BRUSSELS : European Union lawmakers want to forbid the United States from accessing European citizens’ data without the approval of a judge or equivalent authority, a response to the revelations about the Prism spy program.
Lawmakers from the European People’s Party (EPP), the biggest group in the European Parliament, on Wednesday backed a proposal that would force U.S. officials to use an existing international agreement to gain access to citizens’ data.
That agreement, known as the Mutual Legal Assistance Treaty (MLAT), asks that a judge – or equivalent “competent authority” – approve any transfer of data outside the EU.
The European Commission pushed for such a stipulation during negotiations over data privacy in 2011, but backed down after lobbying by the United States, which was worried it would slow access to data needed to combat terrorism threats.
The EPP’s backing for the change – which would force all non-EU countries to go through a judge or equivalent authority in the relevant EU country – increases the likelihood that it will become law, although it would still require approval from EU member states as well as majority backing in parliament.
“It prevents third countries from accessing our data at will or at random – an important protection for citizens in light of the recent PRISM ‘net-tapping’ revelations,” Sean Kelly, an Irish member of the EPP, said of the proposal.
U.S. officials have confirmed the existence of PRISM, a program to collect data from Google, Facebook, Skype and other U.S. companies, after a whistleblower leaked documents to the Guardian and Washington Post revealing the operation.
Viviane Reding, the European commissioner for justice, has expressed her frustration about PRISM, writing to U.S. Attorney General Eric Holder last week to demand an explanation for its activities in Europe.
She also wants the United States to make any requests for data via MLAT, which was signed by the European Commission and the United States in 2003 and came into force in 2010.
A Commission official said checks by a national authority can be done within 24 hours of a request being made, dismissing any concerns the United States may have about the treaty slowing down access to critical data.
While there has been widespread outrage in Europe at the revelations surrounding PRISM – President Barack Obama faced demands for further explanation during talks with German Chancellor Angela Merkel on Wednesday [ID:nL5N0EV0AC] – there is no evidence U.S. authorities broke the law.
Since Google, Facebook, Apple and the other companies taking part in the program all operate under U.S. law and the U.S. Foreign Intelligence Surveillance Court permits the monitoring, European authorities have limited scope to act.
“No European law can credibly deter the U.S. from coercing Cloud companies to cooperate with secret mass-surveillance if there is no risk of detection,” said Caspar Bowden, a privacy campaigner who previously advised Microsoft on data privacy.
“What is really needed is U.S. political recognition of European human rights in a full-binding Treaty.”
The EPP’s push to amend the law to ensure that MLAT is used is the start of a process that could take several months. Parliament’s civil liberties committee is expected to hold a first vote on the proposal in September or October.
But even if parliament does approve the changes, it is far from certain EU member states will give them their backing.
(Reporting By Claire Davenport; editing by Luke Baker)