The U.S. National Security Agency’s mass surveillance is a trade barrier for European Internet companies trying to provide services in the United States, a top EU official said on Monday.
U.S. citizens are deterred from using European e-mail providers because they do not get the same protection as they would by using U.S. providers, said Paul Nemitz, a director in the European Commission’s justice department.
“The law … which empowers the NSA to basically grab everything which comes from outside the United States, is a real trade barrier to a European digital company to provide services to Americans inside America,” Nemitz, who is overseeing an overhaul of the EU’s 20-year-old data protection rules, said at a conference on data protection in Paris.
In other words, an American in the United States using a European service does not have the same level of protection as he would if he used an American service. Using a European service, his communication is transmitted outside the United States, so it is subject to interception.
The comments underscore the widespread unease within Europe about access to people’s data by both security services and companies. They also come at a time when Brussels and Washington are renegotiating a data-sharing agreement – called Safe Harbour – used by over 3,000 companies.
The Safe Harbour agreement makes it easier for U.S. companies to do business in Europe by certifying that their handling of user data meets EU data-protection laws.
Last year’s revelations by former NSA contractor Edward Snowden about the agency’s surveillance of Europeans’ electronic communications sent shockwaves across Europe. It prompted the Commission to demand concessions from the United States as a condition for not suspending the Safe Harbour agreement.
Under U.S. law, broad collection of e-mail to, from or about foreigners is allowed. Privacy campaigners say that under the Foreign Intelligence Surveillance Act, security services do not have to prove that intercepting a foreign citizen’s electronic communications is necessary for national security reasons.
The Commission is pushing for Washington to guarantee that it will only access Europeans’ personal data for national security reasons when it is strictly necessary, as it does with U.S. citizens’ data.
The EU is also negotiating a new pan-European data- protection law which would impose stiff fines on companies mishandling personal data in Europe.
Companies in both the United States and the EU have lobbied against some parts of the new rules, arguing that they will impose too much red tape on businesses.
But French Prime Minister Manuel Valls said at the same data-protection conference that high standards of privacy would attract companies looking to regain customers’ trust in the wake of the Snowden revelations.
“The European standard of data protection is not an obstacle to economic activity,” Valls said. “Europe must make data protection an argument for attractiveness and competitiveness.”