Reding threatens to Suspend Safe Harbor Agreement

The gist of her speech is that public trust in the internet has been rocked, and that Europe needs to get serious in order to rebuild that trust. She refused to separate government and corporate surveillance: "From a citizen's perspective, the underlying issue is the same in both cases. Data should not be kept simply because storage is cheap. Data should not be processed simply because algorithms are refined. Safeguards should apply and citizens should have rights."

But, she admitted, Snowden's revelations about NSA and GCHQ mass surveillance have added a new dimension. "In my dialogues with citizens across the Union, the sense of shock was palpable. We have learned that the times of mass surveillance are not relegated to the past," she added in an oblique reference to Europe's Nazi and Stasi history.

In order to rebuild public trust, she outlines three necessary steps: regulation over both government and corporate processing of personal data; action rather than just words over data protection reform; and the evolution of a Data Protection Compact (for which she gives eight initial principles).

Her dismay at the faltering steps of the General Data Protection Regulation is palpable. In a comment almost entirely but unspokenly directed at the UK, she says, "There has been a lot of hypocrisy in the debate. There were those who called for a high level of data protection in Europe, while simultaneously arguing that the Regulation should be replaced by a Directive. A Directive would mean the status quo. It would mean 28 Member States doing what they want. It would mean data protection on paper but not in practice."

She is uncompromising over the EU/US safe harbor agreement. "Let me put it simply," she said: "we kicked the tyres and saw that repairs are needed. For Safe Harbour to be fully roadworthy the U.S. will have to service it. This summer, we will see how well those repairs were carried out. Safe Harbour has to be strengthened or it will be suspended."

To president Obama she says that people, not just Americans, must have privacy rights; and his current reforms are a window of opportunity to address this. "Europe should be very proud of the fact that it treats data protection as a fundamental right – a fundamental right on which every human-being can rely."

On GCHQ's Tempora surveillance program, she says, "I see with some satisfaction that the legality of Tempora and its compliance with the fundamental right to privacy is currently being analyzed by the European Court of Human Rights... But let me be clear. If I come across a single email, a single piece of evidence that the Tempora programme is not used purely for national security purposes, I will launch infringement proceedings. The mass collection of personal data is unacceptable." 

National security is the sixth of her eight principles for a Data Protection Compact. It should be invoked sparingly. "It should be the exception, rather than the rule," she says. "The need to protect national security can justify special rules. But not everything that relates to foreign relations is a matter of national security. I believe that it is dangerous to invoke national security where it is not really at stake. It undermines the legitimacy of laws that are vital for our security."

Nor does she hesitate to criticize Europe. She wants to 'correct' the situation in Germany, where the minister of the interior can take disciplinary action against the data protection commissioner. "Is effective supervision really possible under these circumstances?" she asks. And the current Data Retention Directive also needs an overhaul: "The data is kept for too long, it is too easily accessed and the risk of abuse is too great," she says. "The European Data Retention law needs a health check. The EU Charter of Fundamental Rights is the medicine."

She concludes that the principles outlined in her speech will benefit the people, the digital economy, and national security itself. "Alongside the European Parliament and the majority of governments in Europe," she declares, "I will continue fighting for this. Because our citizens deserve nothing less."

What’s hot on Infosecurity Magazine?