The United States Mission to the European Union has responded to the opinion by the Court of Justice of the European Union's Advocate General Yves Bot that the current Safe Harbour scheme may be illegal because of NSA spying. It claims that the US "does not and has not engaged in indiscriminate surveillance of anyone, including ordinary European citizens." As reported by Ars last week, the ability of companies to transfer the personal data of EU citizens to the US is under threat because Bot believes that the Safe Harbour's privacy safeguards are inadequate. In particular, Bot was concerned about what he called the the "mass, indiscriminate surveillance" of EU citizens under the PRISM programme, which is believed to give the NSA direct access to all personal data held by Facebook and other US companies in their databases.
In a statement issued yesteday, The United States Mission to the European Union—effectively, the US embassy to the EU—desperately tries to refute the Advocate General's logic. That's because US companies will be unable to rely on the Safe Harbour framework, and their data transfers across the Atlantic will be illegal under EU law, if the Court of Justice of the European Union (CJEU) follows his arguments, as usually happens. The US Mission writes: "The Advocate General's opinion notes that it was required to accept the facts as found by the Irish High Court. There was, however, no actual fact-finding in this case; instead, the Irish High Court concluded, on the basis of exhibits to plaintiff's affidavits that the accuracy of his allegations regarding U.S. intelligence practices 'is not in dispute.' But that is simply not the case."
The US Mission to the EU bravely attempts to argue that "the PRISM program that the Advocate General's opinion discusses is in fact targeted against particular valid foreign intelligence targets, is duly authorized by law, and strictly complies with a number of publicly disclosed controls and limitations." Of course, being "targeted against particular valid foreign intelligence targets" is pretty worthless given that all foreigners are considered fair game by the NSA, and have no legal protections against surveillance in US law. When Snowden's leaks about PRISM appeared in The Guardian, James R. Clapper, Director of National Intelligence, emphasised this point in his official response. He wrote: PRISM "cannot be used to intentionally target any U.S. citizen, any other U.S. person, or anyone located within the United States;" by contrast, "information collected under this program is among the most important and valuable foreign intelligence information we collect."
As the Irish High Court noted: "the revelations made by Edward Snowden demonstrated a significant over-reach on the part of the NSA and other similar agencies." In addition, it said, "apart from the fact that decisions relating to access to personal data are taken on the basis of United States law, citizens of the Union have no effective right to be heard on the question of the surveillance and interception of their data." So the US Mission's attempt to portray the NSA's activities as just little bit of spying on a few foreign intelligence targets, with strict oversight to prevent any possible privacy problems, looks rather implausible, to say the least.
Trying to claim that the NSA didn't really carry out mass surveillance on EU citizens, despite overwhelming evidence to the contrary, is just one line of attack on the Advocate General's opinion. Another is in some ways even more disturbing. The US Mission's statement says: "the underlying issue here also goes far beyond the Safe Harbor Framework. The Advocate General's reasoning would undercut the ability of other countries, businesses and citizens to rely upon negotiated arrangements with the European Commission."
What the US seems to be complaining about here is the fact that, in the Advocate General's opinion, the European Commission could not simply decide unilaterally that the Safe Harbour scheme was perfectly fine, but that courts like the one in Ireland still had the right and duty to consider whether that was actually the case, on the basis of the law and the facts. In other words, the US Mission was unhappy that the courts in Europe are daring to overrule the politicians when the latter make a decision that is incorrect from a legal point of view.
It's interesting that the US Mission is making the argument that once the European Commission has signed off on an international agreement, the courts shouldn't be able to overturn it, for whatever reason. It doubtless derives in part from US nervousness that key aspects of the Transatlantic Trade and Investment Partnership (TTIP) negotiations could be thrown out by EU courts if they clash with EU law, for example the regulatory sections, or the chapter dealing with investor-state dispute settlement (ISDS). However, it seems unlikely that the CJEU will agree with this view, or indeed, with the US Mission's arguments in general.
The US Mission probably knows this, which raises the question of why it bothered putting together this rather feeble defence. It smacks of a desperate, last-ditch effort by the US to save a framework that essentially allows its companies to ignore EU privacy laws with impunity.
According to a 2013 European Commission document, ten percent of the companies claiming to be covered by the scheme weren't, in fact, registered with it; and on the rare occasions when the US Federal Trade Commission takes enforcement action against offenders, it essentially amounts to telling the companies not to do it again. It's clearly time for a new Safe Harbour agreement that provides real protection for personal data of EU citizens. The final judgment of the CJEU on this case—now expected as early as next Tuesday—may well provide the perfect stimulus to do that.
Listing image by EFF
reader comments
77