US spy scandal prompts redraft of EU data bill
EU institutions aim to revive an anti-snooping clause in their data protection bill, even though it would do nothing to stop a US-type operation.
The so called article 42 in the new regulation would create a legal framework on transfer of data to third countries, including the United States.
Dear EUobserver reader
Subscribe now for unrestricted access to EUobserver.
Sign up for 30 days' free trial, no obligation. Full subscription only 15 € / month or 150 € / year.
- Unlimited access on desktop and mobile
- All premium articles, analysis, commentary and investigations
- EUobserver archives
EUobserver is the only independent news media covering EU affairs in Brussels and all 28 member states.
♡ We value your support.
If you already have an account click here to login.
The European Commission relegated it to a footnote in its original draft of the document.
But justice commissioner Viviane Reding told the European Parliament in Brussels on Wednesday (19 June) that she does not object to a proposal, put forward by some MEPs, to give it full legal force.
"If the parliament thinks that out of the recital there should be made an article, so be it. I have no objections to this," she said.
Reding spoke following the revelations that US intelligence services conducted a massive-scale snooping operation, dubbed Prism, on EU citizens using the Clouds of US firms with branches in Europe.
Article 42 is known in EU circles as the "anti-Fisa clause" because the US carried out Prism under its Foreign Intelligence Surveillance Act (Fisa).
But in reality, it would do nothing to stop a Prism-type operation even if gets back in.
A European Parliament source close to the file told EUobserver the clause will force the EU and US to negotiate in future on how to resolve a current jurisdictional clash.
He said US companies with subsidiaries in Europe are caught between two legal regimes.
The US demands that they maintain secrecy about its requests for personal data. But in the EU, they are required to notify the person in question that the US is requesting their information.
When asked by this website if inserting 42 into the text would stop Prism-type activity, he said: "Of course not, [but] it is a strategic decision to force the issue in the future."
Meanwhile, another weakness in the EU bill is that only a small portion of data on the Cloud is considered "personal data."
MEPs are debating the definition of personal data, with some aiming to exclude pseudonymous data altogether from the regulation.
The European Data Protection Supervisor and the EU parliament's lead negotiator on the file, German Green Jan Albrecht, want pseudonymous data included.
Such data does not explicitly name a person but uses other identifiers to single him or her out.
For her part, Reding also weighed in on the US surveillance issue on Wednesday.
“It is a wake-up call … [it is] urgent that we proceed with a solid legislation [on data protection]," she told MEPs.
She said it is necessary to act quickly.
“A delay [on the EU data bill] would play into the hands of those who would not strengthen data protection,” she noted.
But the vote this week suffered another setback in the EU legislative machine.
The EU parliament committee currently handling the dossier now says the vote will mostly likely take place in September or October.
It was originally scheduled for April.
Reding along with home affairs commissioner Cecilia Malmstrom on Wednesday also wrote to the US department of justice over the spy scandal.
The letter - seen by this website - is addressed to the secretary of the US department of homeland security, Janet Napolitano.
It asks Napolitano to provide written responses to questions on Prism and to set up a meeting in July to discuss EU and US data protection.
Reding already sent a letter to US attorney general Eric Holder on June 10.
Some, but not all of her questions, were answered at a ministerial meeting on 14 June in Dublin.