European Union privacy regulators are probing possible violations of the bloc’s data protection rules through the “large-scale” surveillance of people’s data by U.S. spy programs such as Prism.
Recent disclosures on how U.S. intelligence agencies collect data of foreign nationals “are of great concern,” Jacob Kohnstamm, head of the group of 28 EU privacy watchdogs, said in a letter to the bloc’s Justice Commissioner Viviane Reding.
The group “considers it is its duty to also assess independently to what extent the protection provided by EU data protection legislation is at risk and possibly breached.”
Former U.S. National Security Agency contractor Edward Snowden, who faces U.S. espionage charges, revealed in June that the government secretly collected telephone records of millions of U.S. customers of Verizon Communications Inc. under a classified court order. Prism, another program, collects Internet data from Apple Inc., based in Cupertino, California, Google Inc., based in Mountain View, California, and other companies.
“Even though some clarifications have been given by the United States’ authorities, many questions as to the consequences of these intelligence programs remain,” Kohnstamm, chairman of the Article 29 Data Protection Working Party, said in the letter, dated Aug. 13 and published today. The group identified a list of “issues of concern and questions that need to be answered as soon as possible.”
Reding said in June that U.S. Attorney General Eric Holder provided “assurances” about the Prism surveillance program amid concerns over its impact on EU citizens. The EU’s questions about the once-secret program “have been answered very clearly by Eric Holder,” she said at the time.
Mina Andreeva, a spokeswoman for Reding, said the commissioner welcomes “the strong support” from the Article 29 Working Party.
The European Commission “calls on the national data protection” authorities in the EU group to ensure that the governments in each country support data protection regulation “that is also effectively enforceable in PRISM-type situations,” Andreeva said.
The privacy regulators want information on what data the U.S. is collecting, Kohnstamm said.
“Allegedly the collection of personal data takes place both on a very large scale as well as on a structural and/or systematic basis, allowing the NSA, FBI, CIA and/or other intelligence and law enforcement agencies continuous access,” Kohnstamm said, referring to the U.S. Federal Bureau of Investigation and the Central Intelligence Agency.
The EU group “has doubts whether the seemingly large-scale and structural surveillance of personal data that has now emerged can still be considered an exception strictly limited to the extent necessary,” said Kohnstamm.
He said that apart from investigating the intelligence programs used by the U.S., the EU group will also assess any effects of the Prism program and the information derived from it on Europe.