On December 2nd and 5th, the European Parliament held two hearings on their ongoing investigation of mass electronic surveillance of European citizens in Brussels.
In the 12th and 13th hearings held by the committee for civil liberties (LIBE), Members of the European Parliament (MEPs) presented their first conclusions and working documents after having conducted eleven inquiry meetings on the mass-surveillance programmes. The LIBE committee will then use theses conclusions and documents as basis to put forward recommendations aimed at preventing further violations of fundamental rights, and ensuring credible, high-level protection of EU citizens’ personal data via adequate means, in particular the adoption of a fully-fledged data protection package.
Impact of mass-surveillance on EU-US agreements
At the 12th hearing, the first working document entitled “US Surveillance activities with respect to EU data and its possible legal implications on the existing transatlantic agreements and cooperation” was presented.
The aim of the paper was to analyse the existing transatlantic framework for personal data transfers and possible suspension consequences of transatlantic agreements such as Safe Harbour, Terrorist Finance Tracking Program (TFTP) and EU-US Passenger Name Record Agreement.
Regarding the Safe Harbour Agreement – on the storage of consumer data, following the recommendations adopted on November 27 by the European Commission to improve this agreement, the European Parliament also acknowledge that Safe Harbour “is not safe anymore” and should be suspended. Such suspension might have negative consequences in the short term but the Members of the European Parliament (MEPS) are convinced that in the long term a new agreement, based on a different approach from the existing one, would be necessary in order to offer better protection for EU citizens.
In relation to the TFTP – an EU-US Agreement on the exchange of financial information ensures protection of EU citizens’ privacy and gives the U.S. and EU law enforcement authorities a powerful tool in the fight against terrorism, there is no broad consensus from the LIBE committee members. Indeed, the shadow rapporteur for this working document, the German right-wing MEP Axel Voss, is not in favour of a suspension of such agreement since it would not be in the interest of EU citizens and their security. Indeed, the European Commission’s investigation lead by Commissioner Cecilia Malmström have found no evidence of breach of the agreement from the US which could justify such suspension. However, several MEPs pointed out the fact that this agreement was proven to be very inefficient since it did not succeed to intercept any terrorist and that the European Commission’s investigation was not done properly. They than called for its suspension since it would not endangered EU or US citizens.
The EU-US PNR Agreement was the last transatlantic agreement examined under this working document. Once again, the conclusions of the shadow rapporteur seem to be in disagreement with a large number of the LIBE committee members since he believes that this agreement must be kept when other MEPS called for its suspension as the PNR database is more than likely used for more purposes than combatting terrorism.
Conclusions on the impact of mass-surveillance
At the 13th hearing, a second discussion on the IT security of the EU (see sum up of the first discussion here) was followed by the presentation of four working documents on the mass-surveillance programmes.
During the first part of the hearing, it was clearly demonstrated that the EU lacks adequate security measures for its IT systems. Florian Walther, an independent IT-security consultant, strongly advised the EU to increase its budget in IT security and to develop its own protection tools since it will be the only way to be efficiently protected against cyber attacks. Finally, several MEPs were surprised to hear that EUROPOL – the European Union’s law enforcement agency that handles criminal intelligence – was not investigating the alleged attack against the EU institutions’ IT systems. The EUROPOL representative present at the hearing explained that this matter is not a competence of the EU and thus it could only act if a member state will have asked for help in its own investigation, which at that date, has not happened or he does not know about it. This explanation is indeed weak when we know that EUROPOL’s mission is to fight against organised crime in the EU and these alleged data breaches are a clear infringement of EU law.
After this discussion, the working document on the “US and EU Members States surveillance practices and their impact on EU citizens’ rights” was presented. This document delivers a comprehensive overview of some the mass surveillance programmes both in EU and US. It has been found that these programmes are against Article 17 of the International Covenant on Civil and Political Rights (ICCPR) and the ECHR and that a stronger oversight mechanism is needed to ensure that such programmes will not happen again. The also document includes an important recommendation for the protection of whistleblower and calls the European Commission to adopt a set of rules on whistleblowing in order to have a more comprehensive approach on the EU level.
The second working document presented is entitled “Foreign Policy Aspects of the Inquiry on Electronic Mass Surveillance of EU Citizens” and focuses on the loss of trust between EU and the US following the disclosure on mass-surveillance. To produce this working document, a delegation of the European Parliament went to Washington and met with members of the Congress, the NSA and the Administration. An important debate on judicial redress took place since the EU wants their citizens to have this right recognised in the US. The Congress and the representatives of the White House seemed to understand the issue and were ready to negotiate but eventually an agreement wasn’t possible since some parties fear that by opening the door to judicial redress for EU citizens in the US, others countries might then claim the same right.
The third working document presented focussed on the “Democratic oversight of Member State intelligence services and of EU intelligence bodies”. Oversight was found to be too weak at National level and needs to be strengthened. In order to reach harmonisation between member states and simplify cross-border intelligence services within the EU, the document recommends the adoption of identical standards in the EU. A proposal for oversight on the EU intelligence service, IntCen – which officially does not exist – was made, together with a call for more transparency.
The fourth working document introduced at this hearing deals with the “Relation between the surveillance practices in the EU and the US and the EU data protection provisions”. This document highlights the need for clear data protection in order to prevent circumvention and the obligation for EU member states to comply with EU primary and secondary law protection citizen’s right to privacy and data ensuring data protection.
Once all working documents will have been presented, LIBE members will then tabled amendments to modify these conclusions prior to the adoption of the final recommendations in January.
Coming next
The 14th hearing of the LIBE inquiry took place on December 9th where a new working document was presented shortly after a debate on the need to rebuild trust on the EU-US data flows. A stream is already available online here.
Next hearings will take place on December 17th and 18th and will include the presentation of draft report gathering the recommendations of the LIBE committee aiming to ensure better protection of citizens’ rights.
The last hearings will be hold in January and will include an exclusive recorded testimony from Edward Snowden answering MEPS questions.
We’ve been cataloguing each hearing in a special series, so stay tuned for updates on the developments of these historical investigations.