Protecting Their Own: Fundamental Rights Implications for EU Data Sovereignty in the Cloud
University of Edinburgh - School of Law
June 21, 2013
Edinburgh School of Law Research Paper No. 2013/28
The recent PRISM scandal has illustrated the privacy risks that EU citizens take when their personal information is stored or processed in the cloud. Although EU data protection laws are designed to restrict the private actors handling that data from processing it in a way and for purposes that are unlawful, those laws have no effect on public bodies, including law enforcement and security agencies in third countries whose access to that data may be authorized by the laws of their own countries. This is the case even if such access would violate the individual’s fundamental human rights had it occurred within the EU. This article examines the means by which the existing EU data protection framework restricts the transfer of personal data from the EU to third countries particularly in a cloud context. It analyses whether the European Commission’s proposal for a new Data Protection Regulation in its current form is likely to increase or reduce the protection provided to EU citizens in this regard, and it looks at the potential threat that the laws of third countries may pose to EU citizens’ right to privacy with respect to data uploaded to the cloud. The article assesses, in particular, the laws authorising the US government’s access to personal data held or processed by US cloud providers, focusing specifically on the US Foreign Intelligence Surveillance Act of 1978 (FISA) . It also highlights the lack of equivalent protections currently granted to EU citizens by the US constitution. The article argues that in the light of the clear and present danger that provisions like §1881a of FISA represent to EU citizens’ right to privacy, the EU institutions - as part of their own obligation under the Charter of Fundamental Rights and, in the future, the European Convention on Human Rights must take the appropriate steps to protect their citizens from this kind of interference.
Number of Pages in PDF File: 31
Keywords: PRISM, surveillance, data protection, cloud computing, privacy, ECHR, Fourth Amendment, FISA
Date posted: June 22, 2013 ; Last revised: July 4, 2013
© 2015 Social Science Electronic Publishing, Inc. All Rights Reserved.
This page was processed by apollo7 in 0.313 seconds