European Parliament Opens Inquiry On Privacy Impact of U.S. Surveillance

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

BRUSSELS--Adherence by European Union member states and the United States to universal data protection principles is “currently in doubt,” European Parliament lawmakers said July 4 in a resolution that opens a formal inquiry to investigate the U.S. government's PRISM internet surveillance program and other government surveillance programs.

In addition, the resolution said that in light of surveillance concerns, Parliament should move forward in its data protection regime reform efforts and EU negotiators should consider privacy issues in trade agreement talks with U.S. officials.

The resolution also said that the European Union should consider suspending data-sharing agreements with the United States, including airline passenger and banking information for U.S. anti-terrorism efforts.

Civil Liberties Committee to Lead Inquiry

The inquiry, which will be coordinated by the European Parliament’s Civil Liberties, Justice and Home Affairs Committee, will gather evidence from EU and U.S. sources and will “assess the impact of the alleged surveillance activities on EU citizens’ right to privacy and data protection, freedom of expression, the presumption of innocence and the right to an effective remedy,” Parliament said in a July 4 statement.

Parliament approved the resolution 483-98, with 65 abstentions. The resolution establishes the inquiry and sets out its basic parameters. According to the resolution, a final report on the inquiry will be issued by the end of 2013.

The inquiry has been established in response to what the resolution called “serious concern” about the U.S. PRISM program (12 PVLR 1049, 6/17/13), and similar programs run by EU countries, such as the United Kingdom’s alleged Tempora program, which is said to collect communication data via interceptors placed on undersea fiber-optic cables (12 PVLR 1170, 7/1/13).

The Civil Liberties Committee, which is also the lead committee for the EU data protection reform effort, is scheduled to hold its first session on the surveillance issue July 10.

Call for Progress on Data Protection Reform

The resolution establishing the inquiry also calls for EU member states represented by the EU Council to make quicker progress on the reform of the EU data protection regime.

The European Commission, the European Union's executive arm, published in January 2012 a proposed data protection regulation to replace the 1995 EU Data Protection Directive (95/46/EC) (11 PVLR 178, 1/30/12).

In addition, the European Union and the United States should make progress on a transatlantic agreement on the transfer of information for law enforcement purposes, according to the resolution.

Any agreement should ensure that EU citizens have the right to access and correct their information when it is processed in the United States and should give EU citizens a right of redress and “access to the US judicial system [that] is equal to that enjoyed by U.S. citizens,” the resolution said.

EU and U.S. officials most recently met June 14 to discuss an umbrella law enforcement agreement, talks on which have been ongoing since March 2011 (12 PVLR 1049, 6/17/13).

A spokeswoman for Jan Philipp Albrecht, the German lawmaker who is responsible for shepherding the EC's proposed data protection regulation through parliament, told BNA July 5 that the surveillance inquiry would not hold up the EU data protection revision.

Revelations about PRISM and other programs “put more emphasis on how necessary it is to finalize this reform,” the spokeswoman said.

Dutch Liberal member of the European Parliament Sophie in ’t Veld, a prominent lawmaker on data protection issues, said in a July 5 statement that controversy about PRISM and other programs showed that the European Union must “finally act upon our repeated requests to solve the conflict of jurisdiction” between the European Union and the United States on data protection.

“We can no longer tolerate that the US or any other country’s law is applied directly on EU territory. EU citizens must be guaranteed protection under our own EU laws,” in ’t Veld said.

Separately, EC spokeswoman Mina Andreeva July 5 told BNA that the Commission had received information from U.S. Attorney General Eric Holder “informing us about the arrangements from the U.S. side for the transatlantic working group” on PRISM.

The group was set up following the June 14 EU-U.S. meeting on law enforcement data exchange to discuss the protection of EU privacy rights in the context of PRISM.

The group would meet during July, then in September, and would report in October to the European Parliament and EU Council, Andreeva said.

Question Marks Over PNR, TTFP Agreements?

In addition, the resolution said that EU institutions should consider suspending agreements with the United States on exchange of airline passenger name records (PNR), and on exchange of bank information to combat terrorism under the Terrorist Finance Tracking Program (TTFP), unless data protection concerns are satisfactorily resolved.

EC spokesman Michele Cercone July 5 said in a statement that EU officials would be in Washington during the week starting July 8 for scheduled reviews of the U.S.-EU PNR and TTFP agreements.

“Considering the context in which these conversations will take place, we count on the U.S. for full cooperation in disclosing and sharing all relevant information,” Cercone said.

He added: “should we fail to demonstrate the benefits of the PNR and TTFP instruments for our citizens, and the fact that they have been implemented in full compliance with the law, their credibility will be seriously affected and in such a case we will be obliged to consider if the conditions for their implementation are still met.”

By Stephen Gardner  

Full text of the European Parliament resolution of July 4 on the U.S. National Security Agency surveillance program, surveillance bodies in various EU member states, and their impact on EU citizens’ privacy, is available at