By Tom Jackson
On November 26, 2014, the Article 29 Working Party released a short joint statement containing a series of declarations on: (i) “European values”; (ii) “surveillance for security purposes”; and (iii) the “European influence.” The joint statement emphasizes the balance to be struck between protecting data protection rights and allowing national intelligence agencies to perform their duties, and the fundamental importance of European data protection rights more generally. These affirmations are particularly significant in the context of both the Snowden revelations and the ongoing Transatlantic Trade and Investment Partnership (TTIP) negotiations.
Among the highlights of this joint statement, the Working Party stated that:
- The protection of personal data is a fundamental right, which must be balanced with other fundamental rights such as non-discrimination, freedom of expression and security.
- “Secret, massive and indiscriminate surveillance” of individuals in Europe is “neither lawful … nor ethically acceptable.” Likewise, the unrestricted bulk retention of personal data for security purposes is similarly unacceptable, and processing of personal data for surveillance activities must include the supervision of national data protection authorities.
- As a rule, a public authority in a non-EU country should “not have unrestricted direct access to the data of individuals processed under EU jurisdiction.” The EU’s data transfer mechanisms – Safe Harbor, binding corporate rules and standard contractual clauses – should not be used to transfer data to a third country authority for the purpose of mass surveillance.
- Where organizations collect data which provide very precise information on the private lives of individuals, these data should be stored in such a way that an independent authority can monitor and control their compliance with data protection requirements. The Working Party suggests that storing the relevant data on EU territory is an effective way to ensure this.
- The EU draft data protection package ideally should be adopted in 2015.
- The European level of protection of personal data should not be eroded by bilateral or international agreements, including agreements on trade with third countries.
The Working Party provides a dedicated web page for the submission of comments on the joint statement from all interested stakeholders, which it will take into account in its activities during 2015.
Tom Jackson is a trainee solicitor in Covington’s London office. He attended the University of Oxford and BPP Law School.