Does the NSA's PRISM spying program violate EU law?
President Obama wants America to know that the PRISM scandal, which revealed the NSA and FBI have unfettered access to the data centers of companies like Google, Facebook, and Yahoo, actually only targets foreigners.
Needless to say, Europe is not happy.
News of PRISM, a program previously unknown to the public, broke Thursday evening in reports from the Guardian and the Washington Post.
Obama gave a prompt, awkward press conference Friday morning to address PRISM. Unknown to the public until this week, PRISM has almost unbelievable access to nine major tech companies' data, and uses that access to track emails, chats, and file transfers, according to a leaked NSA slideshow.
The President promised that "This does not apply to U.S. citizens and it does not apply to people living in the United States."
In a statement, the White House assured Americans that the PRISM program fully legal under the Foreign Intelligence Surveillance Act. It’s subject to oversight by congress and the executive branch, making sure only “foreign intelligence” information is collected, and no Americans are targeted.
But that doesn't offer much comfort to America's allies in the European Union.
"I think it is indeed a violation of EU laws," Sophie in 't Veld, a Dutch Member of European Parliament who helped draft the EU's strict data protection laws, told the Daily Dot.
"In principle EU law does not allow for data to be transferred to the US. Companies often find themselves caught between two jurisdictions. They usually prefer to comply with US law, rather than EU law. This way US law effectively takes precedence over EU law, even on EU territory. So far the European Commission has done preciously little to solve the issue of jurisdiction and protect the rights of EU citizens. The Prism story is only one of many of massive US spying on people both inside and outside the US. I hope this case will serve as a wake up call."
Germany’s federal commissioner for data protection, Peter Schaar, told Gigaom that White House claims do "not reassure me at all," adding: “Given the large number of German users of Google, Facebook, Apple or Microsoft services, I expect the German government [...] is committed to clarification and limitation of surveillance.
The U.K's Information Commissioner’s Office (ICO) also issued a statement today, saying it will investigate PRISM along with other European data agencies, and addressing the extent to which the program could compromise U.K. citizens' privacy:
“There are real issues about the extent to which U.S. law enforcement agencies can access personal data of UK and other European citizens. Aspects of U.S. law under which companies can be compelled to provide information to U.S. agencies potentially conflict with European data protection law, including the UK’s own Data Protection Act. The ICO has raised this with its European counterparts, and the issue is being considered by the European Commission, who are in discussions with the U.S. Government.”
The Guardian reported today that data from PRISM has been shared with U.K. intelligence agencies since at least 2010.
llustration by Jay Hathaway