New European data laws kill U.S. 'gagging orders'

New European data laws kill U.S. 'gagging orders'

Summary: Ever heard of a National Security Letter? They can gag companies from telling a person that their data has been taken for U.S. inspection. But Europe is helping put a stop to it.

SHARE:
TOPICS: EU, Google, Legal, Microsoft
11

If you were busy on Wednesday, you might not have known that the European Commission, the executive body of Europe's 27 member states, announced the new proposed data protection laws.

If you thought that being in the U.S. meant you were outside of its reach, think again.

Despite a leaked copy of the new law in November, outlining measures to close a loophole that allowed the U.S. government to access European-based data through invoking the Patriot Act, the rule was taken out after the law was 'watered down'.

But the new laws --- the Regulation, which governs data rules for European citizens --- and the Directive, which governs how law enforcement can use your data --- do appear to protect against one controversial legal tool: U.S. National Security Letters.

While super-injunctions only apply to the UK, the U.S. has a similar tool to prevent citizens from speaking about a certain something, or to even mention that there is a 'gagging order' in place. Frankly, it is odd, seeing as the U.S. has constitutionally-bound freedom of speech laws, while the UK doesn't.

NSLs are often invoked alongside other legislation, such as the Patriot Act or FISA, both of which can reach outside of the U.S.' jurisdiction. It means data on a person can be requested by a U.S. government agency to another U.S. company, or even a U.S.-owned but EU-based company, and have data handed back. And, because the gagging order prevents the disclosure of such data, the subject of the data is never informed.

Forbes highlighted that the new European data laws would prevent the non-disclosure of data, but failed to explain why exactly. It did note that Google receives around 1,000 such requests every month from U.S. government agencies, so NSLs are used a great deal, not only by giants like Google but others also.

Here's what you need to know:

It states in the 2012 European Data Protection Regulation that governs how companies that process data should protect consumers:

Article 15: Right of access for the data subject

1. The data subject shall have the right to obtain from the controller at any time, on request, confirmation as to whether or not personal data relating to the data subject are being processed. Where such personal data are being processed, the controller shall provide the following information:

(a) the purposes of the processing; (b) the categories of personal data concerned; (c) the recipients or categories of recipients to whom the personal data are to be or have been disclosed, in particular to recipients in third countries

It also states in the 2012 European Data Protection Directive that governs how data is processed for reasons pertaining to EU-based law enforcement:

Article 12: Right of access for the data subject

1. Member States shall provide for the right of the data subject to obtain from the controller confirmation as to whether or not personal data relating to them are being processed. Where such personal data are being processed, the controller shall provide the following information:

(a) the purposes of the processing; (b) the categories of personal data concerned; (c) the recipients or categories of recipients to whom the personal data have been disclosed, in particular the recipients in third countries;

Effectively, both the Regulation and the Directive say that the person whose data is subject to the request must be informed if law enforcement of a third-country wants access to it. The data ultimately belongs to the person, therefore anyone outside the European Union who wants it must ask.

It does not mean that the person will know what law enforcement wants with it --- although, had they been doing something illegal, it might be a giveaway --- but they will be informed at very least that a law enforcement agency wants their data.

Three things to note:

Firstly, is that these proposals are merely in draft form and have yet to be rubber-stamped by the European Parliament. Secondly, the language is vague and does not clearly mention U.S. law, but also leaves it open to protecting European citizens against other third-country laws. Thirdly, this only applies to EU-based companies with links or ownership to the United States.

Considering how much the U.S. lobbied to remove the Patriot Act-killing rules, it will be interesting to see how long these proposed measures last.

ZDNet's Charlie Osborne contributed to this report.

Image source: Stephen Johnson/Flickr.

Related:

Topics: EU, Google, Legal, Microsoft

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

11 comments
Log in or register to join the discussion
  • The fact is that in the past few years

    The police have been wanting to have carte-blanche to do anything they wish to by waving the "NATIONAL SECURITY!" and "FOR THE CHILDREN!" flags. It's well past time that someone stood up to that and said "No, national security does NOT justify every single thing and moot our laws."
    Lerianis10
    • RE: New European data laws kill U.S. 'gagging orders'

      @Lerianis10
      Agreed but you forgot "PIRACY".
      These slogans are being used to point out [b]"Enemies of the State"[/b] and to justify any/all dubious actions that the Corporations and the Government engage in.
      lehnerus2000
  • RE: New European data laws kill U.S. 'gagging orders'

    "Despite a leaked copy of the new law in November,"

    Umm, laws shouldn't have to be "leaked" - they should be public . . .

    "the U.S. has a similar tool to prevent citizens from speaking about a certain something, or to even mention that there is a ???gagging order??? in place."

    I wonder whether it would survive the supreme court, or even if it can be realistically enforced. Not only do we enjoy the idea of free speech, we tend to take full advantage of it.

    Of course, there is the question of how to enforce laws extending beyond your own borders. The other nations have to be willing to cooperate in any enforcement efforts.
    CobraA1
    • RE: New European data laws kill U.S. 'gagging orders'

      @CobraA1 <br> "I wonder whether it would survive the supreme court, or even if it can be realistically enforced. Not only do we enjoy the idea of free speech, we tend to take full advantage of it."<br><br>It already has and it already is.
      fairportfan
    • RE: New European data laws kill U.S. 'gagging orders'

      @CobraA1 , All 50 states had Gag Laws in place that prevented someone who had to bring a lawyer before the Bar from ever discussing the case, even if they won judgement against the lawyer (malpractice, incompetence etc). The Gag Laws even prohibited knowing what the punishment was. If you ever spoke of your case against a lawyer, you could be sued. Groups like the ACLU had to fight and get them knocked down in every state. Gag Laws exist. People PRESUME they are free to speak.
      royalef
  • Good Post, Zack

    I wish you were our president.
    nikacat
  • Gag order is un-Constitutional

    The fact is, any subsequent legislation not withstanding, the use of a gag order for National Security Letters is against the Constitution. And even Congress can't rule differently without a new amendment. Which means the government can ASK me to withhold notification, but I am under no legal requirement to do so. Convince me you have a case that I should help you with, but it's MY decision to help you or not. You don't have the legal authority to enforce my compliance. Of course they can resort to physical force and violence to enforce their will on me. I don't have access to hundreds of big guys with guns or half the lawyers in the land willing to prostitute themselves.
    Dr_Zinj
    • RE: New European data laws kill U.S. 'gagging orders'

      @Dr_Zinj - It doesn't matter how many lawyers you hire, it is, simply, the law. Upheld by the Supreme Court. It is constitutional, by nature of the fact that it passed the test in the courts. You may, of course, decide to try to prove a point and violate your gag order, should you be so gagged, but you will lose, and you will not be posting on this forum for a long time. Whether it is right or not, or whether it goes to far or not is another argument.
      always-a-geek
  • Privacy vs National Interest

    This is a sticky point, I don't think that there is a generic situation where national interest always trumps privacy. It is a good thing for the EU to stand up for their citizens regarding a national letter of security to demand information just because someone in the US wants it.

    I read recently, the US court can force an individual to hand over the keys to a locked safe containing the individual's personal documents but the court can not force the individual to hand over a combination code to a similar safe. My understanding would have been that neither key or combo code can be demanded under the idea of not testifying against one's self or the freedom from search without a warrant.

    It looks like the US laws are based on the idea that the end justifies the means, that is the arrest of a dangerous terrorist justifies violating their civil rights as well as the civil rights of ordinary citizens with things they prefer to keep private. So, if the EU can protect their citizens from the long reach of US laws then I sure wish, as a US citizen, to have the same protection.
    sboverie
  • Arab Spring of the West?

    Interesting to watch the world slowly step back from unquestioning trust in governments, in the West almost as much as the Middle East. While our Arab Spring cousins prefer wholesale regime change, there's a definite trend in the West for increased suspicion of our duly elected.

    The Assange Wikileaks debacle spectacularly highlighted how quick governments are to bend the rules to reach self-serving goals. And now the uproar against SOPA / PIPA, which would have been passed by US federal without a blink had the tech community not seen through the Big Media propaganda and shot it down.

    10 years ago, the ability of the US government to intercept innocent citizens' confidential information without notice was deemed tolerable given the climate. Now we're seeing that abuse of these rights is rife and utilised in ways the original powers were never intended for (e.g., persecuting a freedom of information champion).

    I suspect it's a positive development - government powers need checks and balances, just the same as any other. And that goes just as much for our UK government as the US - e.g., we have an entire ministerial position (Minister for Culture, Communications and Creative Industries - Ed Vaizey) dedicated to enacting the every whim of Big Media lobbyists (UK and US alike).
    Psdie
  • RE: New European data laws kill U.S. 'gagging orders'

    Surely, every would-be terrorist knows by now, that if you don't want the world to find out about it, you don't do it on your own 'phone or internet connection. These privacy-infringing laws won't do anything for national security, they might just help identify pirates and paedos, if they're not equally careful.
    tubularsteal