Congress wants to allow Europeans to sue US over spying. What's next?

On Thursday, the House Judiciary Committee approved a bill aimed at assuaging European doubts about government surveillance. But questions linger about how effective it may be.

Susan Walsh/AP
Congress is currently considering legislation which would allow European citizens to sue government agencies, including the Justice Department, whose headquarters in Washington is shown here in August, for "intentional and willful" violations of privacy.

More than two years after former National Security Agency contractor Edward Snowden revealed the extent of the US government’s massive surveillance program, concerns about data privacy continue to echo internationally.

On Thursday, Congress advanced a bill which would allow European citizens to sue the US government if their data is misused in an international law enforcement investigation. The proposal is one of several cybersecurity bills currently in progress in the US and in Europe.

Known as the Judicial Redress Act, it’s intended to address imbalances in how the US and international governments share data in criminal investigations, including terrorism cases. It’s part of a larger “umbrella agreement” between the US and the European Union to further define how the two sides share information. Currently, US citizens can sue in European courts over the misuse of their data, but the US does not have similar protections.

The House Judiciary Committee’s stamp of approval came during during a Thursday mark-up session, with lawmakers emphasizing that it would be a key effort in restoring trust between the US and Europe, where officials have expressed outrage over the extent of the US government surveillance in the region.

“If we fail to pass the Judicial Redress Act, we will undermine several important international agreements, harm our businesses operating in Europe and severely limit the sharing of law enforcement information,” Rep. James Sensenbrenner (R) of Wisconsin, who introduced the bill in March, said during the meeting.

But the bill’s impact is somewhat limited, observers and privacy groups say.

“I don’t think the Judicial Redress Act does much, to be honest,” says Jim Kinsella, a former Microsoft executive who now runs a European cloud data storage company called Zettabox. “I don’t think it’s going to bring together the European Union and the US in terms of their approaches to data privacy.”

Mr. Kinsella says he feels upcoming European legislation called the General Data Protection Regulation (GDPR), provides a more robust approach to protecting citizens’ data, most notably by requiring that all companies that store data in Europe follow European laws.

The GDPR will also allow European countries to get more involved in cloud data storage, where American companies like Amazon, Google and China’s Alibaba have increasingly dominated the industry, he says.

The Judicial Redress Act focuses more narrowly on correcting the imbalance between European and American privacy law. It allows European citizens to sue the government for “intentional and willful” privacy violations, including the refusal to provide access to a particular record.

However, only data used by certain “designated agencies” picked by the Justice Department is covered, the Electronic Privacy Information Center (EPIC) said in a statement sent to the Judiciary Committee. If a federal agency is removed from this group by the Attorney General, it isn’t subject to review by a judge, EPIC notes. The group argues Congress should allow European citizens to sue every federal agency.

“To the extent that federal agencies maintain personal information on non-US persons, EPIC recommends that the Judicial Redress Act grant all such persons the same right of judicial redress currently available to US persons,” EPIC says.

Congress’ actions comes amid an ongoing battle between the Justice Department and technology companies like Apple and Microsoft over the release of data that it says is needed in ongoing criminal investigations.

The Microsoft case, which involves a Hotmail email account stored on a server in Dublin, Ireland, has attracted widespread attention, with the tech giant arguing that the government only provided a warrant valid in the US in order to obtain access to the account.

In contrast to the bitterly contested legal battle, which is currently before a federal court in Manhattan, both sides have supported the Judicial Redress Act, saying it will provide further guidelines on international data sharing.

Kinsella, the technology entrepreneur now based in Europe, isn’t convinced.

Compared to Europe’s more comprehensive data regulation, he says, the US approach to ensuring data is shared responsibly is “very reactive.”

Congress is also considering several other data privacy bills, including a cybersecurity bill backed by Homeland Security officials which has stalled in the Senate and an update to the the 1986 Electronic Communications Privacy Act in the House, which would require officials to obtain a warrant for US citizens’ emails.

Because there are so many pending data privacy regulations in the US and Europe, Kinsella says, while the Judicial Redress Act will likely pass, its impact on government surveillance may be muted.

“I think, definitely, the Judicial Redress Act will essentially spawn suits against the government,” by Europeans worried about how their data is used. But, he adds, “the US government is going to have presumption of duty on its side, and it’s going to be an exceptionally rare judge, especially at the appellate level, who will let this case win.”

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.