This week, the grandly-named Civil Liberties, Justice and Home Affairs Committee of the European Parliament (LIBE) met and discussed written testimony from US whistleblower Edward Snowden.
Snowden told of the NSA’s disregard of US data gathering laws, and described the ineffectiveness of the resulting mass surveillance.
He also answered various written questions from the committee.
Looking at the US government's reports here is valuable. The most recent of these investigations, performed by the White House's Privacy and Civil Liberties Oversight Board, determined that the mass surveillance program investigated was not only ineffective - they found it had never stopped even a single imminent terrorist attack - but that it had no basis in law. In less diplomatic language, they discovered the United States was operating an unlawful mass surveillance program, and the greatest success the program had ever produced was discovering a taxi driver in the United States transferring $8,500 to Somalia in 2007.
In a landslide majority vote, the EU Parliament also finalised a new data privacy law backed by stiffer penalties.
Companies can now be fined up to €100,000,000 (about $140m), or 5% of their global business turnover, for privacy violations.
Gone will be the system of different privacy laws in each EU state: the new law is pan-European.
Even foreign businesses are included, so any organisation that provides services to EU citizens will be required to conform. (Look out, Google!)
Although the EU started on this legislation well before the Snowden leaks, legislators and political observers have said that Snowden’s revelations highlighted awareness of the need to protect privacy, and had an impact on the breadth and strength of the final legislation.
“The Snowden revelations gave us a chance to react,” said Claude Moraes, a Member of the European Parliament (MEP) from the UK. “I hope we will turn those reactions into something positive and lasting.”
LIBE also called for the immediate suspension of a major agreement that exists between Europe and the USA known as the US Safe Harbor privacy principles.
This could have a dramatic impact on trade between the EU and the US, as registering with the Safe Harbor scheme allows EU businesses to collect data from the EU and transfer it to the US.
The European legislature went still further, saying that by the end of the year it will present “a comprehensive assessment of the US privacy framework” and “concrete recommendations based on the absence of a general data protection law.”
That certainly sounds like a step towards declaring the US to be a region that is unsafe to trust with EU data. (Look out, Amazon!)
Whether you approve of Snowden’s whistleblowing or not, his revelations are certainly changing attitudes to privacy on a global scale.
How much of this change will be positive and lasting remains to be seen.