See below the text of the article by the CloudVPS CEO about the worrying European privacy situation that was published in de Volkskrant on May 5th.
An American judge has decided that Microsoft is to hand over customer data to American criminal investigation services, even if this data is stored on servers outside of the United States. Another disheartening blow to the weak privacy protection European citizens enjoy. Why does the European Union nevertheless engage with American parties like HP in deploying a protected European cloud? And why is the so called ‘privacy certificate’ for Microsoft not recalled immediately?
A new, stricter European set of privacy laws has been approved by the European Parliament on March 12th. According to this new privacy ruling, companies that process European data are held to stricter rules. If they fail to comply, they can be fined considerably. Earlier this month, as the first of the cloud computing service providers, Microsoft received a privacy certificate, a declaration that the service complies with European legislature. This means that personal data from European Union countries can be placed in the Microsoft clouds without further national checks. The ruling from the American judge has now made crystal clear that the American government will have free access to these data.
Behind the scenes
When we take a look behind the scenes, it doesn’t seem that surprising that our privacy rights are being handled this carelessly by the European Union. Lobbyists like EPA and organisations like DigitalEurope are putting up a strong fight to weaken the new European rules as far as they can, to enable their members, many of them American multinationals, to monetise European personal data. Lobbyists and branche organisations such as Eurocloud, Nederland ICT, DigitalEurope and the European Cloud Partnershop claim to look after European interests, even though American multinationals make up a great part of their member list. None of these organisations clearly takes a stand against data espionage by the United States. This shows that they don’t take European interests that seriously. It seems that the most effective privacy protection measures have been undermined or accommodated with loopholes by now.
Towards an American Cloud for European data
Also where the implementation of a own European cloud is concerned, the European Union seems to give in to the wishes of the large American companies: European Commissioner Neelie Kroes recently contracted American technology giant HP for implementing a European ‘CoCo Cloud’ (CoCo meaning “confidential and complaint”). After the ruling by the American judge in the Microsoft case, it has become clear that HP too will be forced by American legislature to share information with organisations like the NSA. “After Snowden, how can we still trust American companies with our confidential data? By choosing HP, Kroes invites the NSA to grab data”, European Parliamentarian Judith Sargentini states.
This week it has become quite clear that American providers cannot guarantee safe data storage. However, the United States still seem to get the benefit of the doubt and neither suspension nor renegotiation of the relevant treaties have been mentioned. Look at the Safe Harbor Treaty for instance, that enables American companies to get permission for storing European personal data, by having them self certify with respect to certain privacy principles. Even though the EU recently issued a separate resolution that once again called into question the treaty’s credibility, no action whatsoever was undertaken to suspend it. The European privacy supervisors united in the Article 29 Working Party want the European Commission to suspend the Safe Harbor Treaty should discussions between the EU and the US not lead to a positive outcome, but this too is just a continuation of the current discussion. European Parliamentarian Sophie in ’t Veld aptly summarised back in 2013: “ We are an economical giant and we act like a political dwarf. The European Commission and their member states are being extremely timid and weak. They are abandoning their citizens”.
What is Europe so afraid of? Have the lobbying activities of Microsoft, IBM, Amazon and the American government really been this effective? It seems like they have. Not only are privacy matters snowed under this way, a huge economic opportunity is missed as well. If the Safe Harbor Treaty and the privacy certificates are revoked and strict European privacy rules are followed, Europe could become the location of choice for storing privacy sensitive data. The European economy could profit greatly from this. In June this year, the privacy law will be reviewed by the European members’ ministers. Until then it is imperative that the economic and societal benefits of strict privacy regulation are emphasised, instead of weak signals being sent out by allowing the building of the European cloud by an American company, while lulling the European citizen to sleep with empty privacy certificates.