Since the revelations of Edward Snowden, there has been a wave of data privacy repercussions in Europe. Snowden, the former CIA employee and US National Security Agency (NSA) contractor, disclosed top secret NSA documents which revealed the operational details of covert global surveillance programs which engaged in internet surveillance as well as the interception of US and European telephone metadata.
On 17 January 2014, President Obama acknowledged that high-tech surveillance poses a threat to civil liberties and announced that certain changes will be made to the US government’s surveillance programs. The two main changes being that of having legal authority to engage in the surveillance activity and the possibility of appointing a third party to hold the data being monitored, as phone companies do not want the cost or burden.
But are these sentiments a little too late for Europe? In a leaked report of the LIBE committee (this is the committee of the European Parliament that is leading on the proposed new European Data Protection Regulation), LIBE reports to the European Parliament on the surveillance by the NSA. One of the main recommendations in this report, is for the suspension of the Safe Harbor regime. This provides a legal basis for the transfer of personal data from Europe to the US. LIBE also called on the European Commission to assess whether Canada still provides an adequate level of protection for personal data as a result of their involvement in the surveillance programs.
The suspension of Safe Harbor has been demanded pending a full review being conducted and current “loopholes” in the regime being remedied “making sure that transfers of personal data for commercial purposes from the [EU] to the US can only take place in compliance with EU highest standards”.
The LIBE committee’s demand for suspension is however contradictory to the recent announcement of the European Commission that it will not kill off Safe Habor. Instead, the European Commission published 13 recommendations to improve it (see our blog post of 4 December 2014 for more details).
Perhaps this is the LIBE committee’s way of putting pressure on the European Parliament to resume its analysis of the proposed new European Data Protection Regulation and finalise it this year. In fact, this is the first recommendation in their leaked report. This view seems to be supported by the European Data Protection Supervisor, Peter Hustinx, who has urged the German government to take the lead in ensuring the adoption of the Regulation before the elections of the European Parliament and Commission in May this year.
How are businesses responding?
In other news, it has recently been reported that Vodafone has taken a “stand” on privacy by asking governments in the 25 countries in which it operates, for the right to disclose the number of demands it receives for wiretapping and customer data. This is another repercussion sparked by the PRISM debate which seems to be forcing businesses into action in order to retain back the trust of customers.