Commission downplays Parliament EU-US data privacy concerns
By Benjamin Fox
Justice Commissioner Viviane Reding has insisted that US authorities cannot override EU laws on data privacy, following concerns expressed by MEPs that certain US laws and legal subpoenas could force EU companies to disclose personal data to US law enforcement agencies.
Speaking on Wednesday night in a debate called by Liberal MEPs in Strasbourg, Commissioner Reding told MEPs that “any processing of personal data in the EU has to respect the applicable EU data protection law”, adding that a US law enforcement authority would have to use “existing channels of cooperation and mutual legal assistance agreements” if they wanted data and information from companies in the EU.
Join EUobserver today
Become an expert on Europe
Get instant access to all articles — and 20 years of archives. 14-day free trial.
Choose your plan
... or subscribe as a group
Already a member?
In an oral question to the Commission, liberal MEPs drew attention to US legislation, including the Medicare Act and the Patriot Act, which, they said, could require the submission of personal data stored in Europe to the US authorities.
Asking the Commission whether transferring personal data to third countries constituted a violation of EU data protection rights they also questioned what action the Commission would take with the US authorities and what it would do to ensure that third country legislation did not take precedence over EU law.
Dutch Liberal MEP Sophie In’t Veld opened the debate by emphasising the need for certainty that “our own European laws always apply within Europe, or whether they could be overruled by third country laws”.
She said that because the US considered its jurisdiction to extend beyond its borders, US law could have “extra-territorial effect within Europe”.
Simon Busuttil, spokesman for the centre-right EPP group on the civil liberties and justice committee, commented that it would be “ironic if it were easier for third countries to process European citizens’ data in their territory than for European entities to do so in Europe.”
That is not acceptable for our citizens and, of course, cannot be acceptable to our Chamber, which is why we have to work together to find workable solutions,” he added.
Despite Commissioner Reding's reply, In’t Veld maintained her concerns about the legal framework, referring to the possible use of subpoenas requiring the US operation of an EU-based company to disclose data stored in Europe.
“This is not through a mutual legal assistance treaty; this is a company which has an operation in the US and is being obliged to provide data stored in the EU,” she stated, asking how the Commission would protect such companies.
Last month the Commission unveiled proposals to radically overhaul the EU’s fifteen year old data protection legislation, and give citizens more control over the use of their data.
They included a ‘right to be forgotten’ clause, whereby consumers can require companies to delete their data. The new proposal sets down heavy fines for companies guilty of breaching data privacy of up to €1 million or 2 per cent of global annual revenue.