The Cyber Intelligence Sharing and Protection Act (CISPA), currently undergoing democratic scrutiny in the US Congress, raises several concerns for the EU information society and for civil rights and fundamental freedoms. The act forces companies and Internet intermediaries to monitor all digital communications via American ICT systems and to collect information, with the supposed aim of ensuring network integrity and security. The act includes a section which exempts any actor involved in the monitoring and gathering of information under the act from any liability, including liability for infractions of fundamental human rights. While the provisions mentioning the aim of protecting intellectual property rights have been taken out, the intent of the act remains clear as it calls for a full monitoring system which, among other things, is to be used to enforce copyrights. However, such a full communications monitoring system would also permit undesirable monitoring for other purposes, and could be used to legitimise similar efforts in repressive regimes.

Most importantly, CISPA will force US Internet intermediaries and companies to monitor European citizen’s communications and to gather information protected under European data protection law.

1. Is the Commission aware of CISPA?

2. Has the Commission, in the context of the US legislative procedure, made a submission to the US authorities stating the position of the EU?

3. Can the Commission clarify whether or not CISPA is liable to affect European citizens and businesses and, if such is the case, in what way?

4. Does the Commission believe that CISPA is liable to conflict with EC law, notably EU data protection legislation and Article 15 of the E-Commerce Directive?

5. What measures will the Commission take to ensure that EC law is upheld, such that EU citizens and businesses can be confident that, within the EU, US law does not, in effect, take precedence over EC law?