Protecting Europe’s Privacy

Here we go again: Another violation of the basic right to privacy. Another public outcry. Another blow to citizens’ trust in the security of their personal data. Yet more evidence that something fundamental has to change if we want to stop citizens from worrying about somebody watching every time they visit a Web site or write an e-mail.

The Prism scheme allows the national security agencies of the United States to access E.U. citizens’ personal data. While the scale of the program is not yet entirely clear, Europeans are being put at a severe disadvantage compared with U.S. citizens. Through Prism, American national security authorities are able to survey E.U. citizens in a way that would likely be unconstitutional if applied to U.S. nationals. What is more, E.U. citizens are not even given a chance to use American courts to attain any kind of remedy or recourse.

This is a wake-up call for all those who have been blocking the European Commission’s reform of Europe’s data protection rules — ignoring just how much consumers worry about attacks on their right to privacy. The vast majority of citizens have long suspected that their data held by companies could be used — or abused — without them knowing about it.

This lack of trust is highly damaging to citizens’ faith in the rule of law. It is also damaging to economic growth, as vast swaths of our economy depend on citizens entrusting business with their data. Those who ignore people’s concerns are putting a lot more at stake than they probably realize.

The European Commission has answered such concerns. Europe is one of the few places in the world that already has strong data protection rules, dating from 1995. And we have proposed to reform the E.U.’s data protection rules to make them even stronger — and to set clear rules for the flow of data beyond Europe. The reform, adopted by the commission in January 2012, still needs to be adopted by member states sitting on the council and by the European Parliament to become law. Only if we enact this reform will citizens regain their trust in the way their personal data is handled.

People must be given greater control over their data, with a reinforced right to be forgotten and a right to data portability. People need to know that staying silent is not the same as giving consent to have your data processed. And they need a guarantee that when their privacy has been violated, they are not the last ones to find out about it, via leaks in the media.

The Prism scandal caused a storm in Europe because it hit a raw nerve. Europeans care about their privacy. They want rules that can help prevent violations of their rights by companies or law enforcement agencies from Europe and beyond.

The tools to enable us to deal with this kind of scenario are contained in the European Commission’s proposal. It’s time that governments as well as members of the European Parliament show their commitment to protecting citizens’ data. It’s time they start working with the commission in a sober, constructive way to make sure the proposals are adopted swiftly.

The E.U.’s draft law contains four key building blocks for a system of strong data protection.

The first one is a clear provision on the territory where the rules apply. It has to be made certain that companies from outside Europe abide by E.U. data protection laws when they offer and sell products and services to consumers in the Union. If you want to play in our backyard, you have to play by our rules.

Secondly, we need a broad definition of personal data. This should include not just the content of e-mails and phone calls, for example, but related traffic data as well, such as information on where something was sent from or how long somebody spent talking on the phone.

Thirdly, we must not limit the rules to those companies that collect citizens’ data. Rather, we have to include processors of those data as well — such as cloud providers — because, as the Prism scandal shows, they also present an avenue for those who want to access data. The E.U. needs specific rules on the obligations and liability of those processors.

And finally we must have safeguards against the unfettered international transfer of data. The rules must ensure that E.U. citizens’ data are transferred to non-European law enforcement authorities only in situations that are well defined, exceptional and subject to judicial review.

The Prism scandal has sparked a debate about civil liberties in general and privacy in particular. Politicians in Europe and beyond should show that they have listened. Trust is something that is earned, not given. The E.U.’s data protection reform is the right tool to earn citizens’ trust. It is within our reach. It is time to act.

Viviane Reding is vice president of the European Commission and the E.U. justice commissioner.

Deja un comentario

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *