3/7/2013 EU source: European Commission- Ref: SP13-074EN
Summary: 3 July 2013, Strasbourg - Speech by Viviane Reding, Vice-President of the European Commission, EU Commissioner for Justice, on "U.S. and EU Member State surveillance programmes: National security does not mean that anything goes" at a Plenary Session of the European Parliament
MAIN MESSAGES
1/ On the NSA spying allegations:
It is a matter of mutual trust and good practices in relations between friends and allies. It is clear that for negotiations on the trade agreement with the US to succeed, there needs to be confidence, transparency and clarity among the negotiating partners. This excludes spying on EU institutions.
2/ On the US PRISM programme:
The purpose [of the transatlantic working group] is to establish the facts and for the Commission to be able to assess the proportionality of the programmes with regard to the data protection of EU citizens.
The US appears to take our concerns regarding PRISM seriously. Attorney General Eric Holder committed, in a letter to me yesterday, to set up the expert group. We spoke yesterday evening on the phone and we agreed that the group will have its first meeting this month, and a second one in Washington in September. The Commission will report about the findings of the group to Parliament and Council in October.
3/ On the UK's TEMPORA programme:
The message is clear: the fact that the programmes are said to relate to national security does not mean that anything goes. A balance needs to be struck between the policy objective pursued and the impact on fundamental rights, in particular the right to privacy. It is a question of proportionality.
As regards next steps, we will continue the discussion with the UK on the Tempora project.
4/ On the EU's data protection reform:
PRISM and Tempora are a wake-up call for us to advance on our data protection reform for both the private and the public sector. A strong framework for data protection is neither a constraint nor a luxury but a necessity.
Various elements of the reform are of particular relevance. It will clarify the territorial application of the law, including to companies operating in the EU. It will have a broad definition of personal data. It will clarify regime for international transfers. It will impose obligations and responsibilities on processors as well as controllers of data.
[I]t has become urgent to proceed on a solid piece of legislation. Any delay in the data protection reform only plays in the hands of those who do not share the objective of a high level of data protection.
SPEECH
The news over the past weeks and days has been deeply disturbing. Revelations, claims and counter-claims have been made at a dizzying speed. This debate is a useful opportunity to explain the different strands of the issue and to make sense of what the EU can do to address the situation.
I believe that we should carefully distinguish between two aspects to the problem. The first concerns international diplomatic relations. The second concerns the rights of EU citizens.
As regards the first matter of alleged spying on EU and EU Member States' diplomatic premises, the Commission has raised its serious concerns with the US. Yesterday, the President made a statement to this House in the context of the debate on the European Council Conclusions. The issue was also discussed by Vice-President Ashton directly with State Secretary Kerry. It is a matter of mutual trust and good practices in relations between friends and allies.
It is clear that for negotiations on the trade agreement with the US to succeed, there needs to be confidence, transparency and clarity among the negotiating partners. This excludes spying on EU institutions.
The second issue, related to the right of EU citizens, was debated here one month ago. I am happy to update you on latest developments.
In relation to the revelations on the PRISM programme and the Verizon case, I asked a series of questions in a letter to my US counterpart, Attorney-General Eric Holder, on 10 June. I have also spoken with him at the EU-US Justice Ministerial on 14 June in Dublin.
I raised our concerns regarding the impact of Verizon and PRISM on the fundamental rights of EU citizens. I asked for clarifications on the different levels of protection that apply to US and EU citizens. And I asked about the conflict companies can find themselves in when they are faced with competing obligations under US and EU law.
Some explanations for which I am awaiting written confirmation were given. But all questions have not been answered so far. This is why after the Ministerial I have written again, together with my colleague Cecilia Malmström, to our US counterpart asking for answers in particular on the volume of the data collected, the scope of the programmes and the judicial oversight for Europeans.
At the Ministerial in Dublin, we agreed with the US to set up a transatlantic group of experts to establish the facts surrounding these programmes. The purpose is to establish the facts and for the Commission to be able to assess the proportionality of the programmes with regard to the data protection of EU citizens.
The US appears to take our concerns regarding PRISM seriously. Attorney General Eric Holder committed, in a letter to me yesterday, to set up the expert group. We spoke yesterday evening on the phone and we agreed that the group will have its first meeting this month, and a second one in Washington in September. The Commission will report about the findings of the group to Parliament and Council in October.
At the EU-US Ministerial, I called once again for the conclusion of the negotiations for an EU-US Umbrella Agreement on data transfer for law enforcement purposes. An agreement that would guarantee equal treatment of EU and US citizens when their data is processed for law enforcement purposes. I urged my US counterpart to take the necessary steps to ensure real progress.
In response to media reports about the UK Tempora Programme, I have addressed a letter to Foreign Secretary William Hague and asked to clarify the scope of the programme, its proportionality and the extent of judicial oversight that applies.
The message is clear: the fact that the programmes are said to relate to national security does not mean that anything goes. A balance needs to be struck between the policy objective pursued and the impact on fundamental rights, in particular the right to privacy. It is a question of proportionality.
As many of you said in our last debate in June, programmes such as PRISM and Tempora are a wake-up call for us to advance on our data protection reform for both the private and the public sector.
A strong framework for data protection is neither a constraint nor a luxury but a necessity. It will help reverse the trend of falling trust in the way in which data is handled by companies to which it is entrusted.
That's why our proposed reform is an important part of the answer. It will maintain the current high level of data protection in the EU by updating citizens' rights, guaranteeing they know when their privacy has been violated and making sure that when their consent is required, the consent is real.
Various elements of the reform are of particular relevance. It will clarify the territorial application of the law, including to companies operating in the EU. It will have a broad definition of personal data. It will clarify regime for international transfers. It will impose obligations and responsibilities on processors as well as controllers of data.
Only a strong data protection regime can bring this trust both for EU citizens and for businesses and contribute to stability and growth of the digital economy. And trust is also the basis for EU-US cooperation in the field of law enforcement.
As many of you said in June, it has become urgent to proceed on a solid piece of legislation. Any delay in the data protection reform only plays in the hands of those who do not share the objective of a high level of data protection.
The whole world is watching us on this. And the debate on PRISM and similar programmes only reinforces that we have a chance to set a gold standard for data protection.
As regards next steps, we will continue the discussion with theUKon the Tempora project.
Together with the Presidency, we have started the discussion on the transatlantic expert group which will include experts from Member States. Based on the information gathered, the Commission will report back to the European Parliament and to the Council in October.