The text, passed by 33 votes to 7 with 17 abstentions, condemns the “vast, systemic, blanket collection of personal data of innocent people, often comprising intimate personal information”, adding that “the fight against terrorism can never be a justification for untargeted, secret or even illegal mass surveillance programmes”.
"We now have a comprehensive text that for the first time brings together in-depth recommendations on Edward Snowden's allegations of NSA spying and an action plan for the future. The Civil Liberties Committee inquiry came at a crucial time, along with Snowden´s allegations and the EU data protection regulation. I hope that this document will be supported by the full Parliament and that it will last beyond the next European Parliament's mandate", said rapporteur Claude Moraes (S&D, UK), after the vote.
Data protection must be excluded from trade talks
Parliament's consent to the final Transatlantic Trade and Investment Partnership (TTIP) deal with the US “could be endangered as long as blanket mass surveillance activities and the interception of communications in EU institutions and diplomatic representations are not fully stopped and an adequate solution for data privacy rights of EU citizens, including administrative and judicial redress is not found”, MEPs say.
Parliament should therefore withhold its consent to the TTIP agreement unless it fully respects fundamental rights enshrined in the EU Charter, the text adds, stressing that data protection should be ruled out of the trade talks.
MEPs call for the "immediate suspension" of the Safe Harbour privacy principles (voluntary data protection standards for non-EU companies transferring EU citizens’ personal data to the US). These principles “do not provide adequate protection for EU citizens” say MEPs, who urge the US to propose new personal data transfer rules that meet EU data protection requirements.
The Terrorist Finance Tracking Programme (TFTP) deal should also be suspended until allegations that US authorities have access to EU citizens’ bank data outside the agreement are clarified, say MEPs. The EU-US data protection framework agreement to be struck in spring 2014 must ensure proper judicial redress for EU citizens whose personal data are transferred to the US, they add.
Digital “new deal”
The EU needs a “digital new deal”, to be delivered by the joint efforts of EU institutions, member states, research institutions, industry and civil society, say MEPs, noting that some telecoms firms have clearly neglected the IT security of their users and clients.
MEPs also urge member states to accelerate their work on draft EU data protection reform legislation so that it can be passed by the end of this year.
Trust in US cloud computing and cloud providers has been damaged by surveillance practices, MEPs note. They propose that Europe should develop its own clouds and IT solutions to ensure a high standard of personal data protection. They note that by 2016, the cloud market is likely to be worth $207 billion a year, double its 2012 value.
EU whistleblower and media protection programme
The resolution urges the European Commission to examine whether a future EU law establishing a "European whistleblower protection programme" should also include other fields of EU competence "with particular attention to the complexity of whistleblowing in the field of intelligence". EU member states are also asked to consider granting whistleblowers international protection from prosecution.
MEPs also cite the UK’s detention of David Miranda and seizure of material in his possession under the UK Terrorism Act and its demand that the Guardian newspaper hand over or destroy such material. They see these acts as "possible serious interference with the right of freedom of expression and media freedom", as recognised by the European Convention on Human Rights and the EU Charter.
EU countries should check their own secret services
The UK, France, Germany, Sweden, the Netherlands and Poland should clarify the allegations of mass surveillance - including potential agreements between intelligence services and telecoms firms on access to and exchange of personal data and access to transatlantic cables - and their compatibility with EU laws, it says.
Other EU countries, in particular those participating in the "9-eyes" (UK, Denmark, France and the Netherlands) and "14-eyes" arrangements (those countries plus Germany, Belgium, Italy, Spain and Sweden) are also urged to review their national laws and practices governing the activities of intelligence services, so as to ensure that they are subject to parliamentary and judicial oversight and public scrutiny and that they comply with fundamental rights obligations.
MEPs deem bilateral “anti-spying” arrangements concluded or under negotiation between some EU countries (the UK, France and Germany) and the US as “counterproductive and irrelevant, due to the need for a European approach to this problem”.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.