An article on EUObserver.com reports on a debate last week in the European Parliament which highlighted the conflict between US demands for data and EU privacy legislation.

The article’s title is Commission Downplays Parliament EU–US Data Privacy Concerns – “downplays” being Eurospeak for “brush it under the carpet and pretend it is not a problem”. Justice Commissioner Viviane Reding’s answer that a US law enforcement authority would have to use “existing channels of cooperation and mutual legal assistance agreements” to get data from companies in the EU does not reflect the view taken hitherto by those authorities when they make their demands. “Stand and deliver” better describes their approach.

It is not just US authorities. As an MEP pointed out, the “existing channels” do not help much when a US civil court requires the disclosure of data stored in the EU. Fears that US law could have “extraterritorial effect within Europe” and that European laws “could be over-ruled by third country laws” are legitimate fears as a practical and pragmatic matter – there is no need for US courts to assert expressly the primacy of US law when they can simply punish a party for failing to produce documents.

One MEP pointed out that it would be “ironic if it were easier for third countries to process European citizens’ data in their territory than for European entities to do so in Europe”.  It is not really a matter of one being “easier” than the other. The data is processed in the US in possible breach of EU laws either because the parties and courts are unaware of the restrictions or because the parties take the view that the Scylla of sanctions is more palatable than the Charybdis of EU fines and other penalties.

As I have reported elsewhere, we are beginning to see an appreciation on the US side not only that the comity of nations requires respect for the laws of foreign jurisdictions but that a combination of cooperation, transparency and technology ought to allow a reconciliation between US demands and EU restrictions, with recent recommendations from both the ABA and the Sedona Conference to that effect.

We just have to hope that someone listens to the MEP who said that “we have to work together to find workable solutions” and that the new US initiatives are matched by something more than mere privacy tub-thumping in the EU. The “existing channels of cooperation and mutual legal assistance agreements” may work reasonably well in the UK, where Senior Master Whitaker is the proper authority for Hague Convention requests, but they tend to get filed under “Can’t be bothered” elsewhere. It takes two to find a “workable solution”.

For the avoidance of doubt, and in case this is not already clear, I am on the side of privacy protection and narrower discovery, and not just  because I come from this side of the Atlantic. Commissioner Reding’s proposals for a replacement Data Protection regulation inevitably include the recruitment of lots more Eurocrats to push their pens and shuffle their paper, to draw fine salaries, expenses and pensions, and to do all those other things which EU civil servants do to pass the time. Perhaps a few of them could be set to trying to make a reality out of the “existing channels of cooperation and mutual legal assistance agreements” to which Commissioner Reding refers.

My thanks to Nigel Murray of Huron Legal for drawing my attention to the article.

Home