Topic Submissions

USA Cyber Surveillance and EU Personal Data Reform: PRISM’s Silver Lining?


  • Joanna Kulesza





The paper covers the political and legal consequences of US deployed extensive cyber surveillance program, usually referred to with the codename PRISM. The author identifies the significant transnational legal challenges for privacy protection originated by US cybersecurity policy and the steps taken by other states aimed at limiting its consequences harmful to individual privacy. The author covers varying reactions to USimposed privacy intrusions, from Brazil’s plans to withdraw from the global network to some states’ suggestions of holding Washington internationally responsible for violating the International Covenant on Civil and Political Rights. The paper’s focus however is on the European personal data protection thus far not providing effective transnational protection of privacy, primarily through the strongly criticised and ineffective EU-US Safe Harbor arrangement. The EU personal data reform, approved by the European Parliament in March of 2014, seems the most significant consequence of mass privacy violations committed by the US National Security Agency and its agents. The 2012 proposed Data Protection Regulation, which, together with the new personal data Directive, are to replace the 1995 Data Protection Directive 95/46/EC put strong emphasis on the effectiveness of transboundary privacy protection, although cover also many other significant changes, such as introducing the right to be forgotten or centralising the personal data protection decisions thus-far distributed among national Data Protection Authorities, often varying in their interpretations of community law. The reform is to oblige all companies, regardless of their country of incorporation, to meet EU privacy laws as it introduces high financial responsibility for those who fail to do so, making it a trigger for a significant change in the way the online markets operate. The European approach seems significant for the entire international community not only because European citizens are an important element of the online markets, but also because personal data protection as a tool for safeguarding individual privacy has been adopted in over 100 out of the roughly 190 world’s countries. Including an element of transnational data protection in EU law is therefore certain to influence the approach to privacy in other continents.