EU privacy chiefs will investigate the U.S. spy program...
EU privacy chiefs will investigate the U.S. spy program Prism, the U.K.’s Tempora and other intelligence-gathering systems, they said in an Aug. 13 letter to Justice, Fundamental Rights and Citizenship Commissioner Viviane Reding made public Monday (http://bit.ly/14XqCHR). The Article 29…
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
Data Protection Working Party (WP29), whose members are national data protection authorities, said it’s particularly alarmed at recent revelations about the U.S. National Security Agency’s XKeyscore, which allegedly permits the collection and analysis of the content of Internet communications from around the world. Although the U.S. has offered some clarifications, “many questions as to the consequences of these intelligence programs remain,” the group said. The WP29 is part of the joint EU-U.S. panel established to discuss mass surveillance (CD June 20 p10), but it “considers it its duty to also assess independently to what extent the protection provided by EU data protection legislation is at risk and possibly breached and what the consequences of PRISM and related programs may be for the privacy of our citizens’ personal data.” The WP29 wants answers to several questions, including: (1) What information is actually collected through the intelligence programs of the U.S. Patriot Act, the Foreign Intelligence Surveillance Act (FISA) Amendment Act, Executive Order 12333 and related measures; (2) Whether metadata on non-U.S. individuals collected as a by-product of investigations of U.S. citizens may then be used to investigate the non-U.S. individuals and, if so, under what provisions; (3) Since data may apparently only be accessed if it comes from non-U.S. persons and is collected from sources inside the U.S., when U.S. authorities consider personal data to be inside the U.S., given the use of cloud and other online services; (4) What the FISA Court’s involvement is in terms of procedures, and whether its processing of personal data aligns with the data protection principle of purpose limitation; (5) What the relationship is between the intelligence programs and organizations’ compliance with third-country personal data transfer rules such as Safe Harbor; (6) Whether American intelligence programs are in line with European and international law. Reding welcomed the WP29’s “strong support” for European Commission efforts to build an ambitious EU data protection regulation to safeguard fundamental rights, including in relation to third countries. She urged WP29 members to “exert their influence” in their respective nations to help ensure that governments “support unequivocally a robust level of data protection in the new EU data protection regulation that is also effectively enforceable in PRISM-type situations.” Privacy authorities should help get the new regulation approved “as soon as possible and at the latest in spring 2014,” she said in a written statement.