PRISM: EU renews efforts to get US to recognise citizens' right to privacy

Europe's justice commissioner said the revelations around PRISM have strengthened the European Commission's resolve to secure guarantees from the US over the handling of EU citizens' data.
Written by Nick Heath, Contributor

Europe's justice commissioner has promised to strengthen data protection regulations in the wake of the controversy surrounding monitoring of internet traffic by the US National Security Agency (NSA).

New laws and agreements will provide "clear rules for a clear internet and the choice for the individual to give out his data or not", Viviane Reding, European commissioner for justice, fundamental rights and citizenship, said in a speech on Monday.

Regulations need to be strengthened in the wake of revelations about the PRISM surveillance programme, and other initiatives allowing US intelligence agencies to harvest and store online data, she said.

"Trust has been lost in all these spying scandals. Our central task now is to restore it. Because without trust the digital economy cannot grow," Reding said at the Digital-Life-Design conference in Munich.

The strengthened laws Reding is referring to would come courtesy of proposed EU data protection reforms.

"With the data protection reform, we political leaders are responding to these calls. Our draft law contains four key building blocks around one central statement: clear rules for a clear internet and the choice for the individual to give out his data or not."

Data protection rules must apply to any EU citizen data, regardless of whether the company holding that data was based outside the EU, she said. Regulations should also apply to cloud software and platform providers and to metadata as well as data.

The data protection reforms referenced by Reding are two proposals currently being considered by the European Union. These are the General European Data Protection Regulation, which relates to general data processing by companies, and the Data Protection Law Enforcement Directive, relating to the processing of data by police and judicial authorities.

There is also a bilateral data protection agreement being negotiated between the US government and the EU to try and establish the principle that any transfer of EU citizen data should take place through "established legal channels".

It is this agreement that has the potential to have the greatest impact on intelligence gathering activities such as PRISM, according to a spokeswoman for Reding.

"Even if we had the reform of the data protection regulations we still wouldn't be able to stop something like PRISM where there is a dual sovereign responsibility. If we have American companies and we're saying 'No you're not allowed to transfer that data', who are they going to listen to, us or the Americans? That's why we still need this bilateral agreement."

Negotiations on the agreement have been going on since the end of 2010.

"The sticking points over the years has been the Americans don't want to create rights for European citizens. Obviously with this whole 'datagate' it's become much more of an issue and we've seen our hand strengthened at the table," Reding's spokeswoman said.

In the wake of the PRISM scandal, the EU and the US have set up an expert group on national security, which met for the first time on 8 July, which will discuss national security and data protection issues.

Reding made clear what she wants from the agreement in her speech today.

"The rules must ensure that the data of EU citizens are transferred to non-European law enforcement authorities only on the basis of a clear legal framework subject to judicial review," she said.

Editorial standards