Realizing it's the underdog post-PRISM, EU lays out new BFF pact with the U.S.

Summary:Tossing the governmental grenade back to its federal former friend, the EU wants the U.S. to abide by its rules if the two continents want to stay friends. The demands could ultimately throw a spanner in the works for the U.S.' mass surveillance operations.

p017345004002-620x425
EU Justice Commissioner Viviane Reding meeting U.S. Attorney General Eric Holder in 2010 Image: <a href="http://ec.europa.eu/avservices/photo/photoDetails.cfm?sitelang=en&amp;ref=P-017345/00-40#0">EU/AV</a>

In efforts to get the "special relationship" back on track after months of painful political rhetoric and frenemy-like relations, the European Commission wants to rekindle its trans-Atlantic love with its American partners.

But it comes with conditions. And if America doesn't play ball, the rift could get significantly wider.

Read this

NSA mass surveillance leaks: Timeline of events to date

Updating timeline coverage from ZDNet, CNET, and CBS News of the NSA's mass surveillance leaks.

The EU on Wednesday threw down its demands — albeit in a somewhat subdued typical softly-softly European way now that the 28 member state bloc has taken time to breathe and think this one through — and hopes its U.S. counterparts bites at the chance to restore relations with its trans-Atlantic friend.

Tensions between the two continents have never been as strained as they are today. It all stems from the revelations from the Edward Snowden house of leaks, which disclosed the massive surveillance operation by the U.S. government by its National Security Agency (NSA).

These operations involved the mass data collection of European citizens in spite of existing data and privacy laws. 

To add insult to injury, the U.K., a prominent European member state (although not for long if David Cameron has his way) was implicated in the operation, seemingly playing the away game with its American counterparts.

Europe was beyond annoyed. Its parliamentary politicians struck back with the full weight of its diplomatic power, albeit with little effect. The European Parliament, the bloc's de facto upper house, called on the Commission to suspend the U.S.-EU data sharing agreement . The Commission didn't budge, knowing that it wasn't obliged to take on what the Brussels-based bureaucrats said, but also knowing that it would have serious consequences for both economies. No visa? No entry to the U.S., and possibly vice-versa.

In the note, published Wednesday, Europe's dished out its bottom line: "follow the existing rules."

It's a climb-down for EU Justice Commission Viviane Reding, who was left burned by the U.S. surveillance disclosures. Reding earlier this year warned of serious repercussions for the Americans, who back in the trenches, was ready to throw back the governmental grenade at its federal former friend.

Now, Reding said there's a "window of opportunity to rebuild trust" between the two world stage players that was "negatively affected" by the disclosed scale of U.S. surveillance.

But in doing so, America has to give more than just a little bit back to heal the rift.

Safe Harbor: Stick to the rules, or we'll cut you off 

Without Safe Habor, EU data wouldn't be allowed to leave Europe, making the continent isolated from the rest of the world and far out of the reach of Silicon Valley technology giants.

The system allows data to flow to and from Europe so long as U.S. companies promise to treat European data as though it was still within the bounds of European law. 

"There is always a possibility to scrap Safe Harbor. Next summer is a Damocles sword. It's a real to-do list. Enforcement is absolutely critical. Safe Harbor cannot be only an empty shell." — Viviane Reding, Nov. 2013

The Europeans now want companies, like the seven named technology companies implicated under the data-acquiring PRISM program, to extend the rules of Safe Harbor, by adjusting their privacy policies. This would result in the disclosure of "information on the extent to which U.S. law allows public authorities to collect and process data transferred."

But this might be difficult seeing as even U.S. companies aren't yet allowed to disclose  that data.

It would also force U.S. companies to "publish privacy conditions of any contracts they conclude with subcontractors," such as cloud computing services.

Reding this week described in an interview with The Guardian the Safe Harbor system as "flawed," and once again threatened to reconsider its ongoing data and intelligence sharing relationship with the U.S. and its law enforcement agencies.

She suggested there is "always a possibility to scrap Safe Harbor." But in doing so would cause a technological and diplomatic rift between the two nation collectives, which could ultimately result in Facebook dropping off the map to the 500 million Europeans.

For goodness sakes, use the official legal channels

The NSA was bypassing European law, which protects third-country transfers, by acquiring data from EU-based subsidiaries owned by U.S. parents. This broke the mutual legal assistance (MLA) agreements between the two states that allow police and law enforcement agencies to work together and request data and other intelligence from friendly foreign states.

In one case, the U.S. was secretly  tapping into the fiber links  that connect Google and Yahoo datacenters together.

The EU has always said the U.S. should use these official data sharing agreements. The U.S. said it was. But in reality, the U.S. wasn't.

As Reding was negotiating to ensure existing mutual legal assistance treaties were the only avenues for data requests, she was quietly implementing an anti-U.S. spying clause in the soon-to-be-announced legislation, which would have significantly bolstered the protection of every citizen in the European Union.

So-called "Article 42"  would have negated — at least theoretically — any attempt by U.S. authorities to force companies operating in the EU to hand EU data back to U.S. authorities, where it could be inspected for intelligence purposes.

It was ultimately scrapped as a leaked copy of the new European draft data protection rules alerted the U.S., which led to it lobbying (or threatening sanctions as it has before) to remove the clause.

German MEP Jan Philipp Albrecht criticized Reding and the proposed regulation, following the NSA leaks. He additionally cited the "strong lobbying" from the Obama administration, which led to Article 42 being removed while "only a very weak recital remained."

A right to redress: You want our data? Treat it like it's yours

U.S. companies may be forced to protect European data as though it never left Europe, but the U.S. government does not extend constitutional rights to that data.

This is a sore point for Europe, which the institution claims gives Europeans zero redress.

Europe wants that to change. While EU data is in the U.S., it should be afforded the same rights as though it were a citizen, notably rights to Fourth Amendment protections that would prevent the data from being unreasonable searched or seized.

After meeting with Sen. Christopher Murphy (D-CT), Chairman of the U.S. Senate Foreign Relations Committee Subcommittee on Europe, earlier this week, Reding said: "Continuous dialogue builds mutual trust... We are talking and listening, not spying on each other."

As Murphy said himself: "Words are not enough."

No, they're not. But America has yet to fully grasp the hidden power that the EU has. It may be the underdog in its friendship with the U.S., but without Brussels standing by its side, it could face a frosty reception on the world stage in the coming year.

Topics: Security, EU

About

Zack Whittaker writes for ZDNet, CNET, and CBS News. He is based in New York City.

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.