The path forward on true surveillance reform is for the US and European governments to work together to develop an agreement on surveillance practices that includes greater transparency, no bulk collection of digital records of citizens – and enhanced judicial oversight – writes Jens Henrik-Jeppesen
European institutions and governments have responded in different ways to the principal data protection and surveillance challenges on the table, creating an often confusing and conflicting picture. The result is an environment not conducive to the reform of surveillance laws and practices that is obviously needed – not only in the United States but also in Europe and beyond.
The European Parliament, nearing the end of its term, advanced two important votes this past week, on two distinct but easily confused issues: data protection reform and government electronic surveillance. The Data Protection regulation mainly addresses company usage of personal data, while government surveillance reform is an issue of national security, which makes it the purview of individual Member States.
With the adopted report on the proposed data protection reform package moving forward, Europe is one small step closer to data protection regulations that are more consistent across the European Union. However, there are big rifts between a number of EU member states and they seem to be nowhere near a solution. Uniform regulations would be good for businesses and consumers, although member states have vastly different approaches to implementation and enforcement. Despite what European Commission vice-president Viviane Reding says, the data protection regulation would have minimal impact on government surveillance.
The resolution adopted by parliament on government surveillance, based on the Civil Liberties Committee’s inquiry on electronic surveillance, is the EP’s response to the revelations of intrusive spying practices but it is nonbinding. That does not make it irrelevant. It is an important political statement and it includes several sensible recommendations. Notably, it demands an end to bulk collection of data – echoing demands made by both companies and civil society groups. Further, it calls on a number of member states to bring their intelligence surveillance laws and practices in line with European and international human rights norms. It also proposes setting up a high-level group to monitor progress. The parliament inquiry clearly demonstrated that the privacy problems associated with the surveillance practices being revealed could not be reduced to a simple ‘US agencies are spying on European citizens’ narrative.
Clearly, American surveillance resources and capabilities dwarf those of other nations and that means the US has a particular responsibility to ensure that its programmes and policies are compatible with privacy and human rights norms. But the parliament inquiry also clearly indicated that the US National Security Agency conducts surveillance with the collaboration and consent of European agencies and governments.
This is why achieving effective and real surveillance reform to protect citizens in Europe, the US and elsewhere from unwarranted spying requires European and the US governments to develop a common understanding of what constitutes reasonable and human rights compatible legal standards for conducting surveillance. So far, European governments have been distinctly and conspicuously uninterested in engaging in this discussion.
We do not have anything like the full picture of the electronic surveillance activities being carried out in Europe. But we know enough to know that we do not know enough. As is the case in America, we need far better transparency and oversight of intelligence surveillance programmes. The continuing flow of revelations has forced the US administration to initiate reform as announced by President Barack Obama in January. European governments should follow suit but the EU institutions have no authority to compel them to do so.
Again, the European Data Protection reform package – even if it became law in the form adopted by parliament – would not provide meaningful protection against intrusive surveillance. Neither would suspension of the ‘safe harbour’, which the Civil Liberties Committee also recommends in its report. And most certainly, neither would some German officials’ ideas of a European cloud and communications infrastructure. These proposals do not address the issue head on and have negative consequences.
Suspending ‘safe harbour’ would impact companies that have nothing to do with the surveillance allegations. European cloud and data localisation requirements would only motivate authoritarian regimes to pursue similar policies to better control and monitor their populations, and cause difficulty in the already fraught global discussions on internet governance. The path forward on true surveillance reform is for the US and European governments to work together to develop an agreement on surveillance practices that includes greater transparency, no bulk collection of digital records of citizens – and enhanced judicial oversight.
Jens Henrik-Jeppesen is director of European affairs at the Centre for Democracy and Technology think-tank