Main content

PRISM exploitation drives EU's data protection overhaul

Stuart Lauchlan Profile picture for user slauchlan October 17, 2013
The European Parliament's civil liberties and home affairs committee will next week vote on more than 4000 amendments to highly controversial data protection proposals which could have a major impact on the global digital economy.

The European Parliament's civil liberties and home affairs committee will next week vote on more than 4000 amendments to highly controversial data protection proposals which could have a major impact on the global digital economy.

The proposals are intended to provide European citizens with more control over their personal data.

But in the wake of the PRISM/NSA spying scandal, many in Europe have also been talking up the new measures as a response to that.

If passed into law, the regulations will create a single set of binding data protection rules across the EU to replace the 1995 EU directive currently in use.

Everything, with the exception of national security and police and justice cooperation, falls under its scope. Companies that breach the rules can be fined up to 5 percent of annual turnover.

No handing data to the US

Included in the proposed rules is a legal framework designed to stop US-based companies from passing on personal details of EU citizens to US law enforcement and intelligence agencies.

A US company would face European fines if any such transfer took place without legal basis.

This clause had been included in the very first drafts but was removed from further iterations after pressure was brought to bear from Washington.

But the PRISM scandal has provided advocates of such a clause with the necessary justification to get it put back in to the final draft.

Key among those in favor of its restoration to the new rules is EU Justice Commissioner Viviane Reding who has been driving the overhaul since its inception back in January last year.

In common with others in Brussels, Reding has shamelessly exploited PRISM paranoia to meet her political objectives in speech after speech. For example, she's argued:

“The headlines over the past months have been dominated by stories about surveillance. Claims and counter-claims have been made at a dizzying speed.

“In my dialogues with citizens across the union, the sense of shock is palpable and the reaction is clear. The revelations over the past months have acted as a wake-up call.

"People have been reminded of why data protection is important; of why a strong framework for the protection of personal data is a necessity, not a luxury.

“Trust in the data-driven economy, already in need of a boost, has been damaged."

Vivien Reding

But behind this moral high ground rhetoric lies a transparently commercial and political agenda, as she revealed in an interview in Germany:

"All those US companies that dominate the tech market and the internet want to have access to our goldmine, the internal market with over 500 million potential customers. If they want to access it, they will have to apply our rules. The leverage that we will have in the near future is thus the EU's data protection regulation."


Reding's exploitative language has brought some backlash. For example, UK advertising industry lobbyist group ISBA hit out at Reding's claims with director of public affairs Ian Twinn stating:

“Reding is conflating fear of surveillance with the need to bring data protection legislation up to date.

"It is not ok to play on what Reding describes as the EU citizens’ palpable sense of shock over recent high-profile surveillance stories to pass through what is simply put very bad legislation.

“If Reding gets her way she will damage the digital-economy, which is a strong driving force for growth, at a time when Europe really needs it."

The draconian nature of the proposed changes has highlighted again the divisions across national boundaries and cultures across Europe.

Germany - already the toughest regime when it comes to data rules - has been the most enthusiastic backer of tightening the knot further with the PRISM row becoming a hot issue during Angela Merkel's recent re-election campaign.

So German Green Party MEP Jan Albrecht says:

"I think it is a huge success, I really think we achieved something that many people doubted we would be able to achieve. It’s a win-win situation for European companies, for European citizens, for consumers of the digital market in Europe."

But in the UK, the Conservative-Liberal Democrat coalition administration is concerned that the new rules will in fact stifle business across the region. UK Justice Secretary Chris Grayling said late last month:

“This is a debate to my mind about how much and how far can Europe continue to impose costs on business. The EU is unrealistic if it believes that imposing extra costs on business is not going to drive companies and jobs out of the EU in a world that is extraordinarily competitive.

"My fear about data protection is the commission is trying to shape legislation about its perception about what needs to happen to a small group of multinational information firms and forgetting that the impact of this will be profound for small and medium-sized European businesses."

For his part, the UK Information Commissioner  Christopher Graham - in overall charge of UK data protection enforcement -  has called the proposed regulation "too dirigiste" and stated that the UK is "not interested in regulation that is a to-do list".


Inevitably Reding is not impressed by the UK's stance - which is largely shared by Ireland which fears for the impact on luring US cloud firms to set up there. Hence her snarky comment last month:

“I have stopped counting on the UK’s support for pushing through strong European data protection rules that can help protect citizens from being spied upon."

Although Reding and her supporters in Brussels were celebrating this week, the reality is that there is a long way to go before any of this becomes law.

If the new rules are agreed next week by the parliament, they will then need to be negotiated with the Commission - which shouldn't present too much of a problem - then get them agreed by the 28 EU governments. That's the bit that's akin to herding cats.

Clearly there is a need for an overhaul of what are now out of date data protection rules across Europe to bring them up to speed with a world in which cloud computing and the internet are driving the global  digital economy.

But using this need to then push through a thinly disguised protectionist policy based on economic jealousy towards what Reding calls "all those US companies that dominate the tech market" is not acceptable.

This will get tied up in knots for years potentially. In the meantime it would be good to see some constructive noises coming out of Washington on how to reach an acceptable rapprochement with Europe  on data privacy that serves to knock the protectionists off their pseudo-moral high ground.

A grey colored placeholder image