Sign Up

Transatlantic Trade: Data Privacy First

How might the NSA scandal help the EU land a win on data privacy in trade talks with the United States?

July 8, 2013

Credit: Maksim Kabakou -

Talks about data security and privacy rights between the United States and the EU have never been fun.

Sabine Muscat
Transatlantic Trade Barriers

Data Privacy
Car Crash Test Dummies
Wine, Cheese And Trade
Coming Soon: Food Safety
Coming Soon: Cosmetics

Never has this been truer than right now in the wake of the National Security Agency (NSA) scandal, some of which targeted European allies of the United States.

Faced with U.S. demands to go easy on the European Data Directive and to make the transfer of data in Europe easier for its companies, the EU had long hoped to avoid the issue in Transatlantic Trade and Investment Agreement (TTIP) talks scheduled to start in Washington this week.

But now the tables have turned. After the leaks about the NSA’s secret spying programs on global Internet and phone communications, the Europeans are no longer on the defensive.

Rather than warding off U.S. calls for weakening EU standards, they can now demand that the U.S. strengthen theirs.

The trade talks will start today in Washington as planned — despite calls from European politicians to shelve them. And in the official talks, the data issue will be off the table.

However, European Commission President Jose Manuel Barroso announced in early July that a EU-US working group on data security would meet in parallel in the same week.

According to Barroso, “this meeting will look for clarifications on issues like data protection and privacy rights of European Union citizens”.

The decision to have this dialogue behind closed doors is a hard-won compromise.

Some European politicians — from French President François Hollande to the German Green Party — were so outraged about the revelations of the PRISM program that they threatened to pull the plug on the whole idea of a transatlantic free trade agreement.

U.S. President Barack Obama — after initially dismissing European concerns over the PRISM program — assured German Chancellor Angela Merkel that his government takes the allegations “very seriously.”

And German interior minister Hans-Peter Friedrich will travel to Washington this week to discuss the issue with Attorney General Eric Holder and NSA Director Keith Alexander.

The discussion over free flows of data versus citizens’ privacy rights would have loomed over the TTIP talks no matter what. Now they will take center stage, even if they are not officially on the agenda.

The issue splits American political and commercial interests opposite European sensitivity about privacy rights. Major U.S. Internet companies have been lobbying hard against European laws they deem harmful to their business models.

In the wake of 9/11, the United States pressured the EU to allow the sharing of financial data and airline passenger name record agreement for the purpose of tracking terrorist activities. EU officials and parliamentarians are now threatening to end these agreements.

Europeans are traditionally very sensitive about privacy.

In an op-ed for the New York Times, Malte Spitz, a member of the German Green Party, explained how the experiences with the Gestapo and then the Stasi made Germans particularly skeptical of all efforts to gather data about private citizens — whether for commercial or other purposes.

German data retention laws are even stricter than the EU average. In 2010, the country’s supreme court declared the EU Directive that called for a six-month period of retention as unconstitutional.

Ever since, German telecommunications companies have operated in a grey zone where they store connection and billing data anywhere between one and three months.

In the meantime, the European Commission is still trying to force Germany to implement the European Data Retention Directive. The European Court of Justice is scheduled to hear lawsuits brought by highest courts of Ireland and Austria against the directive on July 9.

T-Mobile US, a subsidiary of Deutsche Telekom, says that it voluntarily deletes connection data in the Unites States after a certain period of time — even though this is not required. In the United States, data can be stored indefinitely.

Germans were at the forefront of most European efforts to curtail the appetite of Facebook and Google for more and more consumer data.

German and Irish authorities were the driving force in banning the use of Facebook’s facial recognition tool, and they even forced Facebook to delete all previously collected data.

When Google introduced Street View in Germany in 2010, it had to allow citizens to request photos of their houses to be blurred. This was so cumbersome for the company that it turned off Street View altogether in the country.

For a long time, Europeans have regarded the protection of data privacy in the United States as inadequate.

“Transatlantic Free Trade Zone? But only when the U.S. provide improved data protection!”, Germany’s Federal Commissioner for Data Protection and Freedom of Information Peter Schaar, posted on his office’s website in May.

The Safe Harbor Agreement, under which U.S. companies can voluntarily comply with European rules, was not enough, he warned.

Meanwhile, in the United States there has been growing concern over the EU’s planned reform of its Data Protection Directive. The draft includes the “right to be forgotten,” which means that companies would be obliged to delete personal data upon request).

That might further complicate U.S. companies’ transatlantic business relations.

Considering the difficult spot their own government is in, it is hard to imagine that U.S. companies will have much leverage on this issue in the TTIP talks. It looks like data privacy might turn out to be the first European win in the transatlantic trade arena.

In the meantime, European governments will have some explaining to do to their own populations as well.

After all, it is becoming clearer by the day that European intelligence agencies cooperated closely with the NSA and were happy to use the data collected under the much more generous U.S. laws.


Europeans are no longer on the defensive. They can now demand that the U.S. strengthen data standards.

The discussion over free flows of data versus citizens' privacy rights will take center stage.

U.S. Internet firms say European laws harm their business models. They have less leverage now.

Data privacy might turn out to be the first big EU win in the transatlantic trade arena.