Unless the NSA changes its ways, the data protection agreement could be cancelled as early as summer 2014
Viviane Reding, the European Commissioner for Justice, Fundamental Rights and Citizenship, has warned that an important data sharing deal with the US could be stopped unless the country’s surveillance practices are altered to comply with the European law.
Information leaked by former intelligence contractor Edward Snowden has revealed that the current “Safe Harbour” agreement is not fit for purpose, and unless recommended changes are made, it could be scrapped as early as summer 2014.
The EU has already reviewed rules governing the cross-border exchange of commercial transaction data and air travel information, aimed at tracking down the sources of terrorism funding and it is now looking at cooperation between judicial and law enforcement agencies. The Commission is due to publish a list of recommendations on Wednesday aimed at improving the Safe Harbour agreement, in the hope that following the exposure of controversial alleged methods employed by the NSA, the US will be more open to negotiations.
A dangerous harbour
Reding told the Guardian that European businesses need to compete on a level playing field with their US competitors, but enjoy the same privacy protection measures abroad as they do at home. However, she admitted that the European Commission is unable to put pressure on GCHQ, as the EU doesn’t interfere in matters related to its members’ secret services.
The Commission has previously failed to obtain details on the scope of surveillance conducted by the British intelligence agencies and is currently unable to wrestle the same information from the US government.
Safe Harbour is a policy agreement established in 2000 that applies the EU rules on protection of personal information to EU data transferred to the US companies. It requires businesses to obtain certification every 12 months, and was designed to prevent accidental information disclosure or loss. However the agreement has been repeatedly criticised for being ineffective and too reliant on self-assessment.
“There is always a possibility to scrap Safe Harbour … It’s important that these recommendations are acted on by the US side by summer 2014,” said Reding. “Enforcement is absolutely critical. Safe Harbour cannot be only an empty shell.”
“This agreement claims to reassure EU and US consumers when their personal data is exchanged for commercial purposes, but it has now been shown to retain only a fig-leaf of credibility,” commented Monique Goyens, director general of the European Consumer Organisation.
The EC has already drafted new data protection rules that require US Internet companies operating in the EU to obtain permission to transfer data to the US, and to restrict the access of the intelligence agencies. Reding also wants EU citizens to be able to sue in the US courts – something they currently cannot do without obtaining the right of residence.
According to the Guardian, the new rules are opposed by British politicians, who think they are too strict. They are also opposed by the Germans, who think the changes don’t go far enough.
In October, it was alleged that German Chancellor Angela Merkel’s phone was tapped by the NSA for over a decade, and the agency was routinely capturing information about millions of items of electronic communication originating from a fellow NATO member. French and Spanish politicians are also demanding answers about the scope of surveillance in their countries.
What do you know about whistleblowers and their tech? Take our quiz!