EC Seeks More Information on Prism as Spy System Continues to Infuriate EU Lawmakers

The June 10 letter asked Holder whether Prism and similar programs are aimed only at the data of U.S. citizens and residents or also, even primarily, at non-U.S. nationals. It queried whether access to, collection of or other processing of data under Prism was limited to specific cases or in bulk and under what criteria. Other questions related to whether the information is used for national security, foreign intelligence or broader purposes; and what avenues are available to U.S. companies and individuals and EU citizens to be informed of or challenge access to their data.

Holder didn’t respond in writing but he met with the commissioners in Dublin, Reding told EU lawmakers. She said she pressed him for clarifications and asked about the different data protection levels that apply to U.S. versus EU citizens. Reding also asked Holder about how U.S. companies with a presence in Europe will be expected to respond, given EU data protection laws. Reding said she again made clear that existing mechanisms such as mutual legal assistance agreements must be used to gain access to information, not actions illegal under EU law.

Holder answered some questions, Reding said in a Friday statement (http://bit.ly/17YcoXd) after the ministerial meeting. Prism is about foreign intelligence threats, and it targets non-U.S. citizens being investigated for suspected terrorism and cybercrimes, she said. It’s not about bulk data-mining, but specific individuals or targeted groups; and surveillance is carried out on the basis of a court order and under congressional oversight, Reding said she was told. “I hope that Eric Holder can confirm again to you what has been explained during our meeting. Because our assessment will depend on this confirmation on the basis of concrete facts,” her statement said. For Europeans, it’s essential that “even if it is a national security issue it cannot be at the expense of EU citizens.” Reding said she made clear that “basic rights of citizens are not negotiable."

The EC remains “particularly concerned about the volume of data collected, the personal and material scope of the programs and the extent of judicial oversight and redress available to Europeans,” Reding and Malmström said Wednesday. They welcomed Holder’s proposal to set up a high-level group of U.S. and EU data protection and security experts to discuss the issues. The EC will chair the EU side, the officials said. They asked for the first meeting to be in July, to allow the EC to report to the European Parliament and Council in October.

The “Prism case was a wake-up call” showing the urgent need for data protection reform in the private sector as well as in relation to law enforcement, Reding told LIBE members. “The whole world is watching what we are doing,” and if Europe gets this right it will set a global gold standard for data privacy, she said.

European Parliament members (MEPs) are still riled about U.S. spying, they said during the committee meeting. The Americans “have done something wrong” and the EU must draw their attention to it firmly, said one. MEP Sophie In'T Veld, of the Netherlands and the Alliance of Liberals and Democrats (ALDE) for Europe, said she’s raised many questions about EU-U.S. jurisdiction, only to have the EC tell her it can’t do anything about it. The EU must show some backbone and tell other countries “where the limits are,” she said. The European Parliament must stick to “no access without a legal basis” and abide by data protection law, said MEP Axel Voss, of Germany and the European People’s Party.

Terrorist and organized crime gangs use technology against citizens, so technology will be used in response, said MEP Timothy Kirkhope, of the U.K. and the European Conservatives and Reformists group. But the technology must be used lawfully, he said. It’s important to get the facts and details about Prism, he said. MEP Sarah Ludford, of the U.K. and ALDE, said normal channels aren’t being respected. She asked Reding whether there are now any prospects for a transatlantic data protection accord in the area of law enforcement, and whether the EU can protect itself against U.S. intelligence powers.

The EU must “keep our own house in order,” Reding said. It must have rules in place that apply to all companies operating in EU territory, one reason why data protection reform is badly needed, she said. The reform package is working its way through Parliament and the Council now.

In a Tuesday letter to U.S. EU Ambassador William Kennard, European Digital Rights (EDRi) Executive Director Joe McNamee voiced “profound disappointment” about revelations about Prism and its underlying legal framework. “Widespread untargeted surveillance leads to self-censorship, the discouragement of dissent, the restriction of freedom of assembly and the restriction of freedom of communication,” he wrote. The fact that a foreign power that imposes such restrictions believes its domestic procedures are adequate to minimize the risks of the spying is “wholly irrelevant,” he said. When the president of that foreign power then tries to reassure his own citizens that the surveillance only covers foreigners who don’t have the same rights before U.S. courts as Americans, “this heaps insult onto injury,” he said.

EDRi demanded that the U.S. cease any foreign data collection that’s not part of an appropriate mutual legal assistance agreement with treaty status; and that any foreign data collection measures include provisions that give all affected individuals at least equal rights as U.S. citizens at all stages of an investigation. McNamee also urged the U.S. to halt data collection that’s not targeted or based on concrete suspicions. He also slammed the U.S. for meddling in the drafting of the data protection reform regulation before the document was made formally available to Europeans.