European Parliament: stop NSA mass surveillance or no EU-USA trade deal

 After a six-month inquiry into US mass surveillance activities, MEPs said they could withhold their consent to the TTIP. First approval of the European reform for data protection – yet the next Parliament will have to work on that

From our correspondent in Strasbourg Letizia Pascale

 In the EU, the protection of citizens’ personal data is a priority – more than the EU-USA trade deal that could give Europe 120bn euro a year. This is the position expressed by MEPs during the Plenary Session in which they passed a resolution wrapping up the six-month inquiry into US mass surveillance schemes. According to the text, backed by a large majority (544 votes to 78, with 60 abstentions), the Parliament should withhold its consent to the TTIP as far as European citizens’ rights are not fully respected. The deal, reads the resolution, “could be endangered as long as blanket mass surveillance activities and the interception of communications in EU institutions and diplomatic representations are not fully stopped.” In any case, according to MEPs, personal data protection could be written off the negotiations.

The Parliament has also called for the “immediate suspension” of the Safe Harbour privacy principles, that is, accessing and transferring EU citizens’ data for trade purposes by non-EU companies to the US. These principles “do not provide adequate protection for EU citizens,” added MEPs, urging the US to propose new personal data transfer rules that meet EU requirements. Furthermore, the Terrorist Finance Tracking Programme deal should also be suspended, until allegations that US authorities have access to EU citizens’ bank data outside the agreement are fully clarified.

“The Snowden revelations gave us a chance to react,” said Rapporteur Claude Moraes (S&D), “I hope we will turn those reactions into something positive and lasting into the next mandate of this Parliament, a data protection bill of rights that we can all be proud of.”

In addition to this, MEPs approved two draft laws concerning more efficient regulations for protecting EU citizens’ data, a so called ‘data protection package’ to update the current regulation in force, dating back to 19 years ago – while threats and challenges brought about by new technologies have increased exponentially.

For a better protection of EU citizens’ data from surveillance schemes, MEPs amended the regulation on businesses’ involvement (for example, social networks or search engines), which under the new legislation would be required to seek the prior authorisation of a national data protection authority in the EU before disclosing any EU citizen’s personal data to a third country. The firm would also have to inform the person concerned of the request.

Breaking the rules would be extremely expensive: MEPs called for fines of up to €100 million, or up to 5% of their annual worldwide turnover (whichever is greater would be applied). Quite a stronger fine than the one proposed by the European Commission, calling for of up to €1 million or 2% of worldwide annual turnover.

New norms would also better protect data on the Internet. The new safeguarding rules would include a right to have personal data erased, new limits to “profiling” (that is, attempts to analyse or predict a person’s performance at work, his/her economic situation), as well as a requirement to use clear and plain language to explain privacy policies. Any internet service provider wishing to process personal data would first have to obtain the freely given, well-informed and explicit consent of the person concerned.

This is just a first reading, though. So far, notwithstanding the negotiations started two years and a half ago, the Council was unable to find a common position; hence, no result would be obtained within the end of this Parliament term. Thus, the European Parliament voted on its first reading of the draft legislation, in order to consolidate the work done so far and hand it over to the next Parliament. Consequently, in May, new MEPs will be able to decide whether to start from scratch or to build on work done during the current term instead. “

“I have a clear message to the Council: any further postponement would be irresponsible. The citizens of Europe expect us to deliver a strong EU wide data protection regulation. If there are some member states which do not want to deliver after two years of negotiations, the majority should go ahead without them”, asked Jan Philipp Albrecht (Greens), Rapporteur explained for the general data protection regulation (approved by 371 votes to 276, with 30 abstentions). “Allow me to express my dissatisfaction and frustration about the fact that it is the Council, or at least some member states, which are preventing us from achieving the goal that we had set, namely to have the data protection reform package passed by the end of this Parliament’s mandate”, added MEP Dimitrios Droutsas (S&D).