The European Commission (EC) has drafted measures designed to restore faith in the flow of data between the US and Europe following revelations about the NSA’s spying activities with its PRISM programme.
The EC today outlined what it views as the steps required to start rebuilding trust in the way that data is passed between Europe and the US.
“Massive spying on our citizens, companies and leaders is unacceptable. Citizens on both sides of the Atlantic need to be reassured that their data is protected and companies need to know existing agreements are respected and enforced. Today, the European Commission is setting out actions that would help to restore trust and strengthen data protection in transatlantic relations,” said Vice-President Viviane Reding, the EU’s Justice Commissioner.
“There is now a window of opportunity to rebuild trust which we expect our American partners to use, notably by working with determination towards a swift conclusion of the negotiations on an EU-U.S. data protection ‘umbrella’ agreement. Such an agreement has to give European citizens concrete and enforceable rights, notably the right to judicial redress in the U.S. whenever their personal data are being processed in the US,” she added.
Clearly, given the scale of the programme and the way in which it was kept secret, it will take some time to restore faith, but the EC has laid out six areas that require action:
- A swift adoption of the EU’s data protection reform.
- Making Safe Harbour safer: 13 recommendations to improve the functioning of the Safe Harbour scheme, after an analysis also published today finds the functioning of the scheme deficient in several respects. Remedies should be identified by summer 2014. The Commission will then review the functioning of the scheme based on the implementation of these 13 recommendations.
- Strengthening data protection safeguards in the law enforcement area: the current negotiations on an “umbrella agreement” for transfers and processing of data in the context of police and judicial cooperation should be concluded swiftly.
- The US should commit to making use of a legal framework like the mutual legal assistance and sectoral EU-US to obtain data. Asking the companies directly should only be possible under clearly defined, exceptional and judicially reviewable situations.
- Addressing European concerns in the on-going US reform process.
- Promoting privacy standards internationally: The US should accede to the Council of Europe’s Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (“Convention 108”), as it acceded to the 2001 Convention on Cybercrime.
Featured Image Credit - Getty Images