The massive tapping of data by security agencies in the US, with collaboration by Europe, has been raising questions. Are European Union interior ministers responsible? And how can data be better protected in the future?
The council of EU interior ministers, the European Commission and the European Parliament have been conferring on new data protection regulations for more than a year and a half. On one side, data protection advocates like EU commissioner Peter Hustinx have been pushing for as many citizen rights as possible. On the other side are those like British Justice Minister Chris Grayling, who warn against too many limitations for Internet companies in Europe.
The new legislative package is intended to replace regulations from 1995 - a time when the Internet was in its stone age.
Revelations on the massive capture of data by American and European security services have unexpectedly stimulated the discussion. German Interior Minister Hans-Peter Friedrich has spoken out in favor of subjecting American Internet companies such as Google and Facebook to the more stringent European law.
"A regulation must be found that essentially requires any company handling European data to be required to report with whom they share this data," Friedrich said to his European colleagues in Vilnius, the Lithuanian capital where the interior ministers met.
"If a company is required by other states' laws or other regulations to reveal this data, then the European Commission and the European citizens should be informed," he continued. Friedrich was likely aware, even before his most recent visit to the US, of how American companies have for a decade already been required to hand over data to American agencies when subject to court order.
Prior to the meeting in Vilnius, Friedrich had sought information on who could access communications data, and to what extent, under the umbrella of the "Prism" program. According to a statement by the German parliament's interior committee, these questions have not yet been answered.
From the point of view of the German government, information released by former American security agency whistle-blower Edward Snowden is unconfirmed. Other EU interior ministers have likewise held back on making public assessments over the spying affair.
Media reports accuse British and French security agencies of having similarly captured and assessed communications data. To what extent the German agency has done this, or tapped findings from other security agencies, remains unclear.
Intended working group
Peter Hustinx, the EU commissioner for data protection, told DW that nonetheless, he was blown away by the amount of data the US National Security Agency (NSA) had tapped. Like Friedrich, Hustinx argued for placing companies that operate in Europe under sharper European data protection requirements.
Cecilia Malmström, the European home affairs commissioner, said at the Vilnius meeting that contact had only just been initiated with the US Department of Justice - a working group is supposed to handle sharing of information on the matter. But no concrete results have come of this, either.
Malmström also pointed out that the EU is not alone responsible for data protection; security agency activities generally fall under the domain of member countries.
Question of sovereignty
Unlike many European interior ministers, Friedrich stands under domestic pressure over the data spying affair. He spoke of the need to protect the data sovereignty of citizens, calling it an important topic for the EU.
The security agencies themselves won't be specifically discussed at the meeting in Vilnius. German security agency expert Erich Schmidt-Eenboom said he would assume that American and European services work together closely, at least on the issue of terrorism.
International law does not really regulate espionage, including data gathering. Since usually the domestic parliament empowers a security agency to spy internationally, it's often the case that their activities are illegal in the country where they operate. So, often governments have special agreements with relation to spying.
In Germany, for example, the NSA has enjoyed special privileges under a NATO treaty since the 1960s. The construction of an espionage center in Wiesbaden, Germany, for the NSA - as reported by German "Mitteldeutsche Zeitung" - attests to this close cooperation.
In Vilnius, Friedrich - like German Chancellor Angela Merkel - encouraged in negotiations between Europe and the US the development of a digital "Magna Carta" that would guarantee basic data protection rights.
The idea is nothing new, as the White House in Washington already proposed this in February. Yet that charter would relate to data protection between consumers and companies, and not security agencies.
Friedrich in Vilnius mentioned as a long-term goal harmonizing terms for companies, which would also prevent distortions of competition in a US-EU free-trade zone.
German standards for Europe?
Germanyis seeking to implement its strict data protection regulations as the European standard. "It's especially important here that a company like Facebook can't just go to Ireland and say, 'we're observing data protection laws in Europe,'" Friedrich said.
Compared to Germany, Ireland has relatively lax data protection laws. Friedrich is rather promoting a unified standard for the entire European market, especially with regard to private customer data, contact lists and commercial use of photos.
Individual regulations in the EU's data protection package are still in contention. The European Parliament alone has laid 3,000 proposals for changes on the table. The council of interior ministers only in June returned with a legislative proposal. It's unclear whether the regulatory package can be agreed on before the European Parliament vote in May 2014.
It remains to be seen whether outrage over the data tapping will speed up the discussion.