Shutting Europe Down Is Not the Way To Defend Privacy
When I was at university, I remember a lecturer who used to say the first rule that any law degree student should follow was “to not panic.” That is a rule that we should all apply when reading the draft report of the LIBE Committee of the European Parliament on the NSA surveillance programme. The prospect of a closed-down Europe that is advocated by the report is certainly daunting. Shutting down pretty much all transatlantic data flows in order to prevent unreasonable access to data by the U.S. intelligence services would not only be disproportionate, but it would be hugely damaging to the information society we all rely on.
LIBE's draft report follows a very thorough inquiry and assessment carried out by LIBE during the second half of 2013 and contains specific recommendations for wide-ranging measures to be adopted by the European Parliament. The report is nothing short of ambitious as it targets not only EU member states and institutions, but the U.S. government and even the United Nations. However, its extremism is highlighted by statements like:
"The business model of most Internet companies is based on the processing of personal data of all kinds that puts at risk the integrity of the person"
“This alarming situation can only be remedied if Europeans are willing to dedicate sufficient resources, both human and financial, to preserving Europe’s independence and self-reliance."
The key practical focus of the report is “international data transfers” and how these have facilitated the large-scale mass surveillance of EU individuals. In response, the report calls for some drastic and immediate measures to prevent this, including:
- The suspension of the European Commission's adequacy decision regarding Safe Harbor,
- The suspension by EU data protection authorities of any data flows allowed under Safe Harbor,
- The re-assessment of Canada and New Zealand as safe jurisdictions to receive European data,
- The suspension by EU member states of any data flows authorised on the basis of contractual mechanisms or Binding Corporate Rules, where the law applicable to the recipient of the data invalidates privacy safeguards and
- The suspension by the European Commission of the Terrorist Finance Tracking Program Agreement with the U.S.
Needless to say, the impact of these measures would be catastrophic, so logic suggests that ultimately, this is a call for attention rather than a realistic proposal. Unfortunately, this still leaves us with the challenge identified on both sides of the Atlantic that democratic oversight must prevail over indiscriminate mass surveillance. Addressing this issue is a task that all of the public authorities identified in the LIBE report should prioritise, but this should be done in the same way that privacy professionals do their daily job: with pragmatism, conviction and vision. Certainly not by isolating Europe.
About the Author
Eduardo Ustaran, CIPP/E, is a dually qualified English solicitor and Spanish abogado based in London and an internationally recognised expert in privacy and data protection law. He has been named by Revolution magazine as one of the 40 most influential people in the growth of the digital sector in the UK and is ranked as a leading individual for data protection by Chambers UK. Ustaran is also the author of The Future of Privacy, a book aimed at reshaping the global debate around data and privacy. Ustaran advises on the impact of EU data privacy law on the operational activities of all types of organisations and has assisted data protection regulators from different countries to align their positions and interpretation of the law. He is editor of Data Protection Law & Policy and a member of the panel of experts of DataGuidance. Ustaran is co-author of E-Privacy and Online Data Protection and of the Law Society’s Data Protection Handbook.