By Sam Pfeifle
Publications Director

The most fiery discussion at the IAPP Data Protection Congress in Brussels came during its final session, with IAPP VP of Research and Education Omer Tene doing his best to referee a conversation between former U.S. National Security Agency (NSA) General Counsel Stewart Baker, anonymous Internet platform Tor’s Jacob Appelbaum, Vodafone CPO Stephen Deadman and Ralf Bendrath, policy advisor to German MEP and Data Protection Regulation Rapporteur Jan Philip Albrecht titled “Have You Been NSA’d? Government Access and the New EU Regulation.”

The highly anticipated session didn’t fail to deliver. Tene opened the discussion by declaring, “It’s already a great win for the privacy community that we’re having this session,” and it was hard to argue after seeing the likes of Baker and Appelbaum, polar ideological opposites, not only sitting side-by-side but later even posing for a goofy picture together.

However, the session was not without its heated moments.

Baker, now a partner at DC law firm Steptoe & Johnson, was allowed first whack at the question of how to square constitutional rights to privacy in the U.S. with the revelations of wholesale surveillance on the part of the NSA.  

“Everybody does this,” he claimed, “and trying to regulate it is something that only the U.S. and European Court of Human Rights has tried to do.” He noted that the current Data Protection Directive in the EU has specific exceptions for law-enforcement access and that mechanisms like Safe Harbor were never meant to cover government access.

“In Europe,” Baker said, “they’ll have to start at home if they want restrictions on espionage.”

Tene followed this up by pointing to the fact that France, just a few days after criticizing the U.S., passed its own law expanding law-enforcement access to online data and that, in the U.S., protection against search and seizure is a constitutional right.

“Yes,” responded Bendrath, “but only for U.S. persons. In Europe, it’s a fundamental right for everybody.” He noted a major point of contention in Europe is that Europeans have no means of judicial redress in the U.S. if they feel they’ve had their privacy rights violated.

Baker asked for a point of clarification: “Does the European Convention on Human Rights protect Afghani residents from a European surveillance agency?”

Bendrath responded in the affirmative.

This led to another exchange initiated by Appelbaum, who noted the chilling effect on democracy that persistent surveillance can create. “We are on the edge of what we once considered normal democratic life,” he said, “where we didn’t have to concern ourselves with freedom of association online.”

Then he directed comments at Deadman, noting that communications firms are complicit in this surveillance.

Stewart Baker (left) and Jacob Appelbaum pose for a playful photo after a very serious discussion on government surveillance at the IAPP Data Protection Congress 2013.

“I’ve been talking about human rights and the Internet for years,” Deadman responded. “This isn’t just a quirky side issue. It’s an important issue for the industry.”

Noting that Vodafone doesn’t currently operate in the U.S., he continued that “privacy is essential to our DNA, but, ironically, in every country that we operate, a condition of being there is rolling back that right. The government has the right to do whatever it wants.” He said the crowd would be amazed by the technological capabilities that have to be built in to comply with government requests in various countries.

“And the further you go from Europe, the more murky it gets,” he said. “For companies like mine, trying to navigate respect for customers’ human rights and not going that tiny step beyond the law in that country is a very difficult challenge.”

This led Appelbaum to question why, then, Vodafone complied with Egyptian demands to shut down the Internet during protests there, when that clearly was not supported by Egyptian law.

Deadman was very serious in his reply: “Yes, during the Arab Spring we were forced by Egypt to take down our network … But this wasn’t a decision made by executives in offices in London who could just push a button. This was done by our Egyptian CEO, by Egyptian citizens. We can’t operate in a country and engage in mass civil disobedience. We can’t just say, ‘Disobey the government, no matter the risk to your families.’ There are governments that are autocratic.”

Appelbaum asked why, then, was Vodafone doing business in Egypt. “Are there any red lines?”

“We pulled out of Myanmar and human rights was one of the reasons,” Deadman said. “If human rights is a reason, there’s often other reasons as well … but by not being in a market like Egypt, well, we connect people to the Internet. We’re a reason they can use Twitter. If we’re not there, someone else is there.”

There were a number of other interesting exchanges, including Baker saying Bendrath was “wrong in interesting ways” and Appelbaum gaining applause from the crowd for inciting the public to “leak more documents.” We were able to grab a rough recording of the entire session through my iPhone, should you want to spend an hour with it in the headphones:

Deadman got in some of the final words (right around 1:05 of the recording), speaking clearly as one for whom the topic was hardly theoretical. “We haven’t really hit the nail on the head with the balance of intelligence vs. privacy,” he said. “What disturbs me is that we weigh security in societal terms and then weigh privacy in individualistic and ephemeral terms. Privacy is a societal value. We have to look at it in those terms. The ability to speak freely, to organize ourselves, the ability to innovate and go against the grain. All of those are things society benefits from. There is a balance. As long as the sides of the scales are appropriately weighed, it’s okay. I don’t think anybody knows just how to do that yet.”

Read More By Sam Pfeifle:
Keynote: Forget Notice and Choice, Let’s Regulate Use
EU, U.S. Officials Indicate Potential Privacy Agreement at Data Protection Congress
Top Six Inadequacies Found During Privacy Audits
Big Data Jobs Board Sees Privacy Jobs Growing Fastest


If you want to comment on this post, you need to login.


Board of Directors

See the esteemed group of leaders shaping the future of the IAPP.

Contact Us

Need someone to talk to? We’re here for you.

IAPP Staff

Looking for someone specific? Visit the staff directory.

Learn more about the IAPP»

Daily Dashboard

The day’s top stories from around the world

Privacy Perspectives

Where the real conversations in privacy happen

The Privacy Advisor

Original reporting and feature articles on the latest privacy developments

Privacy Tracker

Alerts and legal analysis of legislative trends

Privacy Tech

Exploring the technology of privacy

Canada Dashboard Digest

A roundup of the top Canadian privacy news

Europe Data Protection Digest

A roundup of the top European data protection news

Asia-Pacific Dashboard Digest

A roundup of the top privacy news from the Asia-Pacific region

Latin America Dashboard Digest

A roundup of the top privacy news from Latin America

IAPP Westin Research Center

Original works. Groundbreaking research. Emerging scholars.

Get more News »

Find a KnowledgeNet Chapter Near You

Network and talk privacy at IAPP KnowledgeNet meetings, taking place worldwide.

Women Leading Privacy

Events, volunteer opportunities and more designed to help you give and get career support and expand your network.

IAPP Job Board

Looking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.

Join the Privacy List

Have ideas? Need advice? Subscribe to the Privacy List. It’s crowdsourcing, with an exceptional crowd.

Find more ways to Connect »

Find a Privacy Training Class

Two-day privacy training classes are held around the world. See the complete schedule now.

Online Privacy Training

Build your knowledge. The privacy know-how you need is just a click away.

The Training Post—Can’t-Miss Training Updates

Subscribe now to get the latest alerts on training opportunities around the world.

New Web Conferences Added!

See our list of upcoming web conferences. Just log on, listen in and learn!

Train Your Staff

Get your team up to speed on privacy by bringing IAPP training to your organization.

Learn more »

CIPP Certification

The global standard for the go-to person for privacy laws, regulations and frameworks

CIPM Certification

The first and only privacy certification for professionals who manage day-to-day operations

CIPT Certification

The industry benchmark for IT professionals worldwide to validate their knowledge of privacy requirements

Certify Your Staff

Find out how you can bring the world’s only globally recognized privacy certification to a group in your organization.

Learn more about IAPP certification »

Get Close-up

Looking for tools and info on a hot topic? Our close-up pages organize it for you in one easy-to-find place.

Where's Your DPA?

Our interactive DPA locator helps you find data protection authorities and summary of law by country.

IAPP Westin Research Center

See the latest original research from the IAPP Westin fellows.

Looking for Certification Study Resources?

Find out what you need to prepare for your exams

More Resources »

GDPR Comprehensive: Spots Going Fast

With the top minds in the field leading this exceptional program, it's no wonder it's filling quickly. Register now to secure your spot.

Be Part of Something Big: Join the Summit

Registration is open for the Global Privacy Summit 2016. Discounted early bird rates available for a short time, register today!

Data Protection Intensive Returns to London

Registration is now open for the IAPP Europe Data Protection Intensive in London. Check out the program!

P.S.R. Call for Speakers Open!

P.S.R. is THE privacy + cloud security event of the year, and you can take a leading role. Propose a session for this year's program.

Sponsor an Event

Increase visibility for your organization—check out sponsorship opportunities today.

Exhibit at an Event

Put your brand in front of the largest gatherings of privacy pros in the world. Learn more.

More Conferences »

Become a Member

Start taking advantage of the many IAPP member benefits today

Corporate Members

See our list of high-profile corporate members—and find out why you should become one, too

Renew Your Membership

Don’t miss out for a minute—continue accessing your benefits

Join the IAPP»