by Luca Boniolo
Data protection remains a hot issue in parliamentary works…
On November 11th the European Parliament Civil Liberties, Justice and Home Affairs Committee (LIBE) held its 9th hearing on Electronic Mass Surveillance of EU Citizens in the framework of its enquiry on the so-called “PRISM” case.[1] In a rather exceptional move even a Member of the US Congress was among the speakers; Microsoft, Google and Facebook representatives were also heard by the Brussels lawmakers during the same hearing.
Exceptional presence: US Congressman Rep. Jim Sensenbrenner
Representative Jim Sensenbrenner, Chair of the US Congress Subcommittee on Crime, Terrorism, Homeland Security, and Investigations, member of the Republican Party and co-author of the Patriot Act, stated: “I hope that we have learned our lesson and that oversight will be a lot more vigorous”, adding that abuses by the NSA could had been carried out outside congressional authority.
In a previous statement Rep. Jim Sensenbrenner said that the intelligence community could had also misused its powers by collecting telephone records also on Americans citizens, and claimed the time has come “to put their metadata program out of business” (section 215 of the Patriot Act). Consistently with this position he worked on a bipartisan bill, the “Uniting and Strengthening America by Fulfilling Rights and Ending Eavesdropping, Dragnet-Collection and Online Monitoring Act” (named for its acronym: the “USA Freedom Act”), which should constrain NSA abuses. However this bipartisan initiative is still far from making unanimity; the democratic Senator Dianne Feinstein, Chair of Selected Committee on Intelligence in the US Senate, for instance, tabled a bill, the “FISA Improvements Act of 2013”, which is attracting plenty of critics because it is considered as a way to enshrine the current NSA data collection activities into law by granting formal Congressional approval to these widespread surveillance programs. “The Feinstein bill puts what the NSA has been doing into law and says it’s Ok… To me, that’s scary”, stated Sensenbrenner and added: “They’ve [senators] become cheerleaders for whatever the intelligence agencies want”.
Facebook, Google and Microsoft declared their innocence
Then executives from three of the world’s biggest IT firms – Facebook, Google and Microsoft – took centre stage at the hearing. The three companies, as well as Apple, AOL, PalTalk and Yahoo, have been accused by the press, on the basis of files leaked by whistleblower Edward Snowden,[2] to give direct access to personal data and/or to routinely hand over these data to the US’ National Security Agency (NSA). Even if this happens in compliance with US subpoenas ordered by the so-called Fisa (Foreign Intelligence Surveillance Act) Court, it has to be noted that the works and jurisprudence of this Court are not public and doubts can be raised on the efficiency of its oversight if, according to official figures, FISA Court approved 99.95% of warrants filed by security services between 2001 and 2012. Moreover, from other Snowden’s files it appears that NSA and GCHQ,[3] might have hacked Google servers and tapped undersea cables, (which carry 90% of internet and phone data between America and Europe).
Facebook Director Richard Allan and Microsoft VicePresident Ms Dorothee Belz, both in charge of of Europe, Middle East and Africa (EMEA) and Google Director Nicklas Lundblad, in charge of Public Policy and Government Relations, all denied in strong terms giving US intelligence services “unfettered” access to people’s private data. According to them only specific information on individual suspects have been subpoenaed by US intelligence and police services. Mr Allan noted that in the six months ending 31 December 2012, US agencies made between 11,000 and 12,000 queries, while EU countries made another 10.000, but they affected only “a tiny fraction of 1% of all Facebook accounts”. The three representatives also denied having any knowledge of the PRISM programme: “We do not know PRISM, we do not take part in it, and we do not give the government access to our data”, reiterated Ms Belz. Nevertheless all the three declared that they would reveal more on the content and scope of US intelligence requests, but the FISA Court banned them from diffusing this kind of information. The speakers also appeared worried about the new European draft Regulation on Data Protection (Rapporteur Mr Jan ALBRECHT, DE, Greens) notably on the limits surrounding international transfers of personal data, which could lead to real conflict of law and to legal insecurity that “we will not be able to resolve”.
The EP is pushing for the suspension of the transatlantic “SWIFT” agreement…
The LIBE Committee Inquiry has in the meantime on Electronic Mass Surveillance is a response to the US National Security Agency’s alleged tapping of EU citizens’ bank data as shared in the framework of the EU-USA transatlantic agreement on the Terrorist Finance Tracking Program (TFTP).[4] On the basis of the elements already emerged during the Committee inquiry, the European Parliament plenary has already voted on October 23rd a request of suspension of that agreement.[5]
To grant the protection of EU citizens’ privacy, MEPs believe that it has to be clarified whether NSA has had direct access to financial messaging data managed by Swift beyond the allowed cases, in other words if there has been a violation of the agreement. The non-binding resolution, tabled by the S&D, ALDE and Greens/EFA groups, was approved by 280 votes to 254, with 30 abstentions, only a slightly majority. These groups believe that is impossible to maintain the agreement as it stands, while EPP group proposed a resolution demanding clarifications too, but without mentioning the suspension of the agreement.
The European Parliament does not legally have the power to suspend an international agreement such as SWIFT and this action remains simple symbolic, committing the Council and Commission to nothing. However paragraph 11 of the Resolution states: «Considers that, although Parliament has no formal powers under Article 218 TFEU to initiate the suspension or termination of an international agreement, the Commission will have to act if Parliament withdraws its support for a particular agreement; points out that, when considering whether or not to give its consent to future international agreements [such as the much bigger EU-US free trade agreement currently under negotiations], Parliament will take account of the responses of the Commission and the Council in relation to this Agreement», followed by article 12: «Asks the Commission, in the light of the above, to suspend the Agreement». Moreover EU Parliament asks the Council and the Member States to authorise an investigation by the Europol Cybercrime Centre into the allegations of unauthorised access to financial payment data governed by the Agreement.
…however the Commission is reluctant…
European Commissioner for Home Affairs Cecilia Malström stated already during a plenary in Strasbourg at the beginning of October, that in the framework of previous consultations the US side has provided detailed explanations and assurances: the agreement had not been violated. On Thursday 23 October the answer of the Commission was the same, i.e. negative; in a press release Commissioner Malström stated: “We will follow up our request for written assurance with the US without delay and keep the European Parliament fully informed. In the meantime, the provisions of the TFTP Agreement that clearly regulate the transfer of personal data, and that provide effective safeguards to protect the fundamental rights of Europeans, will remain in place”. The Commission appeared to be satisfied with the US assurances, deciding, for the time being, not to take in account the EP request. Considering that EP’s approval was necessary for the entry into force of the TFTP agreement, and that the Agreement do not require even a specific wrongdoing justifyng the suspension, this position of the Brussels executive looks quite inappropriate.
In the meantime the EU Data Protection general reform.. Continue reading “Data protection: the European Parliament still fighting on two fronts”