PRISM: EU renews efforts to get US to recognise citizens' right to privacy

PRISM: EU renews efforts to get US to recognise citizens' right to privacy

Summary: Europe's justice commissioner said the revelations around PRISM have strengthened the European Commission's resolve to secure guarantees from the US over the handling of EU citizens' data.

TOPICS: Privacy, Government, Legal, EU

Europe's justice commissioner has promised to strengthen data protection regulations in the wake of the controversy surrounding monitoring of internet traffic by the US National Security Agency (NSA).

New laws and agreements will provide "clear rules for a clear internet and the choice for the individual to give out his data or not", Viviane Reding, European commissioner for justice, fundamental rights and citizenship, said in a speech on Monday.

Regulations need to be strengthened in the wake of revelations about the PRISM surveillance programme, and other initiatives allowing US intelligence agencies to harvest and store online data, she said.

"Trust has been lost in all these spying scandals. Our central task now is to restore it. Because without trust the digital economy cannot grow," Reding said at the Digital-Life-Design conference in Munich.

The strengthened laws Reding is referring to would come courtesy of proposed EU data protection reforms.

"With the data protection reform, we political leaders are responding to these calls. Our draft law contains four key building blocks around one central statement: clear rules for a clear internet and the choice for the individual to give out his data or not."

Data protection rules must apply to any EU citizen data, regardless of whether the company holding that data was based outside the EU, she said. Regulations should also apply to cloud software and platform providers and to metadata as well as data.

The data protection reforms referenced by Reding are two proposals currently being considered by the European Union. These are the General European Data Protection Regulation, which relates to general data processing by companies, and the Data Protection Law Enforcement Directive, relating to the processing of data by police and judicial authorities.

There is also a bilateral data protection agreement being negotiated between the US government and the EU to try and establish the principle that any transfer of EU citizen data should take place through "established legal channels".

It is this agreement that has the potential to have the greatest impact on intelligence gathering activities such as PRISM, according to a spokeswoman for Reding.

"Even if we had the reform of the data protection regulations we still wouldn't be able to stop something like PRISM where there is a dual sovereign responsibility. If we have American companies and we're saying 'No you're not allowed to transfer that data', who are they going to listen to, us or the Americans? That's why we still need this bilateral agreement."

Negotiations on the agreement have been going on since the end of 2010.

"The sticking points over the years has been the Americans don't want to create rights for European citizens. Obviously with this whole 'datagate' it's become much more of an issue and we've seen our hand strengthened at the table," Reding's spokeswoman said.

In the wake of the PRISM scandal, the EU and the US have set up an expert group on national security, which met for the first time on 8 July, which will discuss national security and data protection issues.

Reding made clear what she wants from the agreement in her speech today.

"The rules must ensure that the data of EU citizens are transferred to non-European law enforcement authorities only on the basis of a clear legal framework subject to judicial review," she said.

Topics: Privacy, Government, Legal, EU


Nick Heath is chief reporter for TechRepublic UK. He writes about the technology that IT-decision makers need to know about, and the latest happenings in the European tech scene.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • meanwhile

    the 5 Eyes Nations are falling over themselves to share data with the US
  • non US citizens

    should have no expectation of privacy since they are not subject to the US laws.
    LlNUX Geek
    • non-US citizens in the US are subject to the same laws as citizens

      why shouldn't non-US citizen data in the US be subject to the same laws as for citizens?
      • I was not talking about US residents

        if the EU people want privacy they have to become a US territory!
        LlNUX Geek
        • Alternatively

          The EU can put a border for US companies and spies.
        • I'm not talking about residents either

          a non-resident on US soil is subject to US laws, including the right to privacy. if their data is in the US there is no legal argument that it should be treated differently.
          • Except that's not the case here...

            This is the US breaking the EU regs *in Europe*. The EU has strict rules governing the way data is handled within the EU and if American companies have subsidiaries or servers in the EU, then they're expected to comply with EU law.

            If a US company collects data in the EU, they're obligated to operate under those laws.

            As for what the EU could do... that's simple and we've already seen it in action. Apple, Google and Microsoft have all be under the microscope for their business practices. They can be fined heavily or even barred from operating in the EU.

            Don't think that's important? The EU has over 450M people in it making it almost 50% larger a market than the US. Most of the products they buy are actually from Asia (Acer, ASUS, Samsung, Lenovo) or local. They simply don't need to deal with the US directly if it comes down to it - and given how spotty the US is when it comes to supporting EU specific issues (like US companies' weird pricing regimes and region locking practices - which are in violation of EU law, BTW, or ignoring regional languages), I'm not sure most EU citizens would be THAT disappointed.
            The Werewolf!
        • Uh.. wow - clueless or what?

          Europeans *already* have more privacy regulation on their side than Americans do. You're suggesting that they downgrade from what they have by joining the US - which, BTW, is a smaller market as well.

          Maybe the US should consider joining the EU and find out what it's like to have real rights.
          The Werewolf!
    • Linux

      Every time I think someone with "Linux" in their screen name isn't a screw-loose another comes along to reconfirm my original opinion.
  • Cynical

    Maybe I'm just too cynical but I appreciate that the EU is at least paying lip service to the idea they care about their citizens' right to privacy.

    Makes me want to move to the EU. Anyone remember when the US used to be the place people went to escape repressive governments?