Redress for Privacy Breaches a Stumbling Block in Resolving Spying Issues, EC Officials Say
European negotiators meeting in Wednesday with U.S. counterparts to discuss mass surveillance and data protection issues focused on a wide range of issues, some of which may take a long time to resolve or may remain unanswered, the European Commission told the European Parliament Civil Liberties, Justice and Home Affairs (LIBE) Committee at a hearing Thursday. The question of whether European citizens should have redress for breaches by the U.S. National Security Agency of their privacy rights is one that may have to be solved in steps, said Reinhard Priebe, director-internal security in the Home Affairs Directorate. The trans-Atlantic experts working group hopes to have a joint report ready by year’s end, said Fundamental Rights and Citizenship Director Paul Nemitz. The LIBE hearing focused on how best to ensure that unfettered spying never happens again
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
Attorney General Eric Holder proposed the high-level group of U.S. and EU data protection and security experts to discuss the NSA surveillance allegations. This week’s meeting, the third, dealt with questions about such things as the scope and limits of the Foreign Intelligence Surveillance Act, methods of data transfers, and the geographic reach of U.S. data acquisition, Nemitz said. Compared to previous meetings, this one took place “in a more constructive atmosphere,” he said. Holder told the panel the U.S. is taking account of European privacy concerns when it reviews intelligence laws, Nemitz said.
The key questions for EU negotiators are the bulk collection of personal data, their acquisition in Europe and the number of Europeans concerned, Nemitz said. So far, those questions have “remained unanswered,” he said. U.S. law requires the government to report annually on how many American citizens were referred to in reports based on surveillance, and the EU wants to know why the same sort of information can’t be provided for Europeans, he said. The U.S. also didn’t answer the question of how many European phone numbers the U.S. is tapping under FISA, he said.
Nemitz and Priebe said they hope for some progress on the question of redress for European citizens whose privacy was breached. The reality is that Americans in Europe have full redress because data protection is considered a human right, said Nemitz. The issue could be resolved under the umbrella data protection accord under discussion between the EU and U.S., he said. This week’s meeting seems to have revealed an understanding that redress could be worked on in stages, possibly starting with an ombudsman to handle complaints from Europeans, Priebe said.
Another area of contention is the meaning of “collection,” said Nemitz. From the EU perspective, it’s not enough to talk about how data were used after it was scooped up, he said. The U.S. seems to place the emphasis on use, while for the EU, the time when the data are first touched by the government is when privacy protections start, he said. This is the main area where more work is needed, he said. The U.S. now understands that every agreement the EU makes with it, such as the Transatlantic Trade and Investment Partnership and Safe Harbor, is based on trust, he said. That trust, particularly on the Internet, must be rebuilt, he said.
The EC and the EU Presidency are readying a joint report which will go to the committee of permanent national representatives in Brussels “in due course,” Nemitz said. The most important next step for the EC is to adopt the data protection reform regulation, because private companies are a major source of data for the NSA, he said. New privacy rules will govern what they can and can’t do, he said. Once the experts group has reported, there will be a decision on whether or not to extend its existence, he said. The EC hopes to have the joint report ready by the end of the year, along with an EC assessment of the situation and of Safe Harbor, he said.
At an earlier session, lawmakers heard from David Bickford, former legal director of U.K. security services MI5 and MI6, and from Privacy International Executive Director Gus Hosein, about the spying situation in the U.K. Bickford argued that the extent of covert surveillance there, and the pressure being exerted on the government to keep the public safe, mean that there should be judicial authorizations for surveillance. The government must step out of the picture and leave authorization for interceptions to the courts, he said. Bickford said Britain needs a clarified law restricting spying to proportionate and necessary circumstances, with a court providing “coal-face supervision” as security operations unfold, followed by independent parliamentary oversight, he said.
Hosein called for an end to surveillance warrants issued by politicians, and said the spying problem is one not of oversight but of the rule of law. U.K. legislation allows surveillance to be conducted without parliamentary awareness or approval, so lawmakers don’t even know the right questions to ask of the security services and become their “cheerleaders,” he said. “The oversight model has failed,” and now communications surveillance must be based on a set of principles, he said. Only then will oversight be effective, he said.
Hosein said he doesn’t know how lawmakers can hold a government to account for having hacked another country’s infrastructure. “This is the Wild West all over again,” he said. Intelligence agencies’ mantra appears to be “move fast and break things,” knowing governments will then ratify their actions, he said.