EU will ramp up data protection in wake of Snowden

The leaking of information about the spying operation to collect sensitive data caused a furor in Europe to the extent that some European politicians even called for the European Union to suspend all talks on the trade agreement with the United States. The calls emanating from Europe in the immediate aftermath of the news, including from the European Parliament – the EU’s lawmaking body – failed, in fact, to freeze the negotiations.

While some of the rhetoric about halting the entire talks was an emotional reaction, the true intent was to build up pressure and send a message to the U.S. counterparts that the EU will not be willing to negotiate, and will not give in on data protection during the ongoing trade talks.

Key to the above approach is the strengthening of the European legislation on data protection, which has also the backing of the EU’s largest Member State, Germany, that has one the highest level of data protection in Europe.

ADVERTISEMENT
The spy scandal has accelerated progress on reform of the EU data protection legislation. And there is renewed focus and determination to bring to an end the uncontrolled and unsupervised exploitation of data.

More concretely, the regulation and its adjoining directive would create a single uniform EU-wide law to avoid differences among Member States, and close all the existing loopholes. The new rules foresee a legal framework on transfer of data to third countries, including the United States.

As a result, U.S. companies based in Europe will face more regulatory obstacles, as they will have to explain to what extent they share the personal data of EU citizens with the U.S. authorities. If they fail to play by the rules, they will face hefty fines. The data package will be completed before the European Parliament elections in May 2014.

There are differences between the EU and the US policy and stance on data privacy not just in form, but also substance. As past negotiations on transatlantic agreements on sharing of passenger and financial data have demonstrated the divides are significant.

U.S. legal developments after the September 11 terrorist attacks gave U.S. intelligence agencies new powers of data surveillance, which have widened further the gap with the EU regime in particular, and perspectives in Europe more generally. With the EU now set on updating the privacy law to strengthen the privacy legal framework, the gap in data protection regimes between the two blocks is set to increase even further. This would certainly make it harder to find balance and reach convergence in the recently launched trade talks.

Data protection was always tipped to be one of the controversial topics right from the outset of the ongoing discussion on the EU-U.S. negotiations on a trade deal. The spy scandal has brought data protection in the spotlight. It has also increased pressure on the EU to not negotiate on its strict level of data protection, and to impose its position on the United States.

Through a review of the pre-existing data transfer agreements, legal obligations deriving form the reformed data protection framework, which is expected to include procedures for data requests, as well as the trade negotiations between Washington and Brussels, the Union will seek desperately to impose its standards on the U.S. administration.

Finding a comprehensive agreement with the United States on mutual recognition of data privacy based on EU style data protection laws would be an uphill struggle. It will likely lead to a clash that could potentially put a hold the EU-U.S. trade negotiations. 

Geiger is managing partner of Alber & Geiger, a leading EU government relations law firm in Brussels.