During the consultation process before the finalization of the European Commission's reform of the European Union’s Data Protection directive, European Digital Rights (EDRi) proposed legislation that would prohibit US companies from retrieving personal data without European oversight.


Joe McNamee, Executive Director of European Digital Rights (EDRi), advocate, and lobbyist.


Brussels, Belgium

The Surveillance Practice: 

In 1995, the European Union (EU) adopted the Data Protection Directive (Directive 95/46/EC), which protected individual privacy by regulating the processing of personal data within the European Union. In 2012, the European Commission proposed a reform to the Directive in light of technological developments and the obvious need for greater privacy protection online.

At this time, EDRi argued that the United States government was already infringing on European jurisdiction by deputizing US companies to retrieve the data of European citizens. Based on new information leaked by Edward Snowden about the US government activities to gather information in Europe, EDRi pushed for new legal limits to protect against the NSA and other US government surveillance.

The Campaign: 

During the consultation process before the finalization of the European Commission's EU data protection reform, EDRi argued for legislation that would prohibit US companies from retrieving personal data without European oversight.

In particular, EDRi supported Article 42 of a leaked draft of the proposed regulation. Article 42 would specifically prohibit foreign companies from retrieving data from the European Union on the basis of any court order—without prejudice to existing MLATs or other agreements—unless there was prior authorization from a European authority. This proposal would create a significant conflict between US and European law. By asserting European law on US companies who are collecting data of EU citizens in the European Union, Article 42 would be a strong basis to motivate US companies to support domestic surveillance reform and more balanced trans-atlantic data sharing.

US tech companies, along with human rights organizations in the European Union, recognized that the fundamental rights of EU citizens were being violated and that something needed to be done.

The Strategy: 

EDRi argued the case to the European institutions. The proposed legislation wasn’t a drastic change from the current text—it simply reiterated the existing principles and improved the implementation of legislation. The relevant service of the Commission—the Directorate-General for Justice—accepted the provision and included it in its draft Regulation. However, after considerable US pressure, wherein which the US lobbied against the legislation by claiming it was going to lead to terrorism, financial meltdown, and child pornography, the provision was removed before Commission made its proposal.
EDRi obtained and published all of the relevant information about the proposal and US lobbying, trying to set the record straight in light of the misleading claims made by the US regarding the proposal and the backtracking of the European Commission.  But at that time—January 2012—they couldn't persuade any press outlets to pick up the story.
However, after being proposed by the European Commission, the proposal moved to the European Parliament. EDRi campaigned to have "Article 42" adopted as an amendment during that process. This was proposed by the parliamentarian in charge but received very little attention or support.
From January 2012 until June 2013, there was no realistic possibility of success, but the group carried on. However, once the Snowden leaks were published, the atmosphere changed completely. In this context, the fact that the US had successfully persuaded the Commission to delete the proposal was far more shocking.  News stories appeared in major publications, such as the Financial Times. As a result, an overwhelming majority of Parliamentarians saw the need to reinsert a modified version of the text into the Regulation.  When the Snowden revelations were published, the deadline for the tabling of amendments in the European Parliament had passed. The Parliament was able to vote for the anti-FISA safeguard because they had ensured that the amendment had been tabled.  Most recently, the German minister responsible has given his support for this provision to be included in the final European regulation.  
Of course, that one change to EU legislation is not enough for EDRi, however it is an important step and they continue to fight for similar legislation.

Lessons Learned: 
  • Be prepared and ensure all the elements of a successful campaign are in place, regardless of how hopeless things seem to be. Information can be leaked or an event could occur which may completely change the trajectory of your campaign.