The European Union is standing up to the United States on data protection

As Socialist and Democrat spokesperson on Justice and Home Affairs in the European Parliament, I know that the European Union has been pushing hard to create the first piece of international legislation on data protection - the Data Protection Regulation and Directive - which would help enshrine much needed citizen's protections in the internet age.

EU Claude

Claude Moraes is Labour MEP for London and is the Socialists and Democrats spokesperson on Justice and Home Affairs in the European Parliament

On June 11 James Bloodworth wrote an eye catching piece titled ‘How the European Union is saving us from PRISM’.

It wasn’t the usual positive headline about the EU that one sees.

Yet as Socialist and Democrat spokesperson on Justice and Home Affairs in the European Parliament, I know that the European Union has been pushing hard to create the first piece of international legislation on data protection – the Data Protection Regulation and Directive – which would help enshrine much needed citizen’s protections in the internet age.

The United States has been saying for some time that European Regulation on Data Protection has gone too far in terms of threatening the business model of certain companies – in other words the U.S. want to see unlimited commercial access to individual citizens’ data for commercial purposes.

But the EU, for the first time, wants to strike a balance in law between the right to retain private information and the rights of public and commercial organisations to fuel commercial activity on the internet.

How much these protections for citizens would be needed was thrown into sharp focus with the ongoing revelations from Edward Snowden and the ground breaking journalism from both the Guardian and the Observer. These have given us an insight into the way the NSA allegedly operates in relation to the privacy of EU citizens and more laterally the way it has allegedly bugged and infiltrated EU institutions.

The crux of all of these allegations centres around the surprise and sometimes shock that many have, that data which they thought was essentially private was being harvested and transferred without their knowledge.

In my media interviews on this issue, I have been asked if it has been naive to assume that in this digital, technological age we should think that any information on the internet is truly private, or that commercial espionage even between allies does not routinely happen.

But the Guardian and the Observer revelations point to a more important phase in our relationship with ‘Big Data’. What has truly surprised many people about these revelations (those who are not surprised will remain unsurprised) is the mass bulk transfer – the sheer scale of the transfers of data.

Added to this is the surprise that big companies have allegedly given our private information to intelligence agencies.

As I write this piece, the European Parliament has committed itself to a Special Inquiry into the allegations of PRISM and NSA spying. What is being revealed is the way in which there is bulk transfer of data, essentially without our permission, which citizens presumed would be transferred for security purposes, if it was being transferred by security agencies at all.

These allegations point to such large transfers that the proportionality test indicates security cannot be the only objective.

We are entitled to some defined privacy on the internet and in stored data just as we have a right to privacy in other areas of our lives.

The fact is that there is little meaningful data regulation world wide, the European Union in creating the new Data Protection Directive is acknowledging for the first time in an international sense that we have reached a point where we need to at least attempt to define some parameters in the relationship between the right to privacy and commercial interests in our data.

This will become increasingly important in relation to all sorts of data including health and financial records and our most intimate details.

The new Data Protection Regulation seeks to define major issues like ‘the right to be forgotten’ for the first time in cross-border law and to identify the internet for what it is – a truly international global concept rather than something which can be regulated by individual Member States alone.

No one is pretending that these issues are easy – they go to the heart of the most complex philosophical and civil liberties debates. They also lie at the heart of the biggest commercial interests.

The European Parliament has for many years now been grappling with these grey areas in relation to airline information being passed from European Union citizens to United States authorities called Passenger Names Records(PNR) and our financial information (SWIFT). The EU is therefore not new to trying to protect citizens and get the balance right in this area.

Very often in EU Member States like our own, the UK, interest in this important and growing area has been low – but it will now increase.

The recent Guardian and Observer revelations therefore should not be brushed aside as an episode that should be forgotten in a few years time, but an opportunity for us to think about what our relationship is with our individual data online, and how our governments are going to treat mass transfers of data of our most personal details in the future.

Leave a Reply