EU Parliament to vote on new rules aimed at ending US data mining

The EU is making its first major move to counter spying activities conducted by American intelligence services. A new regulation aimed at restricting shady data transfers from EU states to the US is about to be voted on by the European Parliament.

The European Parliament's Committee on Civil Liberties is expected to vote on a set of altered data protection rules on October 21.

The new legislation would ban the transfer of European data to third countries unless based on EU law or under a new transatlantic pact with Americans complying with EU law.

It would also subject large US companies and social media providers to European law, and would authorize fines for violations – potentially running into billions of euros, the Guardian reported.

The ban was initially proposed two years ago, but was removed from the agenda due to heavy pressure from lobbyists in Washington.  

But the discussion has been revived following leaks by whistleblower Edward Snowden, which revealed that American tech giants - including Google, Facebook, Microsoft, and Yahoo - have provided the National Security Agency (NSA) with massive amounts of personal data belonging to European citizens.

The MPs behind the draft are calling for a new transatlantic pact which would see the US complying with EU law in order for its companies to have access to the European market’s 500 million customers.

"Without any concrete agreement there would be no data processing by telecommunications and internet companies allowed," states the summary of the proposed data protection rules. 

The European Commission is calling for fines of up to two percent of a company's annual global turnover if it fails to stay in line with the new rules. The European Parliament says the penalty should be five percent. 

The European Digital Rights (EDRi) advocacy group, which unites 35 privacy and civil rights organizations, has urged MEPs to “vote for strong data protection rules,” stating that a lack of strict measures “will undermine the rights and freedoms of European citizens.”

"The choice is between clear, harmonized, predictable and enforceable rules that will benefit European citizens and businesses or unclear, unpredictable rules that will benefit nobody except data monopolies and lawyers," Joe McNamee, EDRi's executive director, said in a statement.

But despite EU Justice Commissioner Viviane Reding saying that “there will be no legal loopholes any more” in the proposed rules, some parliamentarians believe that US intelligence will still be able to find ways to bypass the ban.

The new legislation has no power over European security or national intelligence services of the 28 EU member states, which all have their own approach to data privacy issues.

"This regulation doesn’t regulate the work of intelligence services," German MEP Jan Philipp Albrecht said. "Of course, national security is a huge loophole and we need to close it. But we can't close it with this regulation."   

Besides the proposed legislation, there are currently a number of other transatlantic arrangements which regulate Europe’s supply of air passenger data, financial transactions, and banking information aimed at cutting funding to terrorist organizations. There is also the so-called ‘Safe Harbour’ accord which regulates data exchange between US and European companies.

The EU Commission claims all of those deals will be put on hold until the US agrees to play by the new rules. However, such harsh measures are unlikely to be backed by national governments.

Senior officials in Brussels told the Guardian that the proposed fines are “a joke,” and aren’t significant enough to make the American tech giants comply with European rules.

They reminded that while breaking EU law, US-based companies consistently argue that they are not required to abide by European legislation. Instead, they maintain that they are only subject to secret court orders of the US Foreign Intelligence Surveillance Act (FISA), which facilitates the work of the NSA.

"The problem is that when these companies are faced with a request whether to comply with EU or US law, they will usually opt for the American law. Because in the end this is a question of power," EU Justice Commissioner Reding said.

If the European Parliament agrees on the new rules, they will still need to be negotiated with the European Commission and the governments of the 28 EU member states.