The EU-U.S. Privacy Shield has come under scrutiny once again after 17 civil society organisations (the Coalition) sent a letter to the European Commissioner for Justice and Consumers.
The 28 February 2017 letter raises the issue as to the breadth of Section 702 of the FISA (Foreign Intelligence Surveillance Act) Amendments Act (FAA), which provides authority for the United States government’s PRISM and UPSTREAM surveillance programmes. The Coalition argues that these programmes violate international human rights standards, as they require internet companies to capture and turn over to the government communications within very broadly defined categories.
Section 702 surveillance powers were the focus of the Court of Justice of the European Union (CJEU) decision that repealed the ‘safe harbour’ programme in the United States, and the Coalition’s letter recommends that the FAA must be amended in order to comply with that decision. The Coalition argues that, in the meantime, the Commissioner must suspend the Privacy Shield. Though officially approved by the European Commission, the Privacy Shield continues to face criticism and calls for its suspension. Human rights organisations have argued that the Privacy Shield still fails to comply with CJEU requirements, noting fears that it is insufficient to ensure protection of the rights of digital users; that it will perpetuate human rights violations; and that it will undermine trust in the digital economy. The Coalition reiterated these arguments in its recent letter.
The Coalition recommends that the FAA’s revisions include the breadth of definitions, the amount of data retained in surveillance databases, the number of innocent individuals that can be ‘targeted’, and the lack of limits on dissemination of data between agencies and the United States’ international partners. At present, Section 702 authorises collection provided that a “significant purpose” of collecting the data is in order to obtain foreign intelligence information. This has served as a loophole for the FBI to collect data without a warrant for criminal investigations. Section 702 is broad enough to allow any non-U.S. person outside of the United States to be targeted in the likelihood that they may reveal foreign intelligence information. The NSA recently targeted a pro-democracy activist in New Zealand under the PRISM programme on the basis of erroneous claims by the New Zealand government that this individual had been planning violent attacks.
Section 702, along with several other sections of the FAA, expires on 31 December 2017. The U.S. Congress has twice voted to reauthorise the law, with the most recent reauthorisation occurring in 2012. In May 2016, the U.S. Congress began debating whether to reauthorise Section 702 a third time. A number of advocacy groups in the United States believe that Section 702 should be allowed to expire on 31 December 2017, and have created a countdown to that date.