European PRISM anger gains momentum with fresh cloud warnings and data threats

There’s no stopping the slew of PRISM reactions coming out of Europe, and they’re getting more serious by the day. Yesterday we had the first senior European politician suggesting citizens shun U.S. web services over privacy fears, and on Thursday we have several new developments:

National cloud fears

The EU digital chief, Neelie Kroes, has already suggested that U.S. cloud firms may lose out to a “European cloud” thanks to the NSA’s activities. In a speech on Thursday she warned again that “concerns about cloud security can easily push European policy makers into putting security guarantees ahead of open markets, with consequences for American companies.”
However, Kroes also warned of excessive balkanization of European cloud efforts, arguing that national cloud projects — such as those in France — could lead to overly expensive services because of a lack of scale:

“If individual countries work disjointedly on separate national clouds, then the potential is lost. In this game, ambition can’t stop at borders. And this means the European Union has a critical role to play: creating scale, and forging co-operative links. This is about giving customers more reasons to use cloud services and helping cloud services reach maximum scale. This is why we were agreeing on EU-wide specifications today for cloud procurement.”

Major investigation

On Thursday the European Parliament (EP) overwhelmingly voted through a resolution relating to PRISM, and also the revelation of U.S. bugging operations targeting European institutions. Here’s what it says:

  • Full-blown inquiry — The EP’s Civil Liberties Committee will take evidence from sources in both the U.S. and EU, in order to “assess the impact of the alleged surveillance activities on EU citizens’ right to privacy and data protection, freedom of expression, the presumption of innocence and the right to an effective remedy.”
  • Warning to member states — The Parliament called out the UK, Sweden, the Netherlands, Germany and Poland, noting that all these countries are alleged to have “similar surveillance programs” (they clearly hadn’t heard about the French one yet). According to the EP, these countries should check whether these programs comply with European law (spoiler: they almost certainly don’t if you’re talking privacy law, but each member state has full control over its national security laws).
  • Hey U.S., hands off our data protection laws — It’s no secret that U.S. lobbyists have tried to dilute the EU’s upcoming data protection reforms to homeopathic levels, and the EP has now warned that European privacy standards should not be undermined by current EU-U.S. trade talks. The resolution also maintains that EU citizens should enjoy “access to the U.S. judicial system [that] is equal to that enjoyed by U.S. citizens” when it comes to data protection. My head is still spinning after reading that one.
  • Playing hardball with the U.S. — What’s more, the EP has called on the European Commission and member states to consider suspending existing data-sharing agreements with the U.S. as leverage in these negotiations. In particular, they referred to agreements about air passenger records and terrorist finance tracking.
  • Stronger protections for whistleblowers — The EP seems to want to protect any budding European Edward Snowdens, calling for “procedures allowing whistleblowers to unveil serious violations of fundamental rights” and stressing “the importance of providing such people with the protection they need, including at international level”.

While this is a non-legislative resolution, it was carried by 483 votes to 98 with 65 abstentions, so it’s pretty clear where EP sentiment lies on all this. Don’t forget that it’s less than a year until the EP elections, so parliamentarians will be keen to show themselves as active defenders of their constituents.

eHealth concerns

A report on Europe’s eHealth “revolution” has also just come in. While it doesn’t refer to PRISM specifically, it suggests electronic healthcare services won’t take off without “rebuilding trust in data privacy”.
It’s worth keeping an eye on this aspect of the surveillance fiasco – confidentiality is a core concern for medical professionals, lawyers, journalists and others, but how can they guarantee it to their patients and clients if all electronic data is potentially open to prying eyes?
Expect sparks to keep on flying.