The European Parliament should consent to a trade deal with the US only if it makes no reference to data protection, says its Civil Liberties Committee in the preliminary conclusions of its inquiry into surveillance of EU citizens by the NSA and EU member states, tabled by lead MEP Claude Moraes (S&D, UK) on Wednesday. The draft text also calls for the swift creation of an EU data storage “cloud” and judicial redress for EU citizens to protect their data in the US.
Mr Moraes’ draft conclusions acknowledge the importance of the Transatlantic Trade and Investment Partnership (TTIP) agreement for economic growth and jobs in both the EU and the US. But European Parliament should consent to the deal only if contains no references to data protection provisions, the draft text adds. “We need to ensure that strong data privacy protections are achieved separately from the TTIP”, Mr Moraes told MEPs involved in the Civil Liberties Committee inquiry.
Clear political signals that the US understands the difference between allies and adversaries are also needed, says the draft document, which urges the US authorities to draw up a code of conduct to guarantee that no espionage is pursued against EU institutions and facilities.
Suspend Safe Harbour and TFTP agreements
The European Commission should suspend the “Safe Harbour” principles (data protection standards that US companies should meet when transferring EU citizens’ data to the US) and re-negotiate new, appropriate data protection standards, the draft says.
The EU’s executive arm is also urged to suspend the Terrorist Finance Tracking Programme (TFTP) deal with the US until a “thorough investigation” is carried out to restore trust in the agreement. The draft also underlines that the consultations recently concluded by the Commission were based solely on US assurances.
Let’s go for an EU cloud
The draft also calls for the swift development of an EU data storage cloud to protect EU citizens’ data. Any of this data stored in US companies’ clouds can potentially be accessed by the NSA, it notes. An EU cloud would ensure that companies apply the high standards of EU data protection rules and there is also a potential economic advantage for EU businesses in this field, it adds.
Judicial redress for EU citizens
The draft welcomes the Commission’s wish to have the EU-US data protection framework agreement (the so-called “umbrella agreement”) approved by spring 2014, in order to guarantee judicial redress for EU citizens when their personal data is transferred to the US. At present EU citizens do not enjoy full and reciprocal judicial redress rights, because access to US courts is guaranteed only to US citizens or permanent residents. Completing these negotiations would restore trust in transatlantic data transfers, says Mr Moraes.
Reforming data protection rules and protecting whistleblowers
EU member states should start working immediately to achieve a Parliament/Council of Ministers agreement on the data protection reform by the end of 2014 at the latest, says the draft. The text calls for better legal protection of whistleblowers, but also points out that proper oversight “should not depend on journalists and whistleblowers”.
IT security: open source software could help
Disclosures by former NSA contractor Edward Snowden have revealed a huge weakness in the IT security of EU institutions, stresses Mr Moraes. The draft resolution proposes that Parliament’s technical capabilities and options should be properly assessed, including the possible uses of open source software, cloud storage and more use of encryption technologies.