Rights activists: EU-US data exchange undermines fundamental rights

The civil rights organization European Digital Rights (EDRi) is making serious accusations against the EU Commission regarding the agreement on data sharing with the USA. Eleven years after the Snowden revelations and the associated outcry, mass surveillance is simply continuing based on the EU-US data protection framework, the umbrella organization complains. The EU now appears to have adopted an attitude of "business as usual", which suggests at least a certain tolerance of the ongoing mass collection of information on internet users by certain countries, such as the USA.

As a significant example of this development, EDRi cites the EU Commission's recent review of the adequacy decision for the transfer of personal data from the EU to the US. The EU Commission came to the conclusion (PDF) that the US authorities had introduced all the key elements of the Data Privacy Framework (DPF). These included the implementation of safeguards to limit access to personal data by the US intelligence services to what is necessary and proportionate to protect national security and the establishment of an independent redress mechanism.

Hardly any corrections to US surveillance law

EDRi complains that the Commission's report downplays "significant concerns about government and commercial surveillance" and glosses over the "fundamental problems" that led to the repeal of previous agreements such as Safe Harbor and Privacy Shield. The apparent signal behind this is to compromise on data protection and individual freedoms to ensure a smoother transatlantic data flow and strengthen the EU's position in an increasingly competitive global environment. This approach reveals a growing gap between the EU's self-proclaimed values.

The European Court of Justice (ECJ) has ruled in the Schrems I and II cases that US surveillance practices, in particular Section 702 of the Foreign Intelligence Surveillance Act (FISA) and Order 12333, violate the data protection rights of EU citizens, the civil rights activists explain. Contrary to the Commission's assurances that the DPF would counteract this, in reality hardly anything has changed in US law. The situation is exacerbated by increasing surveillance advertising and the data hunger of artificial intelligence (AI).

EDRi therefore urges the Commission not to wait for a potential Schrems III ruling. Instead, the EU and the US must face up to their responsibility to protect fundamental rights. The European Data Protection Board (EDPB) also recently called for the Commission to take a closer look at future FISA developments, especially after the extension of Section 702.

(mki)