EU demands protection against US data surveillance
Commissioner Viviane Reding wants citizens to have right to sue in US if personal data misused
EU justice commissioner Viviane Reding said she expects to see legislative change in place in the US sooner rather than later. Photograph: Matt Kavanagh/The Irish Times
The European Commission today called for new protection for Europeans under US law against misuse of personal data, in an attempt to keep in check the US surveillance revealed by former NSA contractor Edward Snowden.
“I have ... made clear that Europe expects to see the necessary legislative change in the US sooner rather than later, and in any case before summer 2014,” she said.
Ms Reding’s message was reinforced in a draft report obtained by Reuters that called for “very close attention by the EU” in monitoring data-exchange agreements given the “large-scale collection and processing of personal information under US surveillance programmes”.
The remarks underline a growing sense of unease in Europe at a delicate moment in transatlantic relations, when the globe’s two biggest economies seek a trade pact to deepen ties.
“EU citizens do not enjoy the same rights and procedural safeguards as Americans,” officials wrote, when exploring data transfers.
In the report, they highlighted the need for improving transparency in the ‘Safe Harbor’ scheme that allows companies in Europe who gather personal information about customers, for example, to send it to the United States.
But some believe that the stance of the EU’s executive, which writes laws for the 28 countries in the union, is feeble.
“We are an economic giant and we behave like a political midget,” said Sophie in ‘t Veld, a Dutch member of the European Parliament. “The commission and the member states are extremely timid and soft. They are failing their citizens.”
“It’s not a legal question,” she said. “It’s about Europe behaving like a politically self-confident entity.”
Ms In ‘t Veld is a member of the European Parliament’s civil liberties committee, which recently voted for a tougher data privacy regime in Europe.
That vote cleared the way for negotiations with member states, with the aim of having a new code of conduct agreed by May next year, the first fundamental updating of Europe’s data protection laws since 1995.
As well as stiff fines of up to €100 million for companies that break the rules, the new regime would oblige companies to seek consent before using personal information.
It would block data-sharing with non-EU countries unless approved by an EU supervisor and establish the “right to erasure” - the ability for consumers to request the deletion of their digital trace, including photographs, emails and Internet postings.
But Mark Watts of London law firm Bristows said Europe’s approach was misguided.
“The data protection regulation is not ambitious at all,” he said. “Much of it is based on old legislation before the world wide web even existed.”