By Don Quijones, Spain & Mexico, editor at WOLF STREET.
Europe’s already rocky trading relationship with the U.S. just got a whole lot worse. Thanks to one young man’s battle against one of the world’s biggest tech companies, data traffic underpinning the world’s largest trading relationship has been thrown into jeopardy.
As the Wall Street Journal warns, hanging in the balance could be billions of dollars of trade in the online advertising business, as well as more quotidian tasks such as storing human-resources documents about European colleagues.
A Decidedly Unsafe Harbor
When, in 2013, the Austrian law graduate Max Schrems filed a data-privacy-infringement lawsuit against Facebook after Edward Snowden had revealed the full extent of the company’s collusion with the NSA, little could he have imagined the impact he would end up having. Now, two years later, the European Court of Justice has ruled that the Safe Harbor Agreement that has governed EU data flows across the Atlantic for some 15 years is no longer valid.
As Tech Crunch notes, the new ruling will affect all companies that outsource data processing of E.U. users’ data to the U.S:
The Safe Harbor executive decision allows companies to self certify to provide “adequate protection” for the data of European users to comply with the European data protection directive, and with fundamental European rights such as the right to privacy (under Article 8 of the European Convention for the Protection of Human Rights).
In response to the ruling, Schrems said it “draws a clear line” by clarifying that mass surveillance “violates our fundamental rights.” The ruling will also directly affect the operations of some 4,500 European and international companies, including U.S. tech giants Alphabet (Google’s newborn parent company), Amazon, Facebook, and Microsoft.
However, while the biggest players claim to have already set up backup legal mechanisms to avoid clashes with regulators, including expanding the size of their European data centers, smaller companies may find it prohibitively expensive to build their own European facilities or pay companies that already have them. Setting up servers in Europe could double operations costs, said Chris Babel, chief executive of TRUSTe, which advises startups on data-protection laws.
More important still, the ECJ’s ruling could torpedo a sizable chunk of the world’s biggest and most secretive trade agreement currently under negotiation, the so-called Trade in Services Act (TiSA). Allegedly in the late stages of negotiation, TiSA currently has 52 prospective signatory nations (compared to the Trans-Pacific Partnership’s paltry 12). Those nations include both the U.S. and all 28 members of the European Union.
As WOLF STREET previously reported, TiSA appears to have three primary goals: 1) privatize all services; 2) rip up national and regional financial regulations and 3) spread the U.S. approach to data protection — i.e. no protection — around the world:
The draft Financial Services Annex of TiSA, published by Wikileaks in June 2014, would allow financial institutions, such as banks, the free transfer of data, including personal data, from one country to another.
As Ralf Bendrath, a senior policy advisor to the MEP Jan Philipp Albrecht, writes in State Watch, TiSA would constitute a radical carve-out from current European data protection rules:
The transfer and analysis of financial data from EU to US authorities for the US “Terrorist Finance Tracking Programme” (TFTP) has already shaken EU-US relations in the past and led the European Parliament to veto a first TFTP agreement in 2010. With the draft text of the TiSA leak, all floodgates would be opened.
The weakening of EU data protection rules through TiSA goes further than “only” the financial sector. According to sources close to the negotiations, a draft of the TiSA “Electronic Commerce and Telecommunications Services Annex” contains provisions that would ban any restrictions on cross-border information flows and localization requirements for ICT service providers. A provision proposed by US negotiators would rule out any conditions for the transfer of personal data to third countries that are currently in place in EU data protection law.
If signed, TiSA would set Big Brother (led by the NSA and fellow five-eye partner organizations such as the UK’s GCHQ) free to roam and eavesdrop on a very large part of the globe completely unhindered by national laws or regulations. Multinational corporations from all sides of the Atlantic and Pacific Ocean would also have carte blanche to pry into just about every facet of the working and personal lives of the inhabitants of roughly a quarter of the world’s 200-or-so nations.
At least that was the plan. However, according to Spain’s biggest daily, El País, data protection has always represented a big fat red line in the EU’s trade negotiations with the U.S. In the wake of Snowden’s revelations, there have even been proposals to introduce changes to the routing of internet data packets, so that they take a certain path and remain within the EU. Brussels has also negotiated the construction of a deep-sea Internet cable between Portugal and Brazil that is intended (but is unlikely) to be NSA-proof.
In the European Parliament an amendment tabled by the Green Party to encrypt all Internet traffic from end to end was adopted as part of a compromise on the committee vote in February. Now, thanks to Snowden’s revelations and Schrems’ court case against Facebook, the EU has a perfect opportunity to redraw the limits of data protection.
In private and behind firmly closed doors, however, the European Commission’s trade negotiators – the people with real clout in the negotiations – will continue to come under intense U.S. pressure to sign away virtually all European data protection rights. To what extent they yield will ultimately hinge on the extent to which the Commission’s recent outrage over the U.S. government’s wholesale subversion of Europe’s data protection laws – with a little help, of course, from Germany’s intelligence agency – is genuine or faux.
As the president of the Transnational Institute, Susan George, told El País, “you never really know what is really being negotiated between the two trading blocs.” Until it’s too late, of course: in the case of TiSA the treaty’s binding text is to be “considered confidential” — i.e. not for public consumption — for at least five years after being signed.
After this Monday’s provisional signing of TPP, an agreement that civil rights groups warn could herald a new age of unbridled global Internet censorship, the momentum appears to be shifting in the corporatocracy’s favor. What this might mean for the increasingly strained trade relationship between the U.S. and Europe — a relationship that is, according to El País, in critical condition — it’s still too early to tell. After all, the only chance we have of knowing what decisions our elected representatives are making on our behalf these days is if someone, somewhere has the uncommon decency to leak them. By Don Quijones
Enjoy reading WOLF STREET and want to support it? You can donate. I appreciate it immensely. Click on the beer and iced-tea mug to find out how:
Would you like to be notified via email when WOLF STREET publishes a new article? Sign up here.