Europe faces up to impotence over US’s mass spying program

News about the US government’s massive surveillance of phone records has brought to the fore a problem that’s been troubling Europe for months: the lack of effective personal data protection. A meeting of EU justice ministers last Thursday was convened to try to reinforce common European rules on data protection just hours before The Guardian newspaper published its revelations about the National Security Agency’s data-gathering program. The European Commission has found, to its regret, that some member states are ready to block this kind of regulation.

European legislation on this issue goes back to 1995. Even though the system provides more privacy guarantees than most others in the world, the pervasive presence of the internet in Europeans’ daily lives and the advent of social networks has essentially made these rules obsolete. Eighteen months ago, the EU executive proposed restricting access by companies and public powers to sensitive user data, and regulating such new concepts as the “right to be forgotten,” which involves having personal information deleted from online sites.

Ever since then, member states have failed to agree on essential aspects of this regulation. But the US case has caused renewed concern among some members of the European Commission. "This case shows that a clear legal framework for the protection of personal data is not a luxury or constraint, but a fundamental right," said EU Justice Commissioner Viviane Reding, adding that the time has come for the European Council to show that it can act swiftly to reinforce citizens’ rights.

When European citizens phone someone in the US, they don’t expect their personal data to be intercepted"

Reding sent a letter this week to the US Attorney General Eric Holder asking for an explanation regarding the data espionage organized by President Barack Obama’s administration. “Given the gravity of the situation and the serious concerns expressed on this side of the Atlantic, you will understand that I expect swift and concrete answers,” she wrote.

When it comes to assessing the shortcomings of online data protection, European regulations are as important as the rules on data sharing between the EU and the US. So far, neither has made significant headway. But the US surveillance scandal will also weigh heavily on the annual meeting of US and EU authorities that begins Wednesday in Dublin. Quite by chance, the main topic of this year’s encounter happens to be data protection.

Reding will have a chance to ask the US for details of the surveillance program, how many Europeans have been affected, and how communications safety is going to be guaranteed, said a spokeswoman for the EU justice commissioner.

“When European citizens send a message or phone someone in the US, they don’t expect their personal data to be intercepted or conveyed to third parties,” said an EU source.

The concern is not new. The EU already turns over plenty of citizen data to the US (airplane passengers, bank transfers and so on), without any guarantees that this information will be treated according to European standards. That is why, since 2011, Reding has been exploring the possibility of a bilateral data protection agreement as part of a broader police and judicial cooperation scheme.

In practice, no matter how many rules are approved, both public and private powers have access to key information about citizens that could potentially be used against them.