On Monday, June 10, the European Commission again voiced its "concern" at the US Prism electronic surveillance programme run by the National Security Agency (NSA) which allows it to access the data of foreigners, Europeans in particular.

Unusually discreet, Viviane Reding, the Commissioner for Justice, did not point the finger at the United States. In talks with the Americans, her spokesman said, she has raised the issue of the rights of European citizens “systematically”. The Commissioner had in her sights, rather, the countries of the European Union (EU) which, on Thursday, June 6, in Luxembourg, put on hold its project for the protection of personal data.

Under discussion for 18 months and in 25 meetings, the Data Protection Regulation (DPR) dossier has gone through 3,000 amendments and divided the European Union. The Ministers of Justice of the bloc met just a few hours before the revelations by the ex-CIA employee, Edward Snowden, hit the pages of the British newspaper The Guardian – revelations that might have allowed them to bring their widely diverging views closer into line. London and the Hague feel the Reding project is too punitive on businesses, while Paris wants more attention paid to social networks, and Berlin thinks the texts are too vague... Faced with the breaking story of Prism, the European capitals are, as they say, "concerned”, at the least.

That was the adjective used by the Commission in 2000, when the European activities in Echelon, an Anglo-Saxon network that set out to monitor global telecommunications, were exposed. The NSA was directing this interception strategy to glean economic, commercial, technological and political information. The legislation of the European Union’s member states was violated, and so were the fundamental rights of citizens.

Benefits of special relationship

London did, at the time, benefit from its special relationship with Washington to spy on its European rivals. The two capitals denied it; the European leaders preferred to forget that the person responsible for the encryption of communications from the Commission had stated that he had "very good contacts with the NSA," which would have had free access to supposedly confidential information of the European Executive. The person then "corrected" his remarks in a letter to his superior.

Then came the attacks of September 11, 2001 – which Echelon was unable to prevent – and, sometimes voluntarily, sometimes under compulsion, Europeans have since conceded large transfers of data to the US authorities in the name of the fight against terrorism. In 2006 they learned that Washington had secretly had access for five years to information from Swift, a company based in Belgium that secures financial messages exchanged among banks around the world.

After the shock had passed, difficult negotiations got underway and an agreement was signed in 2010. The Europeans were now in a position to evaluate the relevance of the American demands: a representative of the 27 is present in the US federal capital to exercise control, the procedure and possible incidents are subject to a semi-annual assessment, and so on.

The case of airline passengers’ personal data (“passenger name record”, PNR,) was no less complex. It took nine years of talks and four versions of the text to finally arrive at a consensus in April 2012. Especially anxious to avoid signing bilateral agreements that would have offered few guarantees, Europeans in the end accepted that 19 items of data on all EU travellers who come to the United States or fly over US airspace would be shared; Washington had already taken into account the “Open Skies” liberalisation that allowed European airlines to fly into the United States. The data received is anonymised after six months, stored for five years on an "active" basis, and then for 10 years on a "dormant" basis.

Limited capacity for action

The Europeans were unable to resolve a key issue: three of the four global companies that store the reservation data of most airline companies on the planet are established in the United States and subject to the legislation of that country. In the event of problems, those companies would be out of the reach of European laws. As with Prism, the European Union has been forced to recognise not only that it has routinely been lagging behind the facts on the ground but that its capacity for action is limited.

Currently, it is trying to negotiate with the United States the right for European citizens to have personal data held by US private companies, and data that may be incorrect, corrected by judicial means. US citizens living in Europe already enjoy this right.

While Sophie in't Veld, Liberal MEP, hopes that the revelations about the NSA practices will "raise awareness" among Europeans and force them to be more demanding, a senior Brussels official takes another line: "This case provides a little more confirmation that the United States is the leader in anti-terrorism and many member states would not dare to go against them." According to this source, there is "little doubt" that the United Kingdom and other countries have benefited from information obtained by Prism. German Chancellor Angela Merkel will undoubtedly be the first to bring up the matter directly with Barack Obama, who will be in Berlin on June 18 and 19.

The case is even more sensitive, in a country very attached to personal privacy, now that The Guardian has revealed that Germany was one of the countries most targeted for data collection. According to a Brussels expert, this may suggest that the United States authorities are also engaging in industrial espionage – which Washington was already denying at the time of Echelon. On Monday, a spokesman for the Ministry of Justice in Berlin indicated that the administration was checking into "possible hindrances to the rights of German citizens".