The European parliament had its chance to vote on one of its most sensitive and important inquiries, into the mass surveillance of citizens following the Edward Snowden allegations, and on the same day vote on its biggest single piece of legislation, the data protection regulation – the first and only single piece of international law setting out what privacy rights citizens can expect while the growing globalisation of data flows takes place.
For Europe, the Snowden allegations and the Guardian, New York Times, Le Monde and Der Spiegel campaign came at a critical time when the EU had already decided to completely overhaul its own outdated data protection, internet and privacy laws. It sparked an intense period – first where lawmakers made a set of rules to give EU citizens control of their personal data, such as the ‘right to erasure’ and privacy while ensuring that there can be trust and growth in online commerce, social media and that we could upgrade the protections of data processed by police and judicial authorities. A very tough balance to obtain, but one which most observers believe the parliament has, on the whole, achieved. Second an inquiry into the Snowden allegations was widened to include a comprehensive review of how citizens should be protected from mass surveillance unrelated to our security, while ensuring that intelligence agencies continue to do the vital and valued job of protecting us against terrorist and cyber threats, essential to our security.
"Light has also been shed on flaws in major commercial data sharing arrangements such as the safe harbour agreement, which was supposed to safeguard data business flows from the EU to the US, but which we found to be unsafe and in need of reform fit for growing eCommerce"
So what did parliament’s inquiry find after six months of hearings, including testimony from Edward Snowden, and also intelligence and parliamentary scrutiny bodies from around the EU, whistleblowers, NGOs and journalists including Glen Greenwald and this magazine’s editor, and unprecedented access to the head of the NSA general Keith Alexander, the White House review team and senior US politicians and tech industry executives?
My report criticised mass surveillance programmes used by the US and EU member states where such metadata was not used for security purposes but could lead to serious violations of the law and privacy, including evidence used in secret courts.
While the EU doesn’t have direct competence in relation to national intelligence services of member states, the allegations that there was collusion between the NSA in programmes such as Prism and Tempora and those agencies – and because we also had to address spying allegations against EU institutions – meant that we needed to call for stronger and modernised scrutiny arrangements.
In Brussels we heard evidence from congressman Jim Sensenbrenner, author of the patriot act, who now feels that the NSA must be reformed. In recent weeks, both the UK Labour party and Liberal Democrats have similarly called for an overhaul of our own oversight arrangements fit for this new era.
"The Snowden revelations gave Europe an opportunity to both react and build something positive from this unprecedented period"
But the EU does have direct competence in other areas and the inquiry report comes with some strong recommendations. For example, it understands how much commercial damage and breakdown of trust there has been as a result of the revelations. Light has also been shed on flaws in major commercial data sharing arrangements such as the safe harbour agreement, which was supposed to safeguard data business flows from the EU to the US, but which we found to be unsafe and in need of reform fit for growing eCommerce. We call for its suspension.
In relation to the positive speech by US president Barack Obama before Christmas we welcome the beginning of the informed, thoughtful debate it sparked, but the part of the speech dealing with you and I, here in Europe, requires that the EU and US adopt a data protection agreement that provides judicial redress for EU citizens if their data is illegally transferred to the US – the so-called umbrella agreement.
A host of detailed recommendations form a digital bill of rights or digital habeus corpus, including increased international protections for journalists and whistleblowers, proposals to strengthen EU cloud computing (but not to fence us off), and proposals on IT security and encryption standards. There is a clear understanding from my report that there are both civil liberties implications, as well as global business trust issues, arising from the revelations, and a need to monitor standards long after the scandal may have faded.
The Snowden revelations gave Europe an opportunity to both react and build something positive from this unprecedented period. With the different political histories of different member states of the EU it was inevitable that his information and the Guardian campaign would impact differently in, say Germany, from the UK.
However, over time I have found that there has been genuine agreement that something has gone wrong with the way the NSA and others have acted and something has to be fixed. It is the EU’s turn to say something concrete to citizens about mass surveillance, and what we feel needs to be fixed in a digital bill of rights fit for a surveillance age.