Surveillance Concerns Put EU-U.S. Trade Agreement at Risk, EU Privacy Official Says

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Stephen Gardner  

Oct. 29 --U.S. lawmakers should renew their efforts to adopt privacy legislation that will “rebuild trust” with the European Union in the wake of revelations about alleged U.S. spying and access by the U.S. National Security Agency to customer data held by high-profile online companies, European Commission Justice Commissioner and Vice-President Viviane Reding said Oct. 29.

Speaking in Washington at a seminar organized by the Center for Transatlantic Relations, the EU Delegation to the USA and the Peterson Institute for International Economics, Reding said U.S. privacy law should include in particular a right of redress for EU citizens in case of violations of their privacy rights, and failure to address European concerns about data protection might jeopardize the Transatlantic Trade and Investment Partnership (TTIP).

Without “a legal provision on judicial redress for EU citizens, regardless of their residence, in the forthcoming U.S. privacy act,” the European Parliament “may decide to reject the TTIP,” because of privacy concerns, Reding said.

Reding's spokeswoman Mina Andreeva told Bloomberg BNA Oct. 29that by “the forthcoming U.S. privacy act,” Reding was referring to the Intelligence Oversight and Surveillance Reform Act (S. 1551) introduced in September by Sen. Ron Wyden (D-Ore.), co-sponsored by Sens. Mark Udall (D-Colo.), Rand Paul (R-Ky.) and Richard Blumenthal (D-Conn.) (12 PVLR 1662, 9/30/13).

'Treat Europe as a Real Partner.'

To restore trust in the context of the TTIP negotiations, the U.S. “will have to show that they treat Europe as a real partner,” Reding said. “And that they take European concerns about privacy and data protection very seriously.”

Reding said, however, that data protection shouldn't be included in the TTIP negotiations. “Data protection is not red tape or a tariff,” she said. “It is a fundamental right and as such it is not negotiable.”

U.S. industry and consumer protection groups have been divided on whether to include privacy provisions in the trade agreement (12 PVLR 909, 5/27/13).

Meanwhile in July, the head of a political group representing nearly 25 percent of the members of the European Parliament said lawmakers shouldn't ratify TTIP until a framework agreement on data privacy has been reached with the U.S. (12 PVLR 1330, 7/29/13).

Call for U.S. Data Protection Law

Reding's comments reinforce a statement published by EU heads of state and government after a summit meeting Oct. 25, which noted that there were “deep concerns” in the bloc over the alleged extent of U.S. intelligence gathering.

Reding said the U.S. should instead adopt rules that would be equivalent to the EU data protection regulation, which is under discussion. The European Commission in January 2012 proposed a single data protection law for the EU to replace the 1995 EU Data Protection Directive (95/46/EC) .

Data flows between the EU and the U.S. should be able to “rely on solid legal foundations on both sides,” and “we expect the U.S. to quickly set its side,” Reding said.

European Parliament President Martin Schulz Oct. 24 called for suspension of TTIP talks pending clarification of the extent of alleged U.S. surveillance of EU governments and institutions (12 PVLR 1817, 10/28/13).

Although other EU leaders called for a surveillance agreement with the U.S. by the end of 2013, they said they didn't support suspension of TTIP talks (see related report).

Safe Harbor Program Concerns

The U.S.-EU Safe Harbor Program is inadequate for regulating data transfers, and the EU doesn't want to “worry about the tide in a 'safe’ or, after all, not so 'safe’ harbor,” Reding said.

Under the Safe Harbor Program, data transfers from the EU are permitted on the basis that U.S. companies self-certify their agreement to abide by the Safe Harbor framework, which includes seven privacy principles similar to those found in the Data Protection Directive.

Concerns have been raised by the European Parliament's Civil Liberties, Justice and Home Affairs Committee (LIBE) that U.S. companies don't abide by Safe Harbor commitments. LIBE Oct. 21 approved an amended draft Data Protection Regulation proposed by the European Commission (12 PVLR 1817, 10/28/13).

Andreeva said Reding was “not convinced that Safe Harbor is so safe after all, because it is based purely on self regulation, and that is why the commission is working on an analysis of Safe Harbor which we will present before the end of the year,” before deciding on what next steps may be needed.


To contact the reporter on this story: Stephen Gardner in Brussels at

To contact the editor responsible for this story: Heather Rothman at

Viviane Reding's Oct. 29 prepared speech is available at

Request Bloomberg Law: Privacy & Data Security