Recently leaked, the LIBE Committee draft report on surveillance activities signals a dim future for the international free flow of data in the eyes of the European Parliament. The report despairs of the recent revelations by whistle-blowers about the extent of U.S. mass surveillance activities, causing the trust between the EU and the United States to be profoundly shaken. LIBE argues that the magnitude of blanket data collection goes beyond what would be reasonably expected to counter terrorism and other security threats. LIBE condemns the deficiencies of international treaties between the EU and the United States, and the inadequate checks and balances in place to protect the rights of EU citizens and their personal data.
LIBE proposes a controversially drastic solution to the vulnerabilities exposed by NSA surveillance activities in the United States. Contrary to the ideal of achieving the international free flow of data in our digital society anticipated by European data protection reform, LIBE proposes to shut down all trans-Atlantic data flows, effectively isolating Europe.
Critics have argued that the following measures proposed by LIBE are wholly disproportionate and unrealistic:
- EU member states and U.S. authorities should prohibit blanket mass surveillance activities and the bulk processing of personal data.
- EU and U.S. authorities should take appropriate steps to revise legislation and existing treaties to ensure that the rights of EU citizens are protected.
- The United States should adopt the Council of Europe’s Convention 108 with regard to the automatic processing of personal data.
- The Commission Decision 520/2000, which declared the adequacy of Safe Harbor as a mechanism for EU-U.S. transfers, should be suspended, and all transfers currently operating under this mechanism should stop immediately.
- The adequacy of standard contractual clauses and BCRs in the context of mass surveillance should be reconsidered, and all transfers of data currently authorised under such mechanism should be halted.
- The status of New Zealand and Canada as adequate protection countries for data transfers should be reassessed.
- The adoption of the whole Data Protection Package for reform should be accelerated.
- The establishment of the European Cloud Partnership must be fast-tracked.
- A framework for the protection of whistle-blowers must be established.
- An autonomous EU IT capability must be developed, including ENISA minimum security and privacy standards for IT networks.
- Commission must present an EU strategy for democratic governance of the Internet by January 2015.
- EU member states should develop a coherent strategy with the UN, including support of the UN resolution on ‘the right to privacy in the digital age’.
The report concludes by highlighting a priority plan with the following action list:
- Adopt the Data Protection Package for Reform in 2014
- Conclude an EU-U.S. Umbrella Agreement ensuring proper redress mechanisms for EU citizens in the event of data transfers to the United States for law enforcement
- Suspend Safe Harbor mechanism and all data transfers currently in operation
- Suspend data flows authorised on the basis of contractual mechanism and Binding Corporate Rules
- Develop a European Strategy for IT independence
Critics have condemned LIBE’s report as a step backwards, and suggest it should be considered as a call for action rather than a realistic solution.