Yahoo U.S. Email Surveillance Bothers EU Privacy Chiefs

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Daniel R. Stoller

European Union privacy regulators intend to question U.S. national intelligence officials about the extent to which the government orders online communications companies to cooperate in surveillance, they said April 10.

The EU Article 29 Working Party of data protection officials from the 28 EU countries isn’t convinced that U.S. surveillance activities don’t harm EU citizens’ privacy interests, they said. The group will send a letter to U.S. Director National of Intelligence (DNI) Dan Coates “asking for additional information regarding the legal basis and justification for any surveillance activities concerning EU data subjects.”

The move comes after the EU privacy regulators in October 2016 said they were concerned about the alleged scanning of Yahoo! Inc. customers’ incoming emails at the request of U.S. intelligence agencies.

U.S. surveillance of EU citizens’ has increasingly become an issue with the approach of the EU-U.S. Privacy Shield data transfer program’s first annual review in September. The prospect that EU concerns over U.S. government surveillance might bring an end to the Privacy Shield is of great concern to the thousands of U.S. and EU businesses that rely on the program to ease the legal transfer of personal data from the EU to the U.S.

The Privacy Shield, which is administered by the U.S. Department of Commerce, allows companies that self-declare their compliance with EU-approved privacy and security principles to legally transfer personal data from the EU to the U.S. Nearly 2,000 U.S. companies are certified under the scheme, including Alphabet Inc.'s Google and Microsoft Corp.

If Yahoo, and its eventual corporate parent Verizon Communications Inc., can’t come to terms with EU privacy regulators’ scrutiny of its surveillance practices, it could see its revenues from Europe, the Middle East and Africa (EMEA)—and its reputation—take a hit . According to Bloomberg data, Yahoo took in $398.8 million in EMEA Fiscal Year 2016 revenues.

A Yahoo spokesman told Bloomberg BNA April 10 that it didn’t have additional comments on its surveillance policy outside of an October 2016 letter sent to former DNI chief James Clapper. In the letter, Yahoo urged the government to be more transparent to the public about such requests.

The DNI’s office didn’t immediately respond to multiple telephone requests for comment from Bloomberg BNA.

Trump Surveillance Issues?

Similar surveillance concerns were raised by an April 6 European Parliament resolution. There are “great concerns” about broadening the authority of the National Security Agency to share data it collects with other law enforcement agencies, the resolution said. EU lawmakers are also “alarmed” about reports of surveillance of emails by an unnamed “US electronic communications service provider,” it said.

Vanessa Henri, legal counsel at information technology consulting company Above Security in Montreal, told Bloomberg BNA April 10 that President Donald Trump has created “insecurities around the Privacy Shield.”

The Article 29 Working Party members “certainly want to obtain all the information regarding the surveillance of EU citizens” in anticipation of the September Privacy Shield review, she said. The “quality of protection offered against” U.S. surveillance activities against EU citizens was always a critical question for the Privacy Shield’s viability, she said.

Brian Hengesbaugh, data protection partner at Baker McKenzie in Chicago, told Bloomberg BNA April 10 that the letter continues efforts started by the European Commission, the EU’s executive arm, “to gain assurance that U.S. law and policy on surveillance” considers privacy issues relating to EU citizens.

The Trump administration “has consistently provided such assurances,” including during recent meetings between Commerce Secretary Wilbur Ross and European Commissioner Vera Jourova, Hengesbaugh said.

The Trump administration has been supportive of the Privacy Shield mainly because it “considered that a strong vibrant relationship with Europe is important on many levels,” especially for the health of the U.S. economy, he said.

With assistance from Stephanie Bodoni in Luxembourg

To contact the reporter on this story: Daniel R. Stoller in Washington at dStoller@bna.com

To contact the editor responsible for this story: Donald Aplin at daplin@bna.com

For More Information

Text of the Article 29 Working Party's meeting notes is available at http://src.bna.com/nOy.

Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.