By Christopher Kuner
The recent revelations concerning widespread US government access to electronic communications data (including the PRISM system apparently run by the National Security Agency) leave many questions unanswered, and new facts are constantly emerging. Thoughtful commentators should be hesitant to make detailed pronouncements before it is clear what is actually going on.
Nevertheless, given the potential of these developments to fundamentally reshape the data protection and privacy landscape, I cannot resist drawing a few high-level, preliminary conclusions, from a European perspective:
Legal protection without political commitment is insufficient to protect privacy. In the regulation of data flows across national borders, trying to resolve conflicts between privacy regulation and government access requirements solely through legal means puts more pressure on the law than it can bear. In addition to strong legal measures, we need greater commitment to privacy protection at the political level, which unfortunately is lacking in many countries.
Government access to personal data is a global issue. International Data Privacy Law recently published a detailed legal analysis last year of systematic government access to private-sector data in nine countries (Australia, Canada, China, Germany, India, Israel, Japan, the UK, and the US), and concluded that a lack of adequate transparency and clear legal standards in this area is a global problem. Revelations about the US programs should not distract attention from issues regarding government access to data in other countries. Continue reading