Motion for a resolution - B7-0342/2013Motion for a resolution
B7-0342/2013

MOTION FOR A RESOLUTION on the US National Security Agency surveillance programme, surveillance bodies in various Member States and their impact on EU citizens’ privacy

1.7.2013 - (2013/2682(RSP))

to wind up the debate on the statements by the Council and the Commission
pursuant to Rule 110(2) of the Rules of Procedure

Sophia in ‘t Veld, Sarah Ludford, Renate Weber, Cecilia Wikström, Nathalie Griesbeck, Leonidas Donskis, Ramon Tremosa i Balcells, Marielle de Sarnez, Andrea Zanoni, Hannu Takkula, Michael Theurer, Gianni Vattimo on behalf of the ALDE Group

See also joint motion for a resolution RC-B7-0336/2013

Procedure : 2013/2682(RSP)
Document stages in plenary
Document selected :  
B7-0342/2013

B7‑0342/2013

European Parliament resolution on the US National Security Agency surveillance programme, surveillance bodies in various Member States and their impact on EU citizens’ privacy

(2013/2682(RSP))

The European Parliament,

–   having regard to the Treaty on European Union, in particular Articles 2, 3, 6 and 7 thereof, and the Treaty on the Functioning of the European Union, in particular Article 16 thereof,

–   having regard to Council of Europe Convention 108 of 28 January 1981 for the Protection of Individuals with regard to Automatic Processing of Personal Data and the additional protocol thereto of 8 November 2001, and to the Council of Europe Committee of Ministers’ recommendations to Member States, in particular Recommendation No R (87) 15 regulating the use of personal data in the police sector and Recommendation CM/Rec(2010)13 on the protection of individuals with regard to automatic processing of personal data in the context of profiling,

–   having regard to the Charter of Fundamental Rights of the European Union, in particular Articles 7 and 8 thereof, and the Convention for the Protection of Human Rights and Fundamental Freedoms (ECHR), in particular Article 8 thereof on the right to respect for private and family life and Article 13 on the right to an effective remedy,

–   having regard to European Union law on the right to privacy and to data protection, in particular Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and to the free movement of such data, Framework Decision 2008/977/JHA on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters, Directive 2002/58/EC on privacy and electronic communications, and Regulation (EC) No 45/2001 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data,

–   having regard to the Commission proposals for a regulation and for a directive on the reform of the data protection regime in the EU,

–   having regard to the EU-US Mutual Legal Assistance Agreement allowing exchange of data for the prevention and investigation of criminal activities, to the Convention on Cybercrime (CETS No 185), to the EU-US Safe Harbour Agreement, in particular Article 3 thereof, and the list of participants in the agreement, to the ongoing negotiations on the EU-US agreement for the protection of personal data exchanged for law enforcement purposes, and to the current revision of the Safe Harbour scheme,

–   having regard to its previous resolutions on the right to privacy and to data protection, in particular that of 5 September 2001 on the existence of a global system for the interception of private and commercial communications (Echelon interception system)[1]; having regard to the EU-US PNR (Passenger Name Record) and TFTP (Terrorist Financing Tracking Programme) agreements,

–   having regard to the Guidelines for the regulation of computerised personal data files issued by the United Nations General Assembly in 1990,

–   having regard to the US Patriot Act and to the Foreign Intelligence Surveillance Act (FISA), including Section 702 of the 2008 FIS Amendment Act (FISAA),

–   having regard to Rule 110(2) of its Rules of Procedure,

US PRISM Programme and National Security Agency surveillance of EU Member States and the EU

A. whereas on 6 June 2013 the media reported on PRISM, a clandestine electronic surveillance programme operated by the US National Security Agency (NSA) since 2007; whereas PRISM is a development of a warrantless wiretapping programme revealed by media outlets in 2005 and legalised in 2007 through the Protect America Act and by the FISAA, which authorised mass surveillance –­ including in relation to EU citizens ­– of emails, chats, videos, photos, file transfers, social networking data and other data[2]; whereas, according to the US authorities, two programmes are being run, one on the metadata of telephone communications and the other on internet and emails, which cannot intentionally target US citizens or foreign nationals legally resident in the US[3], and consequently have other targets, including EU citizens;

B.  whereas private companies falling under the jurisdiction of the US Government, such as Microsoft, Yahoo, Google, Facebook, PalTalk, YouTube, Skype, AOL, Apple and Verizon, have been secretly turning over to the NSA personal data related to electronic communications; whereas former personnel of some of these private companies currently work for the NSA;

C. whereas EU institutions have been subjected to US surveillance and spying activities, including by placing bugs in the EU diplomatic representation to the US in Washington and to the UN in New York, infiltrating computer networks (emails and internal documents), performing cyber attacks from a NATO complex used by NSA experts against the EU in Brussels, notably the EU Council and European Council[4]; whereas the President of Parliament has called for clarifications in this regard[5]; whereas the US authorities have also targeted the French, Italian and Greek missions to the UN[6];

D. whereas the Commission wrote to the US authorities on 10 June 2013, raising European concerns and detailed questions on the scope of the programme and of the laws authorising it[7], and whereas the issue was discussed at the EU-US meeting in Dublin on 14 June 2013, where it was decided to set up a ‘transatlantic expert group’ to discuss PRISM and privacy issues;

E.  whereas the transatlantic partnership is paramount for both the EU and the US and whereas such relations should be based on loyal, faithful and equal cooperation among countries respecting fundamental rights, democracy and the rule of law;

F.  whereas the US administration affirms that democratic and judicial oversight have been guaranteed in conformity with the US Constitution, as the Congress’s competent bodies are informed on surveillance and as an FISA Court is competent for authorising surveillance of electronic communications;

G. whereas a bipartisan group of 26 US Senators has written to the NSA Director complaining that a ‘provision of the USA Patriot Act has been secretly reinterpreted to allow the government to collect the private records of large numbers’ of citizens and that the administration is relying on a ‘body of secret law’ to collect bulk private data of citizens, instead of using regular court orders or emergency authorisations[8];

H. whereas the US legal system does not ensure the protection of non-US citizens, such as EU citizens; whereas, for instance, the protection provided by the Fourth Amendment applies only to US citizens and not to EU citizens or other non-US citizens;

EU Member States cooperation with the US in surveillance

I.   whereas, according to media information, other Member States such as the Netherlands and the UK have been exchanging information collected via PRISM from private companies since at least 2010;

Member States programmes and surveillance of other Member States, the EU and third countries

J.   whereas the UK authorities, notably GCHQ (Government Communications Headquarters) and MI6, allegedly spied on foreign politicians and officials who took part in two G20 summit meetings in 2009, attended by the Commission President, the Council Presidency and a number of Prime Ministers of Member States[9], by monitoring their computers, intercepting and mapping phone calls of delegates between them and with their respective governments, to ensure a positive outcome for the UK Government and for the summit, including with the help of NSA personnel seconded to GCHQ in Menwith Hill, UK;

K. whereas GCHQ allegedly runs the ‘Tempora’ programme, tapping directly into undersea transatlantic cables carrying electronic communications; whereas masses of data are swept in an indiscriminate manner, stored for 30-day periods, processed and analysed and shared with the US authorities;

L.  whereas Commissioner Reding has written to the UK authorities to express concern about the media reports on the Tempora programme and asking for clarifications on its scope and operation[10]; whereas the UK authorities have defended GCHQ’s surveillance activities and affirmed that they operate under strict and lawful guidelines; whereas other Member States have expressed concern and criticism and asked whether their citizens have been targeted and whether the programme has been subject to any judicial oversight[11];

M. whereas other Member States reportedly access transnational electronic communications without a regular warrant but on the basis of special courts, share data (Sweden) with other countries, and may enhance their surveillance capabilities (the Netherlands Germany); whereas concerns have been expressed in other Member States in relation to the interception powers of secret services (Poland)[12];

N. whereas the reports by Parliament and the Council of Europe on the CIA extraordinary renditions and secret prisons programme highlighted the active and passive participation of EU Member States with the US through secret services collaboration; whereas in a number of countries secret services and secret agents have recently been accused of being used by those in power to spy on the opposition and on journalists[13] or of conducting deviated operations[14];

EU-US law and EU law applicable to Member States and cooperation with the US

O. whereas the European Union and its Member States have a duty to protect their citizens’ fundamental right to privacy and data protection, on the basis of the ECHR, the Charter of Fundamental Rights, international conventions, constitutions, EU and national law and the sovereignty and jurisdiction of the EU and its Member States;

P.  whereas the European Court of Human Rights has developed a strict body of case law, with stringent criteria to be respected with regard to state surveillance activities in relation to individuals, which states that any interference with the fundamental right to privacy of citizens must be proportionate and necessary in a democratic society, may only be permitted by law and must be subject to appropriate democratic and judicial oversight, failing which such activities ‘may undermine or even destroy democracy under the cloak of defending it’;

Q. whereas, under the Safe Harbour Agreement, the Member States and the Commission are entrusted with the duty of guaranteeing the security and integrity of personal data; whereas, under Article 3 of the agreement, the Commission has the duty, should the provisions of the agreement not be respected, to reverse or suspend the agreement; whereas the companies named in the international press are all parties to the Safe Harbour Agreement;

R.  whereas the US has signed and ratified the Convention on Cybercrime, and the convention entered into force in the USA in 2007, its principles thus forming part of US domestic law; whereas the convention stipulates that all measures for the ‘collection of evidence in electronic form’ of any criminal offence (Article 14) must provide adequate protection of fundamental human rights, in particular those laid down in the ECHR (Article 8, Privacy), must ensure compliance with ‘the principle of proportionality’ and must include safeguards such as judicial or other independent supervision, grounds justifying application and limitation of scope and duration of such procedures (Article 15);

S.  whereas the EU-US Agreement on Mutual Legal Assistance, as ratified by the Union and the Congress, lays down modalities for gathering and exchanging information, and requesting and providing assistance in obtaining evidence located in one country to assist in criminal investigations or proceedings in another;

T.  whereas a Data Protection Regulation draft for inter-service consultation contained a provision that made the disclosure of personal data to the authorities of third countries conditional on the existence of a legal foundation such as a mutual legal assistance agreement or international agreement and authorisation from the competent data protection authority[15]; whereas this provision is absent in the final Commission proposal;

1.  Calls for the establishment of a European Parliament committee of inquiry into surveillance programmes, pursuant to Rule 185 of its Rules of Procedure;

2.  Calls for the President of the United States to be invited to address the issue in plenary;

US PRISM programme and National Security Agency surveillance of EU Member States and the EU

3.  Expresses serious concern about the PRISM programme operated secretly by the US authorities with the collaboration of private companies, as it would constitute, should the currently available information be confirmed, a grave violation of EU citizens’ fundamental right to privacy and data protection;

4.  Calls on the US authorities to provide EU partners, at both EU and Member State level, with full information on the programme and on surveillance of EU institutions and Member States, and calls on the Commission, the Council and the Member States to do likewise; calls on private companies to provide information about their collaboration with US security agencies;

5.  Calls on the US authorities to suspend and review any laws and surveillance programmes that violate the fundamental right of EU citizens to privacy and data protection, the sovereignty and jurisdiction of the EU and its Member States and the Cybercrime Convention; calls on the US authorities to introduce laws to ensure that EU citizens can enjoy at least the same rights as US citizens in relation to privacy, data protection and effective remedies;

6.  Calls on the Commission, the Council and the Member States to use all the instruments at their disposal in discussions and negotiations with the US, at both political and expert level in order to achieve the above-mentioned objectives, including by refusing to sign the EU-US trade agreement until surveillance issues are resolved, and suspending the PNR and TFTP agreements;

EU Member States cooperation with the US in surveillance

7.  Expresses concern at the information relating to the alleged secret cooperation of Member States with the US authorities in the framework of PRISM and of other surveillance activities;

8.  Calls on the Member States to provide information in this regard to other Member States and the EU institutions and to freeze any such cooperation with the US authorities in relation to mass surveillance of citizens, as any other move would amount to a breach of loyal cooperation between the Member States and between these and the EU institutions, as well as a violation of citizens’ fundamental right to privacy and data protection;

Member States programmes and surveillance of other Member States, the EU and third countries

9.  Expresses serious concern at the revelations relating to alleged surveillance and spying activities run by the UK authorities against other Member States’ leaders and against EU institutions, notably for reasons unrelated to national security, such as on the occasion of G20 summits; expresses serious concern about the Tempora programme and the violation of the fundamental right to privacy of UK and EU citizens;

10. Calls on the UK authorities to provide their own citizens, EU citizens, the other Member States and the EU institutions with information on the above-mentioned activities and programmes and to suspend them at once;

11. Calls on all the Member States to examine the compatibility of their laws, activities and programmes relating to surveillance with the case-law of the European Court of Human Rights and international and European standards in this area, in order to guarantee appropriate democratic and judicial oversight and ensure that citizens’ fundamental rights and the European values enshrined in Article 2 of the TEU are upheld;

12. Calls on the Commission and the Council to discuss the issues raised in this resolution at the next JHA Council meeting; calls on them to carry out a review of EU counter-terrorism policies and internal security strategies, as requested by Parliament in its reports and in the light of the recent revelations;

13. Calls on the Cybercrime Unit of Europol to investigate espionage targeting the EU operated by the US and other foreign powers;

14. Calls for the EU Intelligence Analysis Centre (INTCEN) to be incorporated into the proper institutional framework, subject to safeguards and scrutiny;

15. Considers it regrettable that the Commission has dropped former Article 42 (anti-FISA clause) of the draft Data Protection Regulation, and calls for a public and detailed clarification of the reasons for this decision; calls on the Council to reinsert a similar provision and undertakes to do likewise; calls on the Council to accelerate its work on the Data Protection Directive;

16. Stresses that in democratic and open states based on the rule of law, citizens have a right to know about serious violations of their fundamental rights, as well as to denounce these, including against their own government; stresses the need for procedures allowing whistleblowers to unveil serious violations of fundamental rights and the need to provide such persons with the necessary protection, including at international level; expresses its continued support for investigative journalism and media freedom;

17. Calls on the EU institutions to review their practice of denying citizens their right of access to documents, as guaranteed by the Treaties, the Charter of Fundamental Rights and Regulation 1049/2001, on the grounds that this might cause harm to international relations, thereby granting foreign countries a ‘de facto veto’ on EU documents, as happened with the US on the second Europol Joint Supervisory Body (JSB) report on the implementation of the EU-US TFTP agreement;

18. Instructs its President to forward this resolution to the Council, the Commission, the Council of Europe, the governments and parliaments of the Member States, the United States authorities and the United Nations.