European Commission stonewalls Parliament over Patriot Act fears

European Commission stonewalls Parliament over Patriot Act fears

Summary: European Parliament members are being 'stonewalled' by the European Commission over questions pertaining to the reach of invasive U.S. law on European territory.


BRUSSELS -- While Viviane Reding, vice-president of the European Commission for justice, fundamental rights and citizenship, prepares to unveil a new data protection law that will update current member state legislation, important questions from Europe's lower house are seemingly being ignored.

Changes to the 16-year-old European Data Protection Directive will harmonise existing laws, to allow businesses to work across all borders of the 27 European member states without legal conflict. It will also patch the critical flaws left by newer foreign legislation, such as the U.S. Patriot Act and the Foreign Intelligence Surveillance Act (FISA), since updated from its 1978 passing.

But a number of prominent members of the European Parliament (MEPs) continue calling for answers, after the Commission appears to be 'stonewalling' key questions posed relating to the scope that U.S. law has on European citizens.

(Source: Wikimedia Commons, CC)

Speaking to Dutch MEP and vice-chair of the European Parliament’s Civil Liberties, Justice and Home Affairs committee, Sophie in 't Veld, it was clear there was disappointment in the Commission, as the executive body remains "passive" without a clear and public formal response to parliamentary questions.

In June, Microsoft admitted to ZDNet that data stored in European datacenters was not safe from access or interception for intelligence gathering means by U.S. law enforcement, and that "no company could" offer such a guarantee where a headquarters was based in the United States.

This led to the European Parliament submitting questions to the Commission in a bid to seek answers from the executive body.

in 't Veld along with four other MEPs called on Commissioner Reding for "clarification" to answers given in a written statement. In particular, it was not clear what the Commission would do to "remedy this situation", whereby third country legislation -- in this case the United States -- appeared to take precedence over European law.

Since then, the Commission has given no further response.

Along with seven other MEPs, a further letter was sent to the Commission last week to again ask whether U.S. legislation can "effectively overrule relevant EU data protection legislation", and to seek what "immediate action the Commission will take to address these issues with relevant U.S. authorities".

While in 't Veld recognises that the Patriot Act is not the only piece of U.S. legislation with extra-territorial impact on European citizens and businesses, there is concern that the upcoming Data Protection Directive has still a lengthy review process to undertake, and the law will not take effect for years to come.

in 't Veld said that the new legislation will "not enter into force for years to come", and reminded that while companies operate within the confines of the European Union, they are obliged to follow European law.

"In the meantime, companies passing on European data to U.S. authorities still have to comply with EU law. Not in the future, but today", she affirmed.

Many businesses operating in Europe already and continue to comply with European laws. But a disparity emerges between the laws of the United States, where data may be requested by the government for reasons of inspection by law enforcement, which contravene the strict data protection laws of European member states.

Arguably, though the European Commission has the power to fine companies extensively for flouting its data protection laws, many businesses would rather take the flak from Europe than the U.S. government.

The Catch-22 situation is understood by European MEPs, and a certain level of empathy is felt on their part. U.S. based companies like Google, Microsoft and Facebook all have a European presence, and must comply with U.S. law. But in return, they violate European law.

"I think American citizens would be pretty surprised if foreign laws would overrule American laws on U.S. territory. Europeans too expect to be protected by their own laws".

in 't Veld recognises that the issue of data jurisdiction has not been resolved, and that the Commission needs to enact measures immediately to prevent further breaches of European data protection law. The Commission cannot wait three or four years down the line for a new directive to be introduced, and "vague references" to future measures is not enough.

"The ubiquity requires a radically different basis for law making. Clearly the 'law of the land' has reached its limits. We need new, democratic ways to regulate the use of data".

"I do expect the Commission to vigorously defend European companies and European citizens", she concluded.


Topics: Government US, Government

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • She's a middle manager

    She met with the US over data protection early in the year, my guess is the meeting was sort of them giggling and smirking while talking about compliance with EU data protection laws.

    The classic middle manager response is to present the CURRENT situation as the DESIRED situation then sweep it under the table. This is how they are successful while failing. Be redefining 'success' to be what you deliver.

    This is why Merkel takes the lead on the Euro rather than the EU Commission. Nobody wants the EU Commission undermining the Euro on behalf of foreign powers the way it has on other issues.
  • RE: European Commission stonewalls Parliament over Patriot Act fears

    How is it that US law supersedes the law in other sovereign countries? Those MPs need to grow a spine.
    • RE: European Commission stonewalls Parliament over Patriot Act fears

      @schweddy It's not that US Law overrides EU laws (or vice versa) it is that a court order in the US to a company (or a person) has to be obyed - even if it violates ANOTHER country's law if the data that it wants origianlly was stored or passed through that other country.

      Just as if a US company in an EU country is ordered to provide data that would violate US law it STILL would have to give that data to the country.

      Then each other country would then procecute the company for violation the law that it had to violate in order to comply with the law that it was ordered to comply with in the host country.

      A Company (person, or even a real person) would thus violate SOME law no matter what: by complying or not complying with a court order by the EU or US.

      This is the crux of the problem.
    • RE: European Commission stonewalls Parliament over Patriot Act fears

      If a citizen of a suvereign country stays home, US law will have no effect. But if he decides to go to the States, then US has a full right to find out who he is.
  • RE: European Commission stonewalls Parliament over Patriot Act fears

    and risk being black-balled by the US when they need something...good luck with that...
    • RE: European Commission stonewalls Parliament over Patriot Act fears

      @Cubbie <br><br>US Law applies to US based companies, regardless of where they operate, and also applies to any US presence of foreign companies.<br><br>That said, governments don't really care about hardships created by conflicting laws. In fact, I wouldn't be surprised if goverments intentionally created these conflicts as a means to raise money through fines.
  • RE: European Commission stonewalls Parliament over Patriot Act fears

    It's really quite simple: US law applies on US sovereign soil; EU law applies on EU member state sovereign soil; et al.

    This, after all, is the reason the 'Safe Harbor (sic)' agreement was created...