A top US State Department official has rebuffed critics who argue that Europe can only seal a new data sharing deal if US laws enabling electronic surveillance are changed.
Daniel Sepulveda, the US coordinator for international communications and information policy, said today (3 November) in Brussels that a new EU-US deal to replace the fallen Safe Harbour agreement would not follow a change in US law.
“It’s a non-sequitur,” Sepulveda said of the critique launched against US intelligence agencies.
“The fact of the matter is that the underlying evidence that they use to reach the conclusion that intelligence practices are excessive in the United States is fundamentally and demonstratively wrong,” he added.
Sepulveda is meeting with EU lawmakers and rights groups this week in Brussels to discuss data protection. EU Justice Minister Vera Jourova will travel to Washington this month for more talks with US negotiators.
The two sides have been in talks since 2013 to come up with a new deal to allow companies to legally transfer data from the EU to the US, but they now say they are stepping up efforts following the recent European Court of Justice decision striking down the Safe Harbour agreement.
The ECJ verdict on 6 October cited the US intelligence agencies’ unfettered access to personal data once it is transferred to the US.
Some MEPs in the Civil Liberties, Justice and Home Affairs Committee (LIBE) have rallied against the European Commission’s plans to negotiate a new agreement allowing commercial data transfers to the US.
They argue that as long as US intelligence agencies broadly gather data from electronic communications, a new arrangement wouldn’t fit with the legal standard on privacy set out by the ECJ decision.
German MEP Jan Philipp Albrecht (Green) slammed the plans for a new agreement during a LIBE debate last month, “I can’t get it right in my head that still people just say ‘Let’s do a Safe Harbour plus’. How can we change the legal environment of the United States by a Commission decision?”
Sepulveda warned that without a new data deal in place, different national laws regulating data protection and other internet policy areas threatened to mangle the internet ecosystem.
“To what degree will the internet become a series of intranets that interconnect with each other?” Sepulveda asked.
“The operational ability to use the internet could fragment because of legal differences in regimes. To the degree that that happens you break the economy’s scale. We’re talking about the underlying foundations of what’s now a modern industrial powerhouse, so it’s very important,” he said.
Data protection authorities from Germany’s Länder suggested last week that companies should consider storing data only within Europe to avoid legal backlash in the wake of the ECJ verdict.
Existing European rules on data protection were adopted in 1995, when the internet was still in its infancy.
In January 2012, the European Commission published a vast legislative package aimed at replacing the existing rules and giving greater protection to personal data across the EU.
The package includes two legislative proposals: one general regulation on data protection (directly applicable in all the member states) and one directive specifically aimed at data protection in the police and the justice systems (to be transposed into national law).
Since then, the data protection debate took a new twist with revelations about US eavesdropping activities.
Whistleblower Edward Snowden revealed in 2013 that the NSA had secret wide-reaching authority to snoop on emails and internet communications using a data-mining programme called Prism.
European politicians reacted angrily to the news and called for stricter measures to ensure privacy.