BRUSSELS – On September 8, after four years of painstaking negotiations, representatives of the United States and the European Union initialed a transatlantic agreement to strengthen data protection. The so-called Umbrella Agreement puts in place safeguards regarding data transfers for the purpose of law enforcement and addresses long-standing European concerns about the right to privacy. In particular, it establishes the right of European citizens to access their data and request that inaccuracies be corrected. It also sets clear limits on how long data can be held and what can be done with it.
The agreement – which must be ratified by the European Parliament before it goes into effect – should be cause for celebration; but the US immediately provided reason to doubt its commitment. On September 9, in the so-called Microsoft case, just one day after the agreement was reached, the US Department of Justice argued in federal court that US authorities should be granted direct access to data held by private companies abroad, including in Europe. However the court ultimately rules, the move is a dangerous breach of trust. Indeed, it is a public demonstration of American officials’ willingness to bypass existing avenues for cooperation between Europe and the US.
Such actions undermine the slow renovation of transatlantic trust since Edward Snowden’s revelations concerning the extent of American surveillance of European governments and citizens alike. If the US government is to gain the EU’s confidence and cooperation, it will have to accept the fact that national security and data privacy are not mutually exclusive. Continued refusal to proceed according to agreed legal channels will seal the Umbrella Agreement’s fate before it is ratified.
Two-thirds of EU citizens are worried about the treatment of their data. Nine out of ten want their personal information to be protected, regardless of where the server that holds it is located. As long as the US government continues to seek illicit access to European data, instead of fully implementing its commitments, it will be difficult for the European Parliament to consent to the Umbrella Agreement. And if existing rules, treaties, and standards are treated as if they were worthless, EU citizens’ rights become an empty shell.
The blowback from the refusal to acknowledge the rights of citizens could be dramatic, undermining national security, bilateral trade, the transatlantic strategic partnership, and the nature of the Internet itself. Digital borders and obstacles to data flows might be erected to meet demands for privacy at a moment when the world needs data to flow freely. Otherwise, terrorism is more difficult to combat and the digital revolution risks reversal.
Fortunately, solutions that satisfy the need for national security and demands for privacy are not out of reach. What makes the US Justice Departments attempts to bypass existing agreements so egregious is that EU member states are ready to cooperate swiftly with the US in the fight against crime when requests are made properly. The constitutional traditions on the two sides of the Atlantic may be different, but they are certainly not irreconcilable as shown by the umbrella agreement.
A proper balance must be struck. Data protection should not stand in the way of legitimate law enforcement. Nor should national security be used as a blanket excuse for public authorities’ interference with personal freedoms. Finding mechanisms that guarantee both the rights of individuals and the public interest is crucial to establishing the trust on which the digital economy depends.
Far from undermining counterterrorism efforts, rules that clearly delineate the roles of governments and the rights of citizens help ensure the smooth sharing of information among state agencies. We must use opportunities like the Umbrella Agreement to reaffirm the importance of cross-border data flows, establish clear mechanisms for transatlantic cooperation, and set appropriate safeguards and legal channels to ensure that the privacy of European citizens is respected.
A clearly defined and mutually agreed framework will guarantee swift action to meet security threats when necessary – and only when necessary. That is why building transatlantic trust and cooperation is so important, and why America’s refusal to turn words into legal guarantees is likely to be self-defeating.