EU Tells US: End Mass Spying

Responding to surveillance revelations, EU officials seek changes in commercial and law enforcement data sharing arrangements with the US.

The European Commission, the EU's executive body, is demanding that the US respect the privacy rights of EU citizens and is seeking changes in its commercial and law enforcement data sharing arrangements with the US to "restore trust."

The Commission on Wednesday issued a strategy paper, an analysis of the Safe Harbor agreement that governs international commercial data flows, and a Data Protection report, among other documents, in response to ongoing revelations about the extent of US surveillance.

The latest such disclosure, that the NSA spied on the porn habits of "radicalizers" so they can be discredited, was published late Tuesday by The Huffington Post, based on documents provided by ex-NSA contractor Edward Snowden 

"Massive spying on our citizens, companies and leaders is unacceptable," said EU Justice Commissioner Viviane Reding in a statement. "Citizens on both sides of the Atlantic need to be reassured that their data is protected and companies need to know existing agreements are respected and enforced."

The Commission's concern about loss of trust translates into potential loss of revenue. The Information Technology & Innovation Foundation (ITIF), a Washington-based policy research group, projects US IT industry losses of $22 billion to $35 billion by 2016, because foreign businesses and governments fear having their data scoured by US intelligence agencies.

Add to that the certainty that other government intelligence agencies are doing the same thing, or at least trying to, and the entire premise of cloud computing crumbles. Without a foundation of trust and a legal framework that exists in full public view and protects rather than yields, there's a strong impetus to avoid the cloud and rely only on internal corporate computing resources.

Though the EU says the Safe Harbor agreement governing commercial data sharing "cannot be maintained," it doesn't appear to be threatening to rescind the agreement. Rather, it seeks to improve it with stronger protections for EU citizens, principally a path for judicial redress. The US Privacy Act of 1974 protects US citizens and legal permanent residents, but not EU citizens.

The Commission has made 13 recommendations about how to improve Safe Harbor. The recommendations cover privacy dispute redress, privacy policy transparency, privacy enforcement mechanisms (like compliance audits), and limitations on exceptional access by US authorities (only when "strictly necessary or proportionate," as if such assurances hadn't already been offered).

Changes in the way data is handled and accessed in the EU and US will depend on the EU data protection rules revisions currently before the EU parliament and the US review of national surveillance activities, both of which are ongoing. US lawmakers continue to debate whether and how to reform NSA data collection.

Cloud Connect Summit, March 31 – April 1 2014, offers a two-day program colocated at Interop Las Vegas developed around "10 critical cloud decisions." Cloud Connect Summit zeros in on the most pressing cloud technology, policy and organizational decisions & debates for the cloud-enabled enterprise. Cloud Connect Summit is geared towards a cross-section of disciplines with a stake in the cloud-enabled enterprise. Register for Cloud Connect Summit today.

Editor's Choice
Brian T. Horowitz, Contributing Reporter
Samuel Greengard, Contributing Reporter
Nathan Eddy, Freelance Writer
Brandon Taylor, Digital Editorial Program Manager
Jessica Davis, Senior Editor
Cynthia Harvey, Freelance Journalist, InformationWeek
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing