European Commission 'in denial' over Patriot Act loophole

European Commission 'in denial' over Patriot Act loophole

Summary: Exclusive: One prominent member of the European Parliament describes how the Commission is effectively in denial over the reach of U.S. law on European citizens.

SHARE:

Think back to the turbulence, the protest and the anger to SOPA and PIPA. The U.S. public was up in arms, and the worldwide online community was too.

European citizens, in comparison, are complacent and unfazed -- considering the fact that the U.S. government can access European-based cloud-stored data.

It is understood that updated European data protection laws may not fully patch the holes left by intrusive U.S. and other third-country law. The European Commission appears to have no intention of doing anything proactively about the problem.

As Viviane Reding, European Justice Commissioner, unveiled the new Data Protection Regulation that will affect over 700 million Europeans, and have an impact on a global scale, remaining answers over third-country law remain unclear.

Members of the European Parliament (MEPs) have in recent months enquired about the reach of third-country law, particularly that of the United States with FISA and the Patriot Act, on European citizens.

It was long believed that U.S. foreign and counter-terrorism policy could affect Europeans and others outside U.S. jurisdiction. But theory became fact when Gordon Frazer, managing director of Microsoft UK, admitted to ZDNet last year that "no company" could guarantee European data would not be handed back to U.S. law enforcement.

After a series of letters and questions to the Commission sent by MEPs --- asking for clarification on the laws --- received a long-awaited response on Tuesday.

Sophie in 't Veld, Dutch MEP and vice-chair of the European Parliament's Civil Liberties, Justice and Home Affairs committee,  told me last night by phone that  MEPs had asked yesterday whether Commissioner Reding intended to reply to the three letters that ask for clarification on the reach of U.S. law.

"The answer is no," in 't Veld said. "They have a statutory obligation to reply, but my questions were 'too difficult' and they could not appear to reach an agreement in the Commission."

"It's beyond disappointing. It's close to absurd." She highlighted that the Regulation has been "watered down considerably, notably on the point of data jurisdiction".

"But apart from the new proposed legislation, we have existing legislation in force. It is being ignored by our own governments and the European Commission, and it is being violated as I speak, and the Commission does not intend to move on the issue,"  in 't Veld said.

"What is the point in proposing new legislation if our own executive body [the Commission] is not going to enforce it? Imagine if this were the Chinese. Would we still be so complacent?" she added.

The European Commission is between a rock and a hard place. It could admit to the failings of the previous 1995 Data Protection Directive and face possible litigation and court action from ordinary citizens and businesses. Or, it could slam the U.S. government for having far-reaching laws and bypassing European legislation, make changes, and face the wrath of businesses worldwide.

But it appears it will do neither. Instead it will probably push ahead with silent reforms in the Regulation instead, in a bid to please all parties. All parties excluding its own Parliament, that is.

If the Commission does not understand the issue of jurisdiction itself, it cannot rule on it. If they cannot rule on it, it cannot enforce the law. If the industry --- notably Microsoft in this case, as it was the first to publicly admit the legal inequalities between the U.S. and Europe --- is aware and has the technical knowledge to understand it, along with this then 22-year-old columnist, surely an executive body of 27 member states should too.

Granted, undergoing a secondary search every time you enter the United States because you were critical over a government's counter-terrorism laws and policies may feel as intrusive on a personal level, particularly if your BlackBerry and your laptop were plugged in and its contents downloaded, and your hand luggage thoroughly searched.

But the fact that European companies are outsourcing vast swathes of data to the borderless cloud, through subsidiary European companies --- like Microsoft, Google, Amazon, and even Facebook --- gives the U.S. government unprecedented access to the personal, private, and secret data that we, and other companies, unwittingly upload.

It's not as though the Norwegians haven't complained about it. Or the Dutch, for that matter. Or BAE Systems, come to think of it.

The proposed Regulation will enter member states' legal systems by 2014---2015. Until then, emergency legislation is being proposed in the European Parliament in order to fix the 'loophole' that allows the U.S. government and law enforcement access to European cloud-stored data.

"Companies passing on European data to U.S. authorities still have to comply with EU law. Not in the future, but today”, in 't Veld affirmed.

A lot is still yet to change, so businesses should take heed of the warnings today. The rules need to be approved by European member states and the European Parliament before they can come into effect. This could mean heavy amendments or outright rejection.

Today's announcement:

Related:

Also see:

 

Topics: Government UK, Government

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

7 comments
Log in or register to join the discussion
  • RE: European Commission 'in denial' over Patriot Act loophole

    Thanks. I thought that part was missing, when I read the news about the proposed changes.

    Maybe it will be considered a data breach and American corporations will have to decide between 2% of world-wide income or an all expenses paid vacation to Gitmo? :-D
    wright_is
  • European authorities hand data over to the US Feds all the time.

    The data residing in Europe doesn't mean anything. It's no big deal unless you're a terrorist or criminal.
    Johnny Vegas
  • RE: European Commission 'in denial' over Patriot Act loophole

    Well the US government, Microsoft, Google and any other nosy organisations are welcome to try. My data is mine, not theirs, I hope they have some fast computers and want to waste a lot of time and effort. I also hope they know a considerable amount about variable bit spread encryption algorithms. Anything I wish to discuss with others who I nominate, will not have a problem. The CIA and others should be careful what they wish for. People worldwide are generally fed up with governments incapable of minding their own business. It is a sign of failure of government when they no longer trust their electorate, the electorate have had their suspicions of government for a long time,any continuing spying, wire tapping, keylogging or other attempts at breaching personal privacy will just be a final nail in the coffin of big government.
    bobmattfran
  • RE: European Commission 'in denial' over Patriot Act loophole

    This is one of the most confusing articles I have ever read. What the hell is the author trying to say? How does the Patriot Act affect Europeans? Gobbledook. Get someone who can write cogently and try again.
    Hannibal.TX
    • RE: European Commission 'in denial' over Patriot Act loophole

      @Hannibal.TX
      No, the article is well written, but the author may have left out some explanation.
      The reason the Patriot Act affects Europeans is that multinational corporations headquartered in the U.S. believe that they will have less problems by complying with the U.S. Patriot Act than by complying with the European laws. The subsidiary companies, like the Microsoft UK example from the article, are companies in Europe that should be complying with European laws just as U.S. companies should comply with U.S. laws. This does not mean all companies in Europe are forking over data to U.S., most likely only the ones with U.S. headquarters.
      I hope this made some sense.
      SeeSeeRockett
  • 700M population misleading

    According to Wikipedia, there was only ~500M people in the EU in 2008.
    Media Whore
  • CloudMe

    All the more reason use a true European consumer cloud/sync/storage service like CloudMe which is based in Sweden.
    MonicasCloud