Lawmakers in the European Parliament have moved to combat clandestine mass surveillance programs by voting in favor of introducing tougher new data protection rules.
On Monday, the Parliament’s civil liberties committee approved the proposed reform, laying the groundwork for a significant overhaul of Europe’s current data protection framework. The changes have been in the works for 18 months, but the former NSA contractor Edward Snowden’s disclosures about U.S. and U.K. spy programs gave new urgency to the overhaul. The newly proposed rules, which still have to be agreed upon by EU member states, would restrict how companies such as Google and Microsoft could pass data on a European citizen to a third country. Companies would have to inform people whose data were requested and get any transfer of data signed off by the data protection authority. Any company caught breaching the regulations could face large fines of up to 5 percent of their revenue, which could in some cases amount to billions of dollars.
German member of the European Parliament Jan Albrecht described the vote as “a breakthrough for data protection rules in Europe, ensuring that they are up to the task of the challenges in the digital age.” Albrecht, a vocal critic of NSA and GCHQ surveillance on the civil liberties committee, added in a statement issued Monday that the legislation would introduce “overarching EU rules on data protection, replacing the current patchwork of national laws.”
The proposed changes consist of two draft pieces of legislation. The first is a general regulation that covers how personal data are processed in the EU, and the second is a directive that covers how data are processed for law enforcement purposes. Both would potentially affect all major U.S. Internet companies, and their bottom lines, as the rules are aimed at any firm that offers services to EU citizens.
However, there is still a long road ahead for the reform. The rules approved by the civil liberties committee will now be taken up by the European Council and debated by EU member states, but it is likely that some countries will attempt to neutralize some of the more stringent measures. Thousands of amendments have been proposed and tabled in the year and a half long discussion about reforming Europe’s outdated data protection regulations. Previous efforts to address loopholes that can be exploited by the U.S. government for surveillance have been dropped after aggressive lobbying by American officials.