"Yes, you have the choice to be snooped by the Americans or the Chinese." The VP of a large European telecommunications company feeds my interest to the new technologies.
Edward Snowdon lifted the veil of the mass spying of European citizens and governments by the National Security Agency of the United States. It shocked with its scale. If a Chinese "Snowdon" shows up, he would probably attract even more interest.
Hardly anyone doubts and that all governments use intelligence to gather information about their opponents and partners. The disclosures made on the "Prism" program showed that the U.S. are using extensive personal data, collected or managed by companies in the IT sector. The information is then filtered by keywords. If you use words like terrorist, bomb or pig, it is likely that you will come into light. Tomorrow you could be refused a visa without explanation. Such "techniques," often justified by the fight against terrorism, are incompatible with the European concept of personal freedom.
Snowdon was on the lips of almost all my interlocutors during a recent visit in Washington. Reactions varied from guilty to aggressive. However, I heard some arguments as well.
Some say, "Everybody does it."
Yes, sure. But the NSA does it on a massive scale, as large IT companies and the servers that store information, are based on thee US territory.
Some say: "This helps to uncover potential terrorists."
Probably. But the U.S. Constitution and law protect American citizens, while the rest (in this case the Europeans) are vulnerable to interception. Furthermore, potential terrorists do not walk in the embassies of allies, do they?
Some say: "This information is collected by the government. It is not interested in personal stories."
Could be. But first, this is pretty controversial. Second, as previously seen with Wikileaks, Snowdon and more, this information is leaking. How can a European citizen know who exactly is in possession of her personal data? Would they agree that a foreign government has access to more personal data than what their national governments are allowed?
I, personally, do not find these arguments convincing.
What can be done?
The EU must place the issue of personal data protection where it belongs - in a relevant agreement or in the TTIP. For the later, the member states should give a negotiating mandate to the European Commission. The common digital market is not feasible without adequate commitment to privacy. The PNR and the SWIFT experience show that although difficult, such agreements on the sensitive issue of personal data protection are possible.
When adopting the directives on data protection and the network information security, the EU should consider the obligations of non-EU companies, operating on the EU market. They should bear appropriate obligations.
Last but not least: Europe should encourage the development of server farms or "data clouds", based on her territory. The EU economy should be able to offer storing large data on its own territory. Then users will be more confident and protected by the EU law.