Battle over spying versus legitimate data transfer heats up in Congress

On Data Protection Day, members of the Senate Judiciary Committee voted 19-1 in favor of the Judicial Redress Act, which would extend to European citizens the right to sue particular US government agencies if their electronic data is mishandled in a law enforcement investigation. The bill points to distinction between data rights in the US and Europe.

Carolyn Kaster/AP
A snowman reportedly intended to represent NSA whistleblower Edward Snowden created by privacy activist Max Schrems stands in Lafayette Square Park, across from the White House in Washington, Monday, Jan. 25, 2016. Senate lawmakers on Thursday advanced a bill that would allow European citizens to sue the US if their data is misused in a law enforcement investigation.

As negotiators from the US and the European Union work to forge a new deal on the movement of electronic data across the Atlantic, US lawmakers took a more decisive step on Thursday to assert control over a related provision that would allow European citizens to sue in US courts if their data — such as social media postings — is mishandled in an international law enforcement investigation.

In October, the European Court of Justice struck down the 15-year-old Safe Harbor data transfer agreement, used by thousands of US companies, amid concerns about how the act could be used to further US government surveillance programs.

In the wake of that decision, originally filed against Facebook’s European arm in Ireland, attention has shifted to several related proposals to restore cooperation between the two regions.

Lawmakers and tech companies have particularly focused on the Judicial Redress Act, which extends the right to sue for data misuse — currently provided to US citizens under European law — to European citizens in US courts. It isn't seen as essential to renegotiating the Safe Harbor pact, but European regulators have said passing the bill would be significant as a sign of good faith.

“From an industry perspective we’ve been supportive of it, I think it is sort of a brick in the wall to rebuild trust across the Atlantic from the Internet user’s perspective, not so much from the political [angle],” said Bijan Madhani, public policy and regulatory counsel at the Computer and Communications Industry Association, a trade group that includes Google, Facebook and Microsoft, at a conference in Washington earlier this week.

On Thursday, which is Data Privacy Day in the US, known as Data Protection Day in Europe, lawmakers from the Senate Judiciary Committee voted 19-1 in favor of the bill. The committee will also hold hearings on two of the surveillance programs disclosed by former NSA contractor Edward Snowden next week.

The bipartisan group — which includes presidential candidate Ted Cruz, who was not present at the meeting — also accepted an amendment to allow the US Attorney General to limit the right to sue to only citizens of countries that were participating in an international data-sharing deal such as Safe Harbor.

“The Obama administration believed it needed to make concessions in order to share law enforcement info with the European Union,” said Sen. John Cornyn (R) of Texas, who proposed the amendment. “Today, when Europe and the United States face common threats like radical Islamic terrorism, sharing law enforcement information should be a matter of common interest, period. We shouldn’t have to barter for it."

But citizens could also see those rights to sue revoked if a country “impedes” the transfer of information related to criminal conduct of a person or private company, according to a draft of the amendment.

Privacy groups have expressed concerns that the bill — which allows the Attorney General to set which agencies are covered — doesn’t provide sufficient safeguards for European citizens concerned about how their data could be used.

The Electronic Privacy Information Center has been pushing lawmakers to delay consideration of the bill until regulators make public the larger “umbrella agreement” between the US and Europe that would further define how the two sides share information.

On Tuesday, the group said, the Justice Department responded to its public records request, revealing a draft of the agreement for the first time.

Privacy groups also point to distinctions between US and European law – which has traditionally held privacy protection, including for electronic communication – as an fundamental human right.

That’s even reflected in the naming conventions for Thursday’s celebration, which was first proposed in Europe in 2006.

“The idea of ‘celebrating’  the expansion of an individual's right to include his or her data is a radically European idea. The notion that government – specifically, the EU – should do something about enforcing that right is also deeply European,” writes Jim Kinsella, a former Microsoft executive who founded a European cloud data storage firm called Zettabox, in a blog post. “On the other side of the Atlantic, the concept is reversed: that is, the individual is expected to take responsibility for his or her own privacy. Informing the individual about risks, about tools they can use and about the state of cybersecurity is thought of something the government can legitimately do."

Mr. Kinsella points to the General Data Protection Regulation, a set of rules being developed by the European Commission that would require all companies that store data in Europe to follow European law, as a more robust protection for citizens concerned about how their data could be used. The regulations up the stakes for businesses by fining them up to 4 percent of their global revenue if they fail to protect their customers’ data, he notes.

But as the deadline set by the European high court looms – regulators have said they hope to release a new Safe Harbor agreement by Feb. 2 – lawmakers in the US are taking a different approach.

“I'm going to make sure ... that we don't just try to do something to help them out and we don't protect our interests,” Senator Cornyn, the Senate’s number two Republican, told Reuters, referring to the European Union.

“US companies should not have to endure regulatory threats in an attempt to change our policies or laws,” he added on Thursday, just before the Judiciary Committee voted to adopt the bill.

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to