has already put Europeans’ trust in their right to privacy under “great strain,” he said. There’s a “profound need” at this point for clarification, explanation and justification, he said. The executive body of the Council of Europe separately Wednesday adopted a resolution urging members to ensure that digital tracking and spying don’t breach human rights. The CoE represents 47 European nations.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
The issue of trust also figures into Europe’s relations with the U.S., Hustinx said. The news will no doubt have an impact on existing relations, including current talks on law enforcement data-sharing, he said. Those negotiations assume a certain amount of “lawful excess,” meaning information shared among police agencies may, in exceptional circumstances, be used for secondary purposes beyond those for which it was captured, he said. But lawful excess must have a clear basis in law, be necessary for a precise purpose and be proportionate, he said. The size and scale of the Prism and National Security Agency data captures seem to go beyond the boundaries of EU and international law, he said. That such surveillance is legal in the U.S. isn’t fully convincing, nor is the existence of a secret court that authorizes it, he said, referring to the Foreign Intelligence Surveillance Court.
The same excess clause is present in other instruments such as the safe harbor agreement for cross-border data exchanges, Hustinx said. If the EU were to find unjustified secondary use at the reported scale, it might need to revisit safe harbor and some other trans-Atlantic arrangements, he said. Hustinx wouldn’t predict whether the Prism brouhaha will stall talks on the law enforcement data-sharing pact, but said he thinks it will make negotiations more difficult.
The EU should now proceed with “great energy” to upgrade its current legal framework and to consider how to deal with justified needs for interception, Hustinx said. More trans-Atlantic consistency is needed, he said. The EU also must have tools by which to hold accountable Google, Facebook, European telcos and other companies that give into pressure from third parties, he said. Hustinx said he was encouraged during a recent trip to the U.S. by the fact that some in Congress are beginning to ask hard questions about mass surveillance.
The CoE Committee of Ministers declaration isn’t a political reaction to the Prism scandal but part of the body’s standard-setting work, a spokesman told us. On Prism, however, he said: “Tracking and surveillance measures by law enforcement authorities should comply with the Council of Europe’s human rights standards set out in the European Convention of Human Rights” and should also strictly respect the limits, requirements and safeguards set out in Data Protection Convention 108.
"Legislation allowing broad surveillance of citizens can be found contrary to the right to respect of private life,” the CoE resolution said (bit.ly/11a5Pg7). That can chill citizen participation in social, cultural and political life and, in the longer term, could harm democracy, it said. Restrictions to the right are only justified if necessary in a democratic society, it said. Governments must refrain from interfering with basic rights and must actively protect them, it said.
Tracking and surveillance technologies can be used for legitimate interests such as developing new services, improving user experience or facilitating network management, as well as for law enforcement, the CoE said. They can also be used for unlawful purposes that lead to illegal access, data interception and misuse of devices, it said. In all cases, the mechanisms for processing personal data should comply with relevant CoE standards, it said. The Committee of Ministers alerted CoE members to the risks of digital tracking and other surveillance for human rights, and urged them to “bear these risks in mind in bilateral discussions with third countries.” Where necessary, governments should “consider the introduction of suitable export controls to prevent the misuse of technology to undermine” CoE standards, it said.