The European Union’s chief justice official has written to the U.S. attorney general demanding an explanation for the collection of foreign nationals’ data following disclosures about the “PRISM” spy program.
In a letter seen by Reuters, the European commissioner for justice and fundamental rights, Viviane Reding, said she had serious concerns about the possibility that U.S. authorities had accessed European citizens’ data on a vast scale.
U.S. officials have confirmed the existence of a secret program to draw data from the Internet, codenamed PRISM, which according to documents leaked to the Washington Post and Britain’s Guardian newspaper has given them access to data from firms such as Google, Facebook and Skype.
“I would request that you provide me with explanations and clarifications on the PRISM program, other U.S. programs involving data collection and search, and laws under which such programs may be authorized,” said the letter, sent to U.S. Attorney General Eric Holder.
Holder and Reding will meet in Dublin on Friday at a scheduled ministerial gathering.
In the letter, Reding asks Holder to explain whether EU citizens were targeted under PRISM, how broad U.S. access to the data would have been and how EU companies and citizens can appeal against the monitoring of their private correspondence.
EU officials have for several years asked the United States to explain how laws such as the Patriot Act and the Foreign Intelligence Surveillance Amendment Act affect EU citizens and companies. The European Parliament, in particular, has become vocal about limiting data sharing and protecting privacy.
Reding has said she has asked U.S. authorities to use an agreed legal channel called the Mutual Legal Assistance Agreement to access any data, a method that requires judicial approval.
Since 2011 the EU has tried to negotiate a transatlantic data protection agreement that would limit U.S. access to European data.
The talks have stalled partly over the issue of what rights EU citizens had on U.S. soil, a Commission official told Reuters earlier this week.
EU officials are also debating whether data protection should be included in negotiations for an EU-U.S. free trade deal on which formal talks are expected to begin next month.
The European business community has warned that without legal certainty, technologies which rely on data protection such as cloud computing will not be able to grow in Europe.
Companies considering adopting cloud technology still cite security as their biggest concern and European officials say they are aware that Europe’s cloud market hinges on privacy.
“The storage of the data in the foreign servers and related legal uncertainty constitutes a real impediment,” a second Commission official said.
Lobby groups in Brussels say they need to know which set of laws – EU or U.S. legislation – they should follow.
“Internet companies are piggy in the middle in terms of protecting user data, obeying the law, and different laws in different regions of the world,” said James Waterworth of the Computer and Communications Industry Association, a lobbying group based in Washington.