Sophos Cloud Optix
This week, the grandly-named Civil Liberties, Justice and Home Affairs Committee of the European Parliament (LIBE) met and discussed written testimony from US whistleblower Edward Snowden.
Snowden told of the NSA’s disregard of US data gathering laws, and described the ineffectiveness of the resulting mass surveillance.
He also answered various written questions from the committee.
Looking at the US government's reports here is valuable. The most recent of these investigations, performed by the White House's Privacy and Civil Liberties Oversight Board, determined that the mass surveillance program investigated was not only ineffective - they found it had never stopped even a single imminent terrorist attack - but that it had no basis in law. In less diplomatic language, they discovered the United States was operating an unlawful mass surveillance program, and the greatest success the program had ever produced was discovering a taxi driver in the United States transferring $8,500 to Somalia in 2007.
In a landslide majority vote, the EU Parliament also finalised a new data privacy law backed by stiffer penalties.
Companies can now be fined up to €100,000,000 (about $140m), or 5% of their global business turnover, for privacy violations.
Gone will be the system of different privacy laws in each EU state: the new law is pan-European.
Even foreign businesses are included, so any organisation that provides services to EU citizens will be required to conform. (Look out, Google!)
Although the EU started on this legislation well before the Snowden leaks, legislators and political observers have said that Snowden’s revelations highlighted awareness of the need to protect privacy, and had an impact on the breadth and strength of the final legislation.
“The Snowden revelations gave us a chance to react,” said Claude Moraes, a Member of the European Parliament (MEP) from the UK. “I hope we will turn those reactions into something positive and lasting.”
LIBE also called for the immediate suspension of a major agreement that exists between Europe and the USA known as the US Safe Harbor privacy principles.
This could have a dramatic impact on trade between the EU and the US, as registering with the Safe Harbor scheme allows EU businesses to collect data from the EU and transfer it to the US.
The European legislature went still further, saying that by the end of the year it will present “a comprehensive assessment of the US privacy framework” and “concrete recommendations based on the absence of a general data protection law.”
That certainly sounds like a step towards declaring the US to be a region that is unsafe to trust with EU data. (Look out, Amazon!)
Whether you approve of Snowden’s whistleblowing or not, his revelations are certainly changing attitudes to privacy on a global scale.
How much of this change will be positive and lasting remains to be seen.
Privacy has lagged behind the technology for a long time. The EU was working on this for some time (you only check the requirements you agree to when submitting an R&D proposal in the last 5 years to know that it was more than just words).
The Snowden revelations have indeed been the catalyst for the politicians to catch up with the geeks.
If you strip out the politics, Snowden has precipitated the critical mass to finally act on privacy; in another field and circumstances, he would be considered for an award for his contribution to the field.
The article states that Mr. Snowden’s revelations about mass surveillance of citizens by the U.S. federal state are “reshaping privacy”. Yet, all I see reported here is a lot of Euro-blathering and posturing about huge fines for privacy violations by companies. What about safeguards against surveillance by the state? Isn’t that what the whole NSA/PRISM scandal is about?
I’m not in favor of privacy violations by anyone. It seems to me that that’s the fundamental issue here. Mr. Snowden’s whisteblowing puts the lie to the delusion that so-called “government” is doing its job as a protector against the bad guys. When the protector becomes a predator, who protects us from the protector? Eurocrats who only know how to fine companies?
I don’t think so. If they’re serious about reshaping privacy, the politicians and bureaucrats ought to start by demonstrating how they’re going to police themselves, not by thumping their chests about how tough they’re going to be on everyone else. The NSA has already shown what happens when you let the state have its way.
There is news that the “Safe Harbor” data-transfer facility is to be strengthened almost immediately.
An apparently sudden agreement made to reinforce this EU-US data-transfer agreement to avoid it being suspended by the EU
suspension threat reported above