Europeans are outraged over the ongoing revelations about America's pervasive surveillance programs -- and they should be. While we may not know the full extent of the National Security Agency's (NSA) programs yet, what we do know is that the communications of countless innocent European citizens is collected each day by the U.S. government, and currently there is no real recourse for violations of privacy and free expression rights.
The debate in the U.S. is focused on the violations of American's privacy rights, with little to no attention paid to the rights of foreigners. But politicians in the Europe are taking this seriously and are currently looking for effective ways, within the European Parliament's competence, to protect European citizens' privacy in the context of electronic surveillance. European Commission Vice President Viviane Reding has demanded action and is pushing for rapid adoption of the E.U. Data Protection Regulation (DPR) that was first proposed in 2012. Unfortunately, government surveillance issues cannot be solved by this legislation.
Reding is right to push for swift action on the DPR, but she is wrong to suggest that its passage would solve the U.S. surveillance problem. While passage of the law would be a positive step on the privacy front for Europeans, it would not regulate E.U. Member States' national security intelligence programs, nor would it address the surveillance programs of the United States. The European Parliament and the European Commission simply do not have the authority to address national security matters. The E.U. institutions do have authority to enact the DPR, but just because it is the only arrow their quiver doesn't mean it will come close to hitting the target. In fact, the greater risk is that passage would create a false perception of "problem solved" without truly changing anything related to national security surveillance.
The only path forward for true reform around global surveillance practices is a much harder slog. It will require a joint European-U.S. effort to find agreement on proper legal standards and safeguards. It's incumbent upon the U.S. and its European partners, as the primary promoters of human rights and Internet freedom, to set the right course.
The revelations from Edward Snowden have exposed significant details about the U.S's surveillance programs, and there's little doubt that many European nations are employing similar tactics even if at a smaller scale. In France, President Hollande vocally called for an immediate stop to U.S. spying on Europeans, but quickly muted his tone when the bulk collection programs of French intelligence was revealed. Similarly in Germany, NSA spying was a campaign issue and some politicians argued that E.U.-U.S. trade talks should be suspended over it, however information about the German intelligence programs show equally invasive efforts. The U.K. has at least admitted to strong surveillance programs, however Prime Minister Cameron insists there is proper oversight that fully respects citizens' privacy.
With the knowledge of such extensive programs, it's justifiable to be skeptical that the U.S. and Europe genuinely want to open their surveillance practices to public scrutiny and advance reform. However, as the calls from civil liberties groups, legislators and the average citizen grow louder, the E.U. and the U.S. should act, and they should do so jointly if the global nature of surveillance and privacy rights are to be addressed in a substantive way.
A trans-Atlantic partnership would go a long way to ensuring a continued free and open Internet as well. Many of the proposed "solutions" to the surveillance dilemma include requirements to store data locally, which could greatly restrict the flow of information and make it easier for governments to suppress human rights. Local storage mandates may sound like a viable option, but they are in fact what many authoritarian regimes are pushing for, and adoption by the E.U. of such mandates would encourage repressive governments to quickly follow suit.
As we said in our testimony to the European Parliament inquiry on surveillance, a trans-Atlantic process is required to develop a comprehensive understanding of the criteria that should be applied to government surveillance, especially in the national security surveillance. The current state of affairs both in the U.S. and Europe is indefensible. This is a shared problem, and the timing is right for the U.S. and E.U. Member States to bring greater transparency, proportionality and oversight to their electronic surveillance practices. Human rights principles, based on the Human Rights Convention, must be better respected in both jurisdictions, and an agreement between the sides should be reached that clearly defines what constitutes adequacy for government access to data.
This process will not be easy and it will require a level of transparency that both the U.S. and E.U. have been unwilling to display to date. Still, striking the right balance between privacy rights and security surveillance can only be accomplished when borders are broken down and the cross-boundary reality of human rights is recognized. Now is the time for the U.S. and E.U. to show leadership rather than showmanship, or they risk letting the rest of the world dictate the next steps.