Speech: Protecting EU citizens' data from mass surveillance
European Commission - SPEECH/14/209 11/03/2014
Other available languages: none
[Check Against Delivery]
Vice-President of the European Commission, EU Justice Commissioner
Protecting EU citizens' data from mass surveillance
European Parliament debate on the U.S. NSA surveillance programme, surveillance bodies and their impact on EU on EU citizens' fundamental rights and on transatlantic cooperation in Justice and Home Affairs
Strasbourg, 11 March 2014
Let me begin by thanking the rapporteur Claude Moraes for his dedication and excellent work on the report before us today. I would also like to thank his colleagues, shadow rapporteurs and co-authors. The European Parliament and the LIBE Committee in particular should be congratulated for carrying out an informed inquiry and for issuing such a comprehensive report in a very short time-frame.
The issues raised in the Report are crucial. They hinge around the adverse impact that large scale government surveillance has on the privacy and data protection rights of our citizens. The debate over the past months on these fundamental rights has been remarkable and wide not only here in Europe but globally.
Last July I first stood here in this chamber to discuss with you the possible EU response to the U.S. surveillance allegations that had only just surfaced. Allegations that had shaken our trust in governments, in companies and the digital economy, and trust amongst allies and the transatlantic relationship. Things have moved quite fast since then and Europe's response has been firm.
And in January, on the occasion of Data Protection Day, I made the case that the appropriate solution for restoring trust – in the transatlantic relations and in the way companies and governments handle citizens' data – is a Data protection Compact for Europe (SPEECH/14/62).
I have already shared with you the details of the Commission's proposed actions outlined in two Communications adopted last November where we identified the main steps that will help us to allay these concerns.
But I believe they are worth repeating as they have a strong bearing on the action plan – the European Digital Habeas Corpus - and the recommendations you are proposing in the Report you are voting on today. Indeed, the Commission is already actively pursuing many of the avenues that you are proposing in your action plan. Let me again highlight the main features and update you on the issues.
The EU data protection reform provides a key response to protect personal data, including in situations when data is transferred abroad. We have just debated this subject.
On Safe Harbour, as you know, the European Commission has already conducted a thorough analysis of its functioning and concluded that Safe Harbour is not so safe. So we put forward 13 points how to improve it – by summer.
Our discussions with our U.S. counterparts on each of our 13 recommendations have begun. The U.S. is listening carefully to our concerns and is making constructive efforts to reduce the loopholes we have identified in our assessment. We believe that progress can be made within the timeframe set out in our Communication, so summer 2014.
But let me be clear: we stand firm in our position that all the recommendations must be addressed including the one on national security before we can grant the Safe Harbour a clean bill of health. In this context the access to Safe Harbour data on grounds of national security is the key issue. The U.S. must provide the EU with convincing assurances that the exemption contained in the Safe Harbour decision remains an exemption and does not become the rule. It is now time to implement the announcements of President Obama regarding extending protections to Europeans.
On the data protection Umbrella Agreement: the Commission has not faltered in its negotiations with the U-S.. Our last round of negotiations took place at the end of February. The next one will be held in the coming weeks and we are available to debrief the LIBE committee on the state of play.
This agreement will be an important avenue of cooperation in the law enforcement sector. We are determined to achieve a successful outcome that guarantees a high level of protection for citizens who should benefit from the same enforceable rights on both sides of the Atlantic.
The U.S. also recognises its importance. At the last EU-U.S. JHA ministerial in Washington in November, the EU and U.S. reaffirmed their mutual commitment to step up the pace. Attorney General Holder reiterated his commitment to resolve the outstanding issues, including judicial redress. The political momentum is there and we aim for a swift conclusion by the summer. I believe this is achievable.
In this context, I was encouraged by the constructive signals given in President Obama’s speech in January. Of course it will take more than words to rebuild trust. I hope that words will turn into action. The EU-U.S. Summit will be an opportunity to gauge whether the U.S. is ready to do what it takes to conclude the negotiations on the Umbrella Agreement.
We will also ask for binding commitments from the U.S. to use formal channels of cooperation, such as the Mutual Legal Assistance agreements or other sectoral agreements for accessing data held by private companies located in the EU.
Your report emphasises the need to develop an independent and secure European IT framework and for the EU to take a leadership role in internet governance. The Commission shares the goal of developing a robust framework, one that not only protects and enhances privacy and data protection, but also one that is secure and immune from criminal cyber-attacks (and also invasive surveillance).
This is all the more important given that personal data today fuels our technology-driven economy and the global markets.
Today, Europe is investing in security research with €500 million spread until 2020. Security should be a pre-condition in developing digital products, devices and business models along the whole digital value chain. Industry, research, governments should work closely together towards this goal.
The Commission proposals for a network and information security directive and the associated public-private platform that has been established are already significant steps in that direction. The measures included in the directive will not only help to diminish the threat of cyber-attacks but will make large scale surveillance and various form of spying considerably more difficult.
The Commission fully supports the need to speed up the work of the European Cloud Partnership. In fact, the recommendations produced by the Steering Board of the European Cloud Partnership will be delivered very soon. Their vision for a 'Trusted Cloud Europe' will provide important additional elements for future policy-related activities in the field of cloud computing.
The Commission also recently adopted a Communication on Internet Policy and governance. It considers that the Internet should remain a single, open, free, unfragmented network of networks, subject to the same laws and norms that apply in other areas of our day-to-day lives. Its governance should be based on an inclusive, transparent and accountable model of governance.
Let me congratulate again this Parliament on bringing this issue into an open public debate and I am looking forward to working together on this subject.