Do U.S. tech companies now have legal troubles in the EU?

Laws in this area can be tricky to interpret, so digest this caution, but I found this analysis from Bloomberg BusinessWeek of interest:

The Safe Harbor scheme (not recognized by the Germans, incidentally) allows U.S. tech firms such as Google to self-certify, to say that they conform to EU-style data protection standards even if their country’s laws do not. It’s not quite that simple—these companies really do need to jump through some hoops before they claim compliance; just ask Heroku—but it does largely come down to trust.

EU data protection regulators have already called for the system to be toughened up through the introduction of third-party audits, but frankly it now looks like the whole system is in tatters. U.S. companies claiming Safe Harbor compliance include Google, Yahoo, Microsoft (MSFT), Facebook, and AOL (AOL), all of which now appear to be part (willingly or otherwise) of the NSA’s PRISM scheme.

As EU data protection rules don’t say it’s OK for foreign military units to record or monitor the communications of European citizens—heck, even local governments aren’t supposed to be doing that—the Safe Harbor program now looks questionable to say the least. A lot of people have already pointed to the U.S. Patriot Act as a threat, and now the effects of that legislation are plain to see.

The update at the beginning of the article reads:

I’ll admit I am shocked to have received this response from the European Commission’s Home Affairs department to my request for comment, with particular regard to the impact on EU citizens’ privacy: “We do not have any comments. This is an internal U.S. matter.”

I don’t see kicking U.S. tech companies out of Europe as a promising way of starting U.S./EU free trade negotiations.  One possible legal “out” is discussed here.  If anyone is going to drive this issue forward, it is likely the European public, who of course still can insist on tougher standards.  Here is one description of Safe Harbor policies.  The tech companies themselves may fear a loss of international competitiveness, or that Safe Harbor standards will be toughened, you will find a discussion of commercial worries and their potential impact here.

Comments

You can think about this, in a very rough sense, as a principal-agent problem – where the United States is (supposedly) acting in NATO interests for European security. The texture here is complicated: European governments are more likely to realize the importance of American military protection. They're scared that the young generation of isolationist Americans want to strip European protections altogether (as Robert Gates very astutely hinted). They realize their military capacity is pathetic, and yield to the importance of good relations with the American intelligence and defense apparatus.

Then there's the principal-agent problem within the European countries, where the electorate is (incorrectly, but understandably) sick of whatever the hell they deem to be American "imperialism". They hate Iraq, and they're likely to see PRISM as a vindication of that mistrust. But the European bureaucracy is smart enough to know that w/o American military cooperation, their defenses are in shambles.

So to the extent the first agency dilemma trumps the second, this is unlikely to have any significant sea change with regard to American commerce in Europe is my view.

...defense against whom?

Hmm... the country that starts with R?

Sure - everyone in Europe lives in constant fear of Putin's panzers. And they check under their beds every night to make sure no reds are creating nightmares.

Well, they would if they were an American caricature of Europeans.

However, the Poles are a special case, being equally fearful of the country that starts with a G - after all, what is a few decades of relative peace compared to the previous centuries?

"Sure – everyone in Europe lives in constant fear of Putin’s panzers. And they check under their beds every night to make sure no reds are creating nightmares."

Not sure about everyone else, but that reads like a very true description of what Georgians (not that* state of Georgia) are doing these days.

The Poles seem to have successfully managed a rather positive reconciliation process with Germany, though. I don't doubt that there's much popular sentiment against Germany, but with the various outstanding issues settled, a commitment to positive relationships and a mutually profitable economic relationship, things seem settled.

As for Georgia, I suspect that Europeans would be as likely to criticize Georgia for starting the war as they would be to criticize the Russians for escalating the conflict. The Poles and Balts became wary of Russia because of the conflict, but that's it.

Seconding anon, but with a few further observations.

'They’re scared that the young generation of isolationist Americans want to strip European protections altogether'

Do you have any idea how few American personnel are left in Europe at this point? And the ones that are left tend to be based in facilities which are to America's benefit - the Landstuhl Regional Medical Center being a very concrete example, both by shortening medical evacuation times, and to keep American casualties out of American sight. http://en.wikipedia.org/wiki/Landstuhl_Regional_Medical_Center

'their defenses are in shambles'

From what, the fears that America lives in dread of? Who is supposed to be Europe's military opponent - the Soviets? The Chinese? The Iranians?

Because in the real world, the Russians remain a fairly pathetic mess of an oligarchy, the Chinese are a truly poor nation, and no one in Europe has anything approaching the American fixation on Iran.

I wonder why I read so many European elites talking about American absence from the world, then?

If America becomes isolationist, European responsibility will be as much as "peacekeeper" as the Americans were. Former German foreign minister on Syria, so many academic elites from top EU universities, etc.

Just read what the top dogs say.....

"I wonder why I read so many European elites talking about American absence from the world, then?"
Because you look for websites that confirm your biases.

Anyway the top dogs are very careful in what they say.

Anyway. American's vast military is crazy, expensive and pointless folly.
Why would Europe want to to emulate that? Especially after Russian joins the Euro oil is priced in Euro and gold is re-introduced for international settlement.

If I try hard enough, I can find a way to think about this (in a rough way, of course) as an application of Coase Theorem, Game Theory, Brinkmanship, Competitive Equilibrium, and probably dozens of other Economics buzzwords.

1. Is it actually the case that Europe is militarily weak? Compared to the United States, sure, but everyone is relative to the United States.

2. Is it actually the case European governments are that different from their populations? Europe's governments have maintained bans on GMO foods, IMHO with less justification than with the security issues, notwithstanding the central role of GMO foo bans in international agricultural disputes.

'Do U.S. tech companies now have legal troubles in the EU?'

Of course they do - and the funny thing, the best domestic political 'defense' of the PRISM program (denying that it works at all like it was reported - the changed Post article being pointed to as truth that the Post was wrong, as compared to the Post buckled after having made a mistake in lifting the skirt just high enough to see the combat boots) is that the NSA wasn't routinely spying on Americans, it was just spying on the rest of the world.

'I don’t see kicking U.S. tech companies out of Europe as a promising way of starting U.S./EU free trade negotiations.'

Of course not - but you may want to note how American data gathering regarding SWIFT turned out -

'... should this information about the financial activities of people, businesses and other organizations be available for politicians or police to monitor? And if so, should it apply domestically or internationally? Should security services in the US be able to monitor the banking information of European citizens, for instance?

(Image text - CIA seal over prison jail bars - Details of your late rent payments could end up in the strangest places)

Those are the questions that have overshadowed SWIFT's otherwise mundane daily operations for the past five years. On June 23, 2006, three US newspapers published a series of articles revealing that the US Treasury Department and the CIA had established a program to access and monitor the SWIFT transaction database after the September 11, 2001 terrorist attacks.

Privacy versus security

The US government called it the Terrorist Finance Tracking Program; many in Europe called it an illegal invasion of privacy.

Five years on, the issue is far from resolved, and it's back on the table on Thursday at a meeting in Budapest between interior and justice ministers from Europe and the US.

Once the international monitoring of financial transactions became common knowledge, politicians on both sides of the Atlantic were forced to respond.

In February 2010, a deal struck between the EU and US facilitating this anti-terror surveillance was overwhelmingly rejected by the European Parliament, with MEPs voicing concerns over inadequate protection of the privacy of European citizens.

European parliamentarians secured a string of concessions designed to better filter what information was sent abroad before approving a revised version of the so-called SWIFT agreement, which came into force August 1, 2010. The prime mover in the new deal was a promise to ensure that each data request from the US was "tailored as narrowly as possible in order to minimize the amount of data requested."

Recent reports from the European Commission and the bloc's anti-terror agency Europol admit that many of these concessions are not being honored in practice.

"It is unquestionably correct that EU and US authorities fight against terrorism together," EU Justice Commissioner Viviane Reding said in an interview with Spiegel Online last month. "But we must finally speak the same language when it comes to data protection, as well."

Policy versus implementation

When requesting data, US authorities are supposed to explain their reasons to Europol. Early in March, however, Europol complained that the requests were too vague for them to properly ascertain their validity.

The chair of Europol's data protection watchdog, Isabel Cruz, told the European Parliament in March about four applications for data, which were "almost identical in nature and request - in abstract terms - broad types of data." Cruz said that only information provided orally to certain Europol staff by the US convinced the authorities to transfer the data; as this information was not common knowledge, she said, it was impossible to verify its validity.

In response to Cruz's explanation, British Liberal Democrat MEP Sarah Ludford said that asking Europe's anti-terror agency Europol to filter requests from the US anti-terror authorities was "like putting the fox in charge of the chicken coop."

The European Commission said later in March that it was aware of 27,000 requests for data, but that it couldn't name an instance where this transatlantic cooperation had directly contributed to preventing or monitoring terrorist activities.' http://www.dw.de/finance-security-and-privacy-collide-in-swift-controversy/a-14987543

So let us check back in a couple of years to see how things play out -

'The EU commission on Thursday (17 March [2011]) downplayed data protection concerns over a deal allowing bulk banking data to be transferred to the US for anti-terrorism investigations, leaving a legal challenge over 'data mining' and privacy breaches as the only option for MEPs willing to continue the fight.

In a "tense" meeting behind closed doors, home affairs commissioner Cecilia Malmstrom fended off criticism from MEPs who the previous day had decried the "betrayal" of EU institutions after they had given their consent to the controversial Swift agreement.

Malmstrom presented a review of the first six months since the deal came into force, which "only got us more worried," German Green MEP Jan Philipp Albrecht told this website after the meeting.

"Things have become more clear now, they accept big bulk data being sent over to the US and to be searched via algorithms - which basically means data mining. I said this is unconstitutional, according to the European Court of Justice and the German Constitutional Court," he explained.

Noting that most MEPs now realise they should never have agreed to the deal, Albrecht said there was little the parliament could do at this point.

"We can't cancel the agreement, there is a sunset clause, but that's in five years. The only thing I see possible is to go to court. We are working it out with lawyers and campaigners to see how this can be done," he added.

The Swift affair, which started as a covert programme following the 2001 terrorist attacks on the US, exploded in 2006, when a story in the New York Times revealed that the Americans were secretly spying on European data using a mirror database of the banking communication company, Swift, located on US soil.' http://euobserver.com/justice/32010

Of course, the fact that this was big news in the EU doesn't mean that many people in the U.S. were aware of it, one assumes.

This is always such an interesting framing when it comes to 'free trade' agreements - the people making the treaty are supposed to freely trade away whatever it is America desires. In the case of the EU, the U.S. is not in the position to make demands on a junior partner - and this seems to be causing some serious dissonance among a certain segment of the American policy establishment.

"...where the electorate is (incorrectly, but understandably) sick of whatever the hell they deem to be American “imperialism”."

Not in Poland, Czech Republic, Slovakia, Baltic States or whatever country that has actual historical experience of living without "American influences".

>In 2007, one year after the United States initially proposed missile defense shields in Poland and the Czech Republic, Gallup found U.S. leadership enjoying relatively high approval ratings in those countries compared with the median European approval rating.

http://www.gallup.com/poll/112090/poles-czechs-more-positive-toward-us-leadership.aspx

And yet, strangely, here is some more up to date information concerning Polish reactions -

'The Polish government responded nervously. Some politicians voiced concern that the country would lose its special status in Washington, and that the move by Obama was an appeasement to Moscow. Jaroslaw Gowin, with Poland's governing Civic Platform party, said Obama's decision had been made independently of Polish sensitivities. Former Polish President Lech Wałęsa said he was deeply disappointed by the new US administration's plans. He stated: "The Americans have always only taken care of their own interests and they have used everyone else."[34] According to a September 18, 2009 poll, 56 percent of Poles supported Obama's decision and only 30 percent were against it.[29][35] Leader of main Polish opposition party, Jarosław Kaczyński, claimed that the decision of abandoning the shield was announced on September 17 not by accident [36] (the date is of great symbolic value to Poland, as on September 17, 1939 Poland was invaded by the Soviet Union). Polish newspapers showed mixed responses to the discontinuation, with some seeing it as a positive action,[37] and some saw it with very negative connotations.[37][38]

However Slawomir Nowak, a senior adviser to Polish Prime Minister Tusk, responded positively to the proposed short and medium range missile systems replacement of the long range systems: "If this system becomes reality in the shape Washington is now suggesting, it would actually be better for us than the original missile shield programme," he stated. "We were never really threatened by a long-range missile attack from Iran," he told TVP Info.[39][40]

Polish non-governmental response[edit]

The Polish daily newspaper Rzeczpospolita conducted a survey which showed that 48 percent of Poles believed the decision was good for Poland, while 31 percent had the opposite view.[41] In contrast, the Polish tabloid newspaper Fakt, ran a front page headline "Ale bylismy naiwni ZDRADA! USA sprzedaly nas Rosji i wbily name noz w plecy" which translates to "Betrayal! The U.S. sold us to Russia and stabbed us in the back".[42][43] This was also reported by other news organizations.[44]

According to a poll by SMG/KRC released by TVP 50 per cent of respondents reject the deployment of the shield on Polish soil, while 36 per cent support it.

The Associated Press reports "The move has raised fears in the two nations they are being marginalized by Washington even as a resurgent Russia leaves them longing for added American protection."' http://en.wikipedia.org/wiki/US_missile_defense_complex_in_Poland#International_reactions_to_discontinuation_of_project

The Polish responses are varied, though the numbers of Poles opposed to that specific project are a plurality, if not a majority.

However, the AP reporting does not bother not with the complex Polish reaction as such, but provides the insistent narrative that the Poles want American protection. Some Poles do, some Poles don't - though some of that reaction was influenced by the CIA secret prison system - Poles tend to find people running secret prison systems a bit too close to what they got rid of.

'When the Washington Post revealed the existence of the secret CIA prisons in 2005 it did not mention Poland at the request of the U.S. government, which didn’t want to upset its ally.

Poland’s then president Aleksander Kwasniewski was unaware for a long time of what was going on in Stare Kiejkuty. According to Polish media, Kwasniewski was astonished when in 2003, visiting American president George W. Bush thanked him – he apparently didn’t know that the Americans were running a prison in his country.

To this day Kwasniewski maintains that he didn’t know that the Americans were illegally holding, and even torturing, alleged terrorists in Poland. When he found out about it, he supposedly demanded that the facility be closed and the CIA find someplace else. What is assumed to be the last prisoner flew out of Szczytno-Szymany on Sept. 22, 2003 on a Boeing 737. All those involved doubtlessly hoped that the episode was thus definitely over and that this dark chapter in U.S.-Polish relations would never come to light. They were wrong.

A letter from the International Red Cross to the CIA that mentioned a secret Polish prison and torture was leaked, and lawyers for two of the men suspected of being terrorists by the Americans, Abd al-Rahim al-Nashiri and Abu Zubaydah, filed suits against Poland.' http://worldcrunch.com/world-affairs/exclusive-inside-a-secret-cia-prison-in-the-polish-countryside/scandal-torture-prisoners-black-sites-szymany/c1s10876/

And bonus points for just another data point about how the Post tailors its reporting.

Whole bunch of copy and paste and irrelevant information from Wikipedia yet nothing even close to address the finding of that Gallup poll, which is that Poles and Czechs see Americans in a far more positive light than the Brits and French.

Sorry - the citations are from Polish sources, dated 2 years after your 2007 information. Many Poles feel themselves played by the U.S., especially in terms of the CIA secret prison, as noted in the non-wikipedia article you apparently didn't bother to read. It is worth it - especially since it points out the pains Washington took in keeping the Polish government in the dark about things happening on Polish soil.

Poles are quite able to figure out when they are just being jerked around by a major power.

So here is a bit of information not from 2007 and not from Wikipedia -

'Official criminal investigation into CIA-run secret prison in Poland began in 2008 and Siemiatkowski became implicated in early 2012 after allegations about how much he really knew about the prison came to light.

The government has refused to say whether the Siemiatkowski was ever officially charged or not. But according to sources close to the investigation, charges were drawn up against him in 2012, Reuters reported.

Lawyers and activists argued in January that the investigation was being suppressed because it would embarrass the top echelon of the country’s government. Linking them with illegal detention and torture, it would also impact negatively on the relationship between Poland and its key ally, the US.

Siemiatkowski was the head of Polish domestic civilian intelligence agency during the time the ‘black sites’ were allegedly functioning. In 2005 he left office.

The investigation took on a twist when the original investigators were taken off the case in early 2012 and the case was transferred from the capital, Warsaw, to the southern city of Krakow.

“All these decisions are so irrational from the point of view of the effectiveness of the investigation [that] it is realistic to assume there is some political interference,” vice-president of the Warsaw-based Helsinki Foundation for Human Rights Adam Bodnar told Reuters.' http://endthelie.com/2013/02/20/poland-to-drop-charges-in-cia-secret-prison-investigation-report/

What an amazing example of libertarian autism.

Liberty, privacy and the dismantling of the surveillance state are >>>>>>>>>>>>>>>>> free trade and "international competitiveness" at this point.

As long as there is no relevant alternative to these companies, European will have to use them and give their data to the US government.

What the EU should do:
Toughen the standards so that these companies won't be able to do business in the EU anymore. Competition will rise and the world will be better for it.

What the EU will do:
1- Do some toothless negotiating, probably coming to some kind of agreement that can - just look at the Euro - be broken at will.
2. Give a lot of subsidies to some companies (probably in France and Greece, but all the 25 other countries will get something as well) to develop a European alternative to what we gave now. The EU commission will expect this alternative to be betterer, greenerer and biggerer than everything on earth before.
In the end it will come to nothing but a lot of taxpayer money for some EU commission's cronies.

If it's reasonable for the US to single out Huawei and ZTE as security threats, why shouldn't Europe do the same to US tech companies now? The situation is roughly analogous, no?

Aren't all the web companies saying they don't participate in PRISM or hand over any data to the Government? Is there any solid evidence to the contrary? Wouldn't "we were bullied into disclosing" be a more rational response if the Megacorps indeed were disclosing data? That'd deflect blame. I find it hard to believe all their collective denials are lies.

As a counterexample, the ISP's / cellphone firms are admitting their back-doors. Of course, the ISP / Cellphone privacy leaks are irrelevant to EU.

Ironically, this seems one place where people trust what the Government says more than the corporates?

As far as I know, they only denied granting "direct access" to their servers. Mr. Zuckerberg also said his company only hands over data to the government when required to do so by law -- so, you know, complying with the court order behind PRISM would fall under that. It's not really a denial of anything. Besides, for classified stuff they're probably legally prohibited from admitting to any knowledge or participation, even if something about it already leaked to the public. So you asked whether there was any evidence that their denials are false. I would say yes, there is: the existence of the PRISM program, for example.

(1) The European public is probably less fussed about privacy from government than libertarians in America are.

(2) The "Europeans" who would be targeted by these programs will be disaffected Muslim youth and radical clerics - and the "white" Europeans could not give a shit about the rights or sensibilities of that demographic.

(3) The major European governments are probably all in on this scheme (the Brits for sure) through NATO connections and arrangements.

As for b) ... EU-based businesspeople are acutely aware of the suspicion that the US government uses its supposedly "anti-terror, security" powers to facilitate some little nasty commercial espionage on overseas competitors of major US firms like Boeing. It is taken for granted in many tech circles already.

The current revelations about cell phone tracking and Internet tracking are not likely to be much use in stealing technical secrets from European competitors.

Wrong.

Britons don't give a damn about privacy, and their government acts accordingly.
Germans/Scandinavians etc DO give a damn about privacy, and their governments act accordingly.

1. 'The European public is probably less fussed about privacy from government than libertarians in America are.' Very wrong, at least in Germany - and the people most consistently concerned about privacy in the last generation are the Greens. Though you may have heard of this brand new party called the Pirates? They have been on a surprising winning streak in German electoral terms.

2. 'The “Europeans” who would be targeted by these programs will be disaffected Muslim youth and radical clerics – and the “white” Europeans could not give a shit about the rights or sensibilities of that demographic.'

Again wrong - or do you honestly think that Stasi targeted 'disaffected Muslim youth and radical clerics'? Actually, the second half of that statement is accurate - Stasi spent a lot of time and effort on 'radical' Lutheran clerics. Just like the Polish secret police did for 'radical' Catholic clerics.

3. 'The major European governments are probably all in on this scheme (the Brits for sure) through NATO connections and arrangements.'

Until they get replaced by other ones - such as the example noted above about Poland. Which is also why the U.S. tends to be careful about keeping its 'allies' in the dark. As for the UK - well, there is that special relationship to keep in mind.

There certainly are not Russian hordes crossing the Fulda Gap but it would be interesting to see a pure EU response to problems in France's colonial backyard without a 90% US funded NATO, police actions in the Balkans, or naval patrols in the Mediterranean and the Horn of Africa. The US is ever creeping back to realpolitik and will be more immune to Amrchair Generals/Monday morning quarterbacking.

The focus on Google and Microsoft by EU regulators is probably because they are not major employers or taxpayers for the EU2 or EU1. Also, it is an indirect response to the fines levied on EU companies such as Siemens, Daimler, Total, Alcatel-Lucent, and BAE (major shareholder for Airbus) by the US government from charges stemming from the US Foreign Corrupt Practices Act.

'but it would be interesting to see a pure EU response to problems in France’s colonial backyard without a 90% US funded NATO'

What makes you think the EU cares that much about French colonial backyard problems?

And speaking as an American just young enough not to have been worried about being drafted, why the hell should the U.S. ever, ever participate in anything involving French colonial backyards?

Comments for this post are closed