Related Links

Related Stories

  • The effect of PRISM on Europe's General Data Protection Regulation
    PRISM is the US surveillance program that allows the NSA to gain access to the accounts of major US cloud services providers, including the accounts of non-US citizens. The GDPR is the proposed data protection law for the EU. The two are, on the surface, incompatible.
  • Worldwide reaction to NSA/PRISM surveillance – an overview
    When the NSA's surveillance program was first revealed by Edward Snowden last week, initial reaction was that it was a US issue. But with the realization that the greater part of the world's internet traffic is at some point routed via the US, the worldwide ramifications are becoming better understood and questioned.
  • Operation PRISM: NSA and FBI monitoring activity at Facebook, Apple, Google, and other tech firms
    It’s a potential publicity bomb that has yet to explode, apparently, but the Washington Post and the Guardian are reporting that both the US and the UK governments have been engaged in ongoing data collection of private information from web services, with the support of top tech companies, in an foreign intelligence effort code-named Operation PRISM.
  • EC’s proposed General Data Protection Regulation is struggling
    The GDPR was designed to bring tough new standardized data protection regulations across Europe; but intensive lobbying, and thousands of proposed amendments has left it struggling for survival.
  • ICO publishes confused and confusing report on GDPR
    The EC has proposed a standardized General Data Protection Regulation (GDPR) across Europe, claiming it will save business £billions. The UK says it will cost business £millions. The ICO commissioned London Economics to find out who is right.

Top 5 Stories


Further deliberations on the Data Protection Regulation may be held in secret

02 July 2013

Article 42, the 'anti-FISA' clause, was quietly abandoned earlier this year. The PRISM revelations have fueled calls for its re-instatement; but that would complicate EU-US trade negotiations. Secrecy may be the solution.

UK MEP Baroness Sarah Ludford currently ranks sixth in the LobbyPlag database of MEPs proposing amendments to the General Data Protection Regulation that will weaken rather than strengthen privacy in Europe (with 70 such proposals). On June 20, following the first Snowden revelations, she wrote, "EU law will not in itself prevent the application of FISA... Thus the EU must at last resolutely press the case to the Americans that it is unfair for their own citizens to be protected by American constitutional and data privacy protections that EU citizens are denied."

Privacy advocate Caspar Bowden doesn't want complaints of unfairness; he wants to see real changes in the law. Yesterday he published a riposte to Ludford, accusing her of 'serious misconceptions and gaps.' He talks about the "the unwavering resolution which will be necessary to win real changes in the law and policy of the US government, without which the general data protection regulation will do far more harm than good." Without mentioning it, Bowden is talking about article 42 of the GDPR.

However, Ludford would seem to have been instrumental in the EC quietly dropping article 42 from the GDPR proposals back in January. Article 42 was known within the EU as the 'anti-FISA' clause. It stated, "No judgment of a court or tribunal and no decision of an administrative authority of a third country requiring a controller or processor to disclose personal data shall be recognized or be enforceable in any manner..." In other words, it is an anti-PRISM clause before PRISM became public knowledge.

Ludford introduced three separate amendments to article 42 of the GDPR, all of which would have weakened its safeguards. But the Financial Times has revealed that "the safeguard was abandoned by commission officials in January 2012, despite the assertions of Viviane Reding, the EU’s top justice official, that the exemption would have stopped the kind of surveillance recently disclosed as part of the National Security Agency’s Prism programme." This followed intense US lobbying. "Janet Napolitano, the US secretary of homeland security, also personally lobbied Brussels officials, according to one EU official involved in deliberations."

Since the existence of PRISM has emerged, there are growing calls for article 42 to be reinstated. But it's complicated. Most EU commissioners oppose article 42 believing that it would be impossible to enforce and will only make EU-US trade negotiations more difficult.

Now Dr Monica Horten, a Visiting Fellow at the London School of Economics and Political Science has warned that the EU may be on the point of making further discussions on the GDPR secret. "The responsible committee," she writes in her IPtegrity blog, "may be planning to take a short cut route to getting it adopted – a short cut that consists of secret back-room negotiations." 

The 'short-cut' is to invoke the 'trilogue' route. "Trilogues," she explains, "are an option in the legislative process, and they may have a place for laws that are not controversial. But these trilogues are held in secret, behind closed doors, and the only people allowed in are the rapporteur and his shadows, the Commissioner, the Presidency, and selected advisers from each institution. The trilogue discussions are not made public."

The European difficulty in reconciling European data protection with the NSA's intelligence gathering operation – while keeping everyone happy – may now be completed in secret.

This article is featured in:
Cloud Computing  •  Internet and Network Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×