The digital rights group Access has revealed an email that suggests outgoing EU Home Affairs Commissioner Cecilia Malmström collaborated with the Americans in a successful attempt to water down Europe’s new privacy laws.
The email, dated January 12, 2012, was uncovered through a freedom-of-information request in the U.S., Access said in a weekend blog post entitled “Big brother’s little helper inside the European Commission.” The campaigners say it shows that Malmström’s department, which has responsibility for law enforcement, worked to undermine the department of erstwhile Justice Commissioner Viviane Reding, who proposed the data protection reforms — currently awaiting final approval by EU member states – on January 25, 2012.
If this assessment is correct, the revelation may jeopardize Malmström’s confirmation by the European Parliament as the EU’s new trade commissioner. That role would put her center-stage in negotiations over the controversial U.S.-EU Transatlantic Trade and Investment Partnership (TTIP), which critics say would give big corporations disproportionate power in disputes with governments. She will face the parliament’s trade committee for a confirmation hearing on Monday, ahead of a vote on October 22.
Malmström’s team told me on Sunday that the commissioner “has supported Reding’s proposal and has not opposed any part of it.”
A Financial Times report in mid-2013, just after the Snowden revelations started to come out, suggested that the U.S. intervened in the drafting of Reding’s proposals, to ensure that they would not explicitly hinder the ability of U.S. authorities to access the data of Europeans.
According to that report, based on unpublished documents, a removed clause “would have nullified any U.S. request for technology and telecoms companies to hand over data on EU citizens.”
The email uncovered by Access is an internal message from the U.S. Department of Commerce, which indicated that Malmström’s cabinet had “reached out” with information about the proposals’ likely timing, which would help the Americans time their response.
It continued (notes in square brackets are my own):
DG Home [Malmström’s department] has been asked to make changes to Directive part of the proposal in short time frame so that it’s done by 1/25, but they don’t think they can do it. They have concerns similar to those in our paper [Access claims this refers to an early draft of a U.S. position paper eventually published a year later]. Proposed provisions would conflict with US/EU LE [most likely “law enforcement”] agreements. DG Home is concerned that Barroso’s [the Commission President at the time] Chief of Staff is friendly with Reding’s staff. Amb. Kennard [the U.S. ambassador to the EU at the time] is meeting with Barroso’s Chief of Staff tomorrow.
The email went on to talk about U.S. law enforcement officials, such as Betty Shave of the Department of Justice’s International Computer Crime unit, suggesting “talking points” that the paper could include.
Here’s a sample of Access’s take on the email:
This is one of the many documents which likely contributed to a diluting of the Data Protection Regulation even before the proposal had been made public.
The email indicates that Malmström and/or her cabinet had been sharing information with the U.S. Mission in the E.U., including appropriate times to publish the lobby document, information about internal politics within the Commission, and concerns about how the proposal for a Data Protection Directive could conflict with E.U. and U.S. Law Enforcement interests. In short, DG Home have been actively working to undermine a crucial reform for E.U. citizens’ fundamental rights to privacy and data protection.
For many who have been following the E.U. privacy reform debate closely, this trans-Atlantic cooperation was an open secret. However, until now, it has not been possible to demonstrate DG Home’s maneuvers.
Malmström trust in U.S. assurances
Access also pointed out how Malmström had pushed back against the European Parliament’s call to suspend the Terrorist Finance Tracking Program (TFTP), through which the U.S. can access Europeans’ financial data.
That incident was sparked by Snowden’s disclosure that the U.S. was covertly tapping into such data outside of the agreement’s mechanisms anyway, but the commissioner said she was satisfied with the U.S.’s “written assurances” over the matter, and refused to suspend the deal.
A spokeswoman for Commissioner Malmström told me by email:
These allegations are simply not based on facts. Looking at straight facts: Commissioner Malmstrom has strongly and openly supported the reform of the EU Data protection directive. She has been very active in fostering the adoption of Commissioner’s Reding proposal by the College of Commissioners and in defending the need for its swift adoption by European Parliament and Council. So the clear conclusion is: she has supported Reding’s proposal and has not opposed any part of it.
Even without the allegedly excised “FISA clause”, the EU data protection reforms would still provide a huge boost to the rights of Europeans to control their own online data, regardless of whether that data is held by U.S. firms, and allow for much higher fines for companies such as [company]Google[/company] that break EU privacy law.