US data scandal deepens EU-US divide on privacy

data protection 3.jpg

Europeans have reacted angrily to revelations that US authorities had tapped the servers of internet companies for personal data, saying such activity confirmed their fears about American Web giants' reach and showed that tighter regulations were needed just as the EU and US are about to launch transatlantic trade talks.


The Washington Post and the Guardian newspapers on Friday (7 June) caused an international stir with reports that the National Security Agency (NSA) and the FBI had accessed the central servers of Google, Facebook and other big internet companies and gathered millions of phone users' data.

Europe has long yearned to contain the power of the United States titans that dominate the internet, and privacy-focused Germany was quick to condemn the companies' co-operation with the US security services.

"The US government must provide clarity regarding these monstrous allegations of total monitoring of various telecommunications and Internet services," said Peter Schaar, German data protection and freedom of information commissioner.

"Statements from the US government that the monitoring was not aimed at US citizens but only against persons outside the United States do not reassure me at all," he said.

The Washington Post said the secret programme involving the internet companies – code-named PRISM and established under President George W. Bush – had seen "exponential growth" during the past few years under Barack Obama.

Some of the companies named in the article have denied the government had "direct access" to their central servers.

On Friday, two of Silicon Valley's elite chief executives spoke out against the potentially damaging allegations, defending their companies' track records.

Google's Larry Page and Facebook's Mark Zuckerberg, in separate blog posts on their company blogs, strenuously objected to the reports and said they had never heard of a programme called PRISM before Thursday.

"Press reports that suggest that Google is providing open-ended access to our users' data are false, period", Page wrote in a post, entitled "What the…?", co-authored with the company's Chief Legal Officer David Drummond.

Zuckerberg denied that Facebook was part of any programme allowing the US government direct access to its servers and that it had never received a "blanket request or court order" from any government agency asking for information or "metadata" in bulk.


Nevertheless, the justice minister for the German state of Hesse, Joerg-Uwe Hahn, called for a boycott of the companies involved.

"I am amazed at the flippant way in which companies such as Google and Microsoft seem to treat their users' data," he told the Handelsblatt newspaper. "Anyone who doesn't want that to happen should switch providers."

The European Union has struggled to assert its citizens' right to internet privacy in the US for nearly a decade.

Transatlantic agreements on sharing the financial and travel data of European citizens have taken years to complete, and the EU is now trying to modernise an almost 20-year-old privacy law to strengthen Europeans' rights.

Fears about the security of data held on US servers have already delayed European adoption of "cloud computing" services, in which computing-intensive applications are done by independent service providers in large data stoarge farms accessed over the internet.

The US Patriot Act, made law after the 11 September 2001 terrorist attacks, gave US intelligence agencies significant new powers of data surveillance and have been a focal point of resistance.

"You hear more concerns in Europe than in the US about the Patriot Act in particular. PRISM just enhances those concerns," said Mark Watts, a partner in London law firm Bristows specialising in privacy and data compliance.

"The main players that are mentioned are much more on the consumer cloud end … but it may be that emotionally it adds to the concerns about US cloud providers," said Watts, whose clients include several large US internet firms.

The European Commission published in January 2012 a broad legislative package aimed at safeguarding personal data across the EU.

The package consists of two legislative proposals: a general regulation on data protection (directly applicable in all member states) and a specific directive (to be transposed into national laws) on data protection in the area of police and justice.

The two proposals have been discussed extensively in the European Parliament and the Council and are due to be voted on by the Parliament in the near future.

Meanwhile, EU trade ministers this week (14 June) are set to reach an accord on the mandate to start negotiating a transatlantic trade and investment partnership that is strongly backed by EU leaders and US President Barack Obama.

  • 14 June: EU trade ministers to reach an accord on the mandate to start negotiating a transatlantic trade and investment partnership (TTIP)

Subscribe to our newsletters