An anti-TTIP protests in Madrid, June 2015. Demotix/Marcos del Mazo. All rights reserved.Data protection is among the most debated issues of recent years. The debate on data protection and the right to protect one’s personal data reached new heights when Edward Snowden revealed that the NSA is spying on millions of people. The news that German Chancellor Angela Merkel’s mobile phone was illegally wiretapped intensified the debate in Europe.
Or so it seems. But data protection has been an EU issue for more than 20 years now. A directive concerning the protection of data dates back to November, 1995. Data protection has since been included in the charter of fundamental rights during the negotiations of the 2000 Nice Treaty – though it became legally binding only in 2009 with the ratification of the Lisbon Treaty.
But what does data protection mean?
Data protection links to a series of rights that everyone has regarding his or her personal data that is being collected. These rights include: the right to information about when your data is collected, the right to know the name of the controller of your data and what happens to it, the right to receive this information whether the data was obtained directly or indirectly, the right to ask if the data controller is processing personal data, the right to receive a copy of your data in an intelligible form and the right to ask for deletion, blocking or erasing of your data.
Furthermore, the 1995 directive declares that the “adequacy of the level of protection afforded by a third country shall be assessed …” In order to obtain your data, a third country needs to be approved as having data protection standards “adequate” to European standards. This declaration led to the cancellation of the Safe Harbor Agreement of 2000 between the US and EU by the European Court of Justice (ECJ) in October 2015. The ECJ ruled that the US does not have to provide adequate data protection and is, therefore, not allowed to obtain data from EU citizens.
This ruling is said to add pressure on negotiations between the EU and US concerning the transatlantic trade and investment partnership (TTIP), where data protection plays a significant role.
Data protection and TTIP
There is strong evidence that the right to data protection could be undermined by the TTIP agreement by creating loopholes for companies abroad to gain access to personal data that would otherwise have to stay within European borders and thus be under the jurisdiction of European data protection law. This should not come as a surprise. US companies like Google or Facebook make a good deal of money with the data they collect through their platforms. But data protection is a fundamental right. This means it defines the starting point for negotiations. It is fundamental to our society and so by definition non-negotiable.
It is a fact that the European Commission, in its mandate to negotiate TTIP, has no right to discuss fundamental rights. It simply cannot. The European Parliament has put a particular emphasis on this previously, when it denied granting the US access to data on financial transfers in the EU as part of the Terrorist Finance Tracking programme. Even the Commission itself has clearly stated that it has no right to discuss this fundamental right in a trade agreement, and further demands for data protection to stay out of the trade deal.
So far so good, but a trade agreement is a deal and a deal means negotiation and negotiation means compromise. The US government is facing a strong lobby that wants it to include the free streaming of data in the agreement. The lobby is led by Google, Facebook, IBM and Hewlett-Packard. They are pressing for something they label “interoperability”. This would mean a mutual acknowledgement of data protection rules in the applicable countries. But the US does not have far-reaching data protection legislation, which was acknowledged by the ECJ in October when it ruled that the Safe Harbour agreement with the US is invalid.
“Interoperability” is nothing but a farce – a way to water down high data-protection standards in Europe, undermining the fundamental right to the protection of personal data. It further raises the question of whether the Commission is entitled to conclude TTIP negotiations unless the US reforms its data protection rules.
The European Parliament has shown that it has the power and the will to reject such agreements, but Jan-Philipp Albrecht, a German Green/EFA-Parliamentarian, still fears that data protection may find a way into the TTIP agreement. The EP can only say yes or no to the entire agreement. Given how long negotiations take, he fears that in the end parliamentarians will be unwilling to reject the entire trade agreement on the grounds of data protection.
Protect your data
It is now up to European civil society to show European institutions and first and foremost the European Parliament that the people it represents take a strong stance against the undermining of their fundamental rights. It is crucial to act now and remain persistent and persuasive in the claim for fundamental rights protection. If European civil society acts as one, it can claim and even enhance fundamental rights.
Investor protection and arbitral jurisdiction often top the debate around TTIP. This at times leads to the minimizing of the issue of data protection. But data protection is important and it will gain in importance in the future. The internet is not “Neuland”, as Merkel famously claimed, and we should not make the mistake of treating it as if it were. Aiming for high standards in data protection now can and will enhance much needed online security today and in the future. And it is up to us to claim it.