Big brother’s little helper inside the European Commission


Tabled 25 January 2012, the Data Protection Reform Package aims to update, harmonise and strengthen privacy rules in Europe. This reform effort has been, and continues to be, one of the most heavily lobbied legislative efforts from both the private sector and the U.S. government, which aimed at watering down the measures included in this crucial reform for privacy. To shed light on these activities, in 2013 Access launched parallel FOIA requests to both the European Commission and the U.S. departments of State, Justice, and Commerce.

Until recently, the documents obtained through these FOIA requests were either heavily redacted or mostly unrelated to the Data Protection Reform, though we did receive some interesting documents from the European Commission (see here for more information). The situation changed few weeks ago when the U.S. Department of Commerce dumped another set of documents as a result of our request. One particular email from the National Telecommunications and Information Administration (NTIA) — highlighted earlier this morning in Der Spiegel — caught our attention. It reveals how the Home Affairs department of the European Commission (DG Home) has been working alongside the U.S. administration during the early stages of the privacy reform effort.

The email is between staff working at the NTIA of the Department of Commerce. The email makes reference to the drafting of one of the lobby documents the Obama administration produced to influence the outcome of the data protection reform package (read EDRi’s analysis on the paper here). This is one of the many documents which likely contributed to a diluting of the Data Protection Regulation even before the proposal had been made public.

The email indicates that Commissioner Malmström and/or her cabinet had been sharing information with the U.S. Mission in the E.U., including appropriate times to publish the lobby document, information about internal politics within the Commission, and concerns about how the proposal for a Data Protection Directive could conflict with E.U. and U.S. Law Enforcement interests. In short, DG Home has been actively working to undermine a crucial reform for E.U. citizens’ fundamental rights to privacy and data protection.

For many who have been following the E.U. privacy reform debate closely, this trans-Atlantic cooperation was an open secret. However, until now, it has not been possible to demonstrate DG Home’s maneuvers. Beyond the implications for the Data Protection Reform, the contents of the acquired document give cause for concern about Ms. Malmström’s suitability for leading EU negotiations with the USA on the Transatlantic Trade and Investment Partnership (TTIP), given that she has recently been chosen E.U. Commissioner-designate for Trade.

Since June 2013, the E.U. and the U.S. authorities have been negotiating TTIP — what could be the world’s biggest trade agreement — behind closed doors. This massive deal could affect a multitude of industries and strongly impact E.U. citizens’ rights, so it is of paramount importance to ensure that the E.U. negotiating team will not secretly undermine E.U. citizens’ interests.

The document leads us to question Ms. Malmström’s friendly approach to the U.S. government in the months following the mass surveillance revelations. Last year, documents revealed that the U.S. administration had been accessing the SWIFT database, the world’s biggest financial database, to monitor and store European financial transactions. In short, the U.S. bypassed the authorised scope provided by the controversial Terrorist Financing Tracking Program (TFTP) to authorise access to the SWIFT database for the prevention, investigation, detection, and prosecution of conduct pertaining to terrorism or terrorist financing, and to snoop into millions of people’s personal financial records.

Commissioner Malmström was tasked to conduct an investigation to find out the veracity of this claim, and whether or not and to what extent E.U. citizens’ personal data had been unlawfully accessed. Shortly after the beginning of this investigation, Malmström explained in a speech that she had received “written reassurances” from the U.S. government, and assured that “it has not breached the TFTP agreement.” The investigation was then closed.

The European Parliament, not satisfied with this so-called investigation, called in its report on mass surveillance, for the immediate suspension of the TFTP agreement until a “thorough investigation has been concluded.” The report was adopted in March 2014. The Parliament is still waiting for DG Home to take action.

Cecilia Malmström will only be confirmed as Commissioner for Trade if the European Parliament approves her appointment during a vote in plenary session taking place on October 22. Prior to this vote, on Monday, September 29, the International Trade Committee (INTA) of the European Parliament will be conducting a three hour hearing to question Commissioner-designate Malmström.

We strongly encourage parliamentarians to seize this opportunity to inquire about these serious matters.