On 28 October 2015, Nicolas Schmit, the Minister responsible for relations with the European Parliament during the Luxembourg Presidency of the Council of the European Union (EU), addressed the plenary assembly in Strasbourg in reply to an oral question on the mass electronic surveillance of EU citizens. The oral question, submitted by Claude Moraes (S&D) on behalf of the European Parliament's Committee on Civil Liberties, Justice and Home Affairs (LIBE), concerned the Council's political assessment of the mass electronic surveillance of EU citizens and the measures taken by the Council since the Parliament's resolution on the subject, tabled on 12 March 2014, and those measures it plans to take. Minister Schmit spoke following a debate at the European Parliament on 14 October 2015 on the consequences of the 'Schrems' judgment by the Court of Justice of the EU, invalidating the Safe Harbour scheme, which had provided the framework for the transfer of private data on European citizens to the United States.
The Council is committed to adopting a strong framework on data protection by the end of the year
By way of introduction, Nicolas Schmit reminded those present that the Council shared the European Parliament's concerns regarding the secret surveillance programmes and their impact on the private lives and personal data of EU citizens. The Minister stressed that while Member States must take steps to protect their citizens from terrorism and other attacks on their sovereignty, they must also protect fundamental rights.
On this point, the Minister said that the starting point for the EU was, in fact, respect for the Charter of Fundamental Rights, including European citizens' right to personal data protection. He said that in the United States, the evaluation of security and protection is linked to the country's own experiences, and therefore differed from Europe's assessment.
The Minister stressed that the increasing use of mass surveillance had not been preceded by any public democratic debate, as rightly pointed out by the report by Claude Moraes tabled on 12 March 2014.
The Minister then said that it was for the Commission to take appropriate action in the wake of the Schrems judgment, and that a first assessment had already been carried out at the Justice and Home Affairs Council of 9 October 2015. His position had not changed since his comments on 14 October 2015, at the mini plenary session on the consequences of the suspension of the Safe Harbour scheme, said Nicolas Schmit. One of the things the Minister wanted to see was reassurance for citizens regarding the protection of their data, and for companies to be informed of the other legal possibilities for data transfer. He also urged the Commission to work closely with the national data protection authorities to ensure that the judgement is applied in a uniform way.
Nicolas Schmit also referred to 'two positive international developments concerning mass surveillance': firstly, the framework agreement on data protection (referred to as the 'Umbrella Agreement'), initialled in Luxembourg on 8 September 2015, which is, in his view, 'a step forward in terms of guaranteeing data protection and offering EU citizens in the United States avenues for legal recourse in the law enforcement area', and secondly, the 'US Judicial Redress Act', which was recently put before Congress.
On the framework agreement, Nicolas Schmit said that the Council was waiting for the Commission's proposal and that the European Parliament would be called on to give its assent to the proposal.
On the subject of specific measures taken following the March 2014 resolution, Nicolas Schmit said that the protection of fundamental rights in the digital age was a 'permanent' agenda item at meetings between the EU and the United States, both when these involve high-level officials and when they involve politicians. 'These meetings have made it possible to re-establish confidence in the processing of personal data, and have resulted in the US authorities putting the Judicial Redress Act before Congress', he said.
Nicolas Schmit then mentioned the meeting held in Riga on 3 June 2015 between the EU's Ministers for Justice and Home Affairs and their counterparts in the United States. This meeting resulted in the Riga Declaration, which sets out specific cooperation measures for the next five years. 'These steps relate, in particular, to measures on data protection and involve a commitment by both parties to step up implementation of the agreement on mutual judicial assistance, which was concluded so that the law enforcement services may cooperate better, while respecting data protection', said the Minister.
Finally, Nicolas Schmit welcomed the stepping up of negotiations with the European Parliament on the data protection package (a general regulation and a directive on the protection of data used for law enforcement). The Council and the Parliament are both committed to adopting a strong data protection framework by the end of the year', he said. On this basis, the Council will continue to cooperate with the Parliament and the Commission to strengthen the rights to privacy and to develop Europe's digital economy, concluded Nicolas Schmit.
The European Commission's position
Valdis Dombrovskis, Vice-President of the Commission and Commissioner responsible for the Euro and Social Dialogue, said that the Commission remained concerned by reports in the media about surveillance programmes and breaches allowing access to the data of European citizens, while making it clear that national security remained an area for which the Member States are responsible.
The Commissioner reminded those present that two proposals for data protection reform were in the final stage of interinstitutional negotiations. He also mentioned the 'Umbrella Agreement' and argued for the introduction of a European strategy to bring about greater independence of IT technologies, announcing that the Commission would launch this strategy in 2016. Finally, the Commissioner said that a swift response was needed by the Commission in the wake of the Schrems judgment, and announced that negotiations on the directive on network and information security (NIS), designed to improve Member States' capacities to react to cybercrime threats, were expected to be completed by the end of the year.
The position of MEPs
Claude Moraes (S&D), author of the Parliament report and Chair of the LIBE Committee, pointed out that mass surveillance was one of the most important areas for protecting citizens' privacy. The result of the plenary vote in March 2014 bears witness to this, with 544 MEPs voting in favour of his report. 'Protecting privacy is not optional; it is fundamental in order to gain the trust of our fellow citizens', he said. The rapporteur said he was 'proud' that the Parliament had gone into detail in order to protect fundamental rights in the digital age, pointing out that while surveillance is key to combating terrorism, it is vital for there to be trust in the way in which mass surveillance is carried out.
During the debate that followed, many MEPs called for respect for fundamental rights, at a time when mass data collection was becoming 'common practice' by many Member States, as well as for the introduction of solid data protection legislation. They argued that a balance needed to be struck between security and the private lives of individuals.
Other MEPs complained of the Commission's 'silence' and 'inactivity' following the revelations by Edward Snowden from June 2013 onwards, and called upon the institutions to 'assume their responsibilities'.