US Surveillance Law, Safe Harbor, and Reforms Since 2013
44 Pages Posted: 2 Jan 2016 Last revised: 16 Sep 2020
Date Written: December 18, 2015
This White Paper is a submission to the Belgian Privacy Authority for its December 18, 2015 Forum on “The Consequences of the Judgment in the Schrems Case.” The Forum discusses the decision by the European Court of Justice in Schrems v. Data Protection Commissioner that the EU/US Safe Harbor was unlawful under the EU Data Protection Directive, particularly due to concerns about US surveillance law.
For the Forum, I have been asked to comment on two issues:
1) Is US surveillance law fundamentally compatible with EU data protection law? 2) What actions and reforms has the US taken since the Snowden revelations began in June 2013?
The White Paper draws on my background as a scholar of both EU data protection law and US surveillance law. It addresses serious misunderstandings of US national security law, reflected in official statements made in the Schrems case and elsewhere. It has three chapters:
(1) The fundamental equivalence of the United States and EU member States as constitutional democracies under the rule of law. In the Schrems decision, the US was criticized for failing to ensure “a level of protection of fundamental rights essentially equivalent to that guaranteed in the EU legal order.” This chapter critiques that finding, instead showing that the United States has strict rule of law, separation of powers, and judicial oversight of law enforcement and national security surveillance, which together make the US legal order “essentially equivalent” to the EU legal order.
(2) The Section 702 PRISM and Upstream programs are reasonable and lawful responses to changing technology. The Advocate General’s opinion in the Schrems case said that the PRISM program gave the NSA “unrestricted access to mass data” stored in the US, and that Section 702 enabled NSA access “in a generalised manner” for “all persons and all means of electronic communications.” This chapter refutes those claims, which appear to be based in part on incorrect stories in the press. Instead, the Section 702 programs operate with judicial supervision and subject to numerous safeguards and limitations. They examine the communications only of targeted individuals, and only for listed foreign intelligence purposes. The total number of individuals targeted under Section 702 in 2013 was 92,707, a tiny fraction of Internet users in the EU or globally.
(3) The US Congress and executive branch have instituted two dozen significant reforms to surveillance law and practice since 2013. The Schrems decision said that US privacy protections must be evaluated in the “current factual and legal context,” but did not address the numerous changes put in place since 2013. This chapter provides a readable explanation of each of these actions, which together constitute the biggest set of pro-privacy actions in US surveillance law since creation of the Foreign Intelligence Surveillance Act in 1978.
Suggested Citation: Suggested Citation