IAPP-GDPR Web Banners-300x250-FINAL

By Jedidiah Bracy, CIPP/US, CIPP/E

The Washington Post
reports on the U.S. National Security Agency’s online data surveillance system called PRISM. According to leaked documents and Power Point slides, the NSA and the Federal Bureau of Investigation “are tapping directly into the central servers of nine leading U.S. Internet companies, extracting audio and video chats, photographs, e-mails, documents and connection logs” that allow intelligence analysts to track foreign threats.

National Intelligence Director James R. Clapper said, “information collected under this program is among the most important and valuable foreign intelligence information we collect,” and warned that the disclosure of this “entirely legal program…risks important protections for the security of Americans.”

Several of the online businesses named in the documents say they do not allow unfettered access to their central servers. Facebook Chief Security Officer Joe Sullivan said, “When Facebook is asked for data or information about specific individuals, we carefully scrutinize any such request for compliance with all applicable laws, and provide information only to the extent required by law.”

A Google spokesman also denied the allegations, adding, “From time to time, people allege that we have created a government ‘back door’ into our systems, but Google does not have a ‘back door’ for the government to access private user data.”

The Daily Beast reports that at least one foreign government has gained access to the sensitive data collected by the NSA. According to the report, some of the metadata collected has been shared with UK government officials.

The disclosure of the PRISM program, along with yesterday’s revelations about Verizon and the NSA, is affecting talks between the EU and U.S. on a data protection agreement, EUobservor reports. German Green MEP Jan Philip Albrecht said, “Common rules will only be possible if the principles of data protection will be accepted in the U.S. The foreseen, but struggling EU-U.S. umbrella agreement, would be a good chance to show that this is the case.”

In the same report, Dutch Liberal Deputy Sophie in’t Veld also told EUobservor that the PRISM disclosure “could help raise awareness” of such issues for Brussels. She noted that past agreements—including the SWIFT banking and passenger name recognition programs—were secretly instituted prior to their formal implementation.

German Federal Data Protection Commissioner Peter Schaar wrote a blog post (in German) on the issue. He notes that the NSA program bolsters the need for a strong EU data protection regime.

Former Clinton administration Chief Counselor for Privacy Peter Swire, CIPP/US, has written a Privacy Perspectives blog post calling for the Privacy and Civil Liberties Oversight Board to make the NSA programs a top priority.

Several privacy advocates have chimed in, expressing concern about the program. Alexander Hanff has written to European Commission President José Manuel Barroso calling for immediate revocation of the U.S. Safe Harbor status.

The LA Times, however, asks, in light of the Verizon news, where is the consumer outrage? “The bottom line is this,” writes David Lazarus, “Consumers in the digital age have no reason to believe their electronic communications are off-limits to government and private-sector entities.”

CNN has also compiled a roundup of expert opinions on government surveillance and privacy concerns, including reaction from Prof. Neil Richards, blogger Bruce Schneier and former CIA Director Michael Hayden.  

The New Yorker delves into definitions and consumer perceptions of “meta data,” the term used to describe what data was accessed in the Verizon case—that the contents of the phone calls were not accessed, just who called whom, and from where. Sun Microsystems engineer Susan Landau said, “The public doesn’t understand (metadata)…It’s much more intrusive than content.”

Read more by Jedidiah Bracy:
Council of European Union Releases Draft Compromise 
Medine’s Confirmation Moves PCLOB Forward; Questions Remain About Cybersecurity Authority
A Look at the Privacy Consultants of Acxiom
ICO Fine “Confirms” Emergence of Private-Sector Enforcement Trend


If you want to comment on this post, you need to login.


Board of Directors

See the esteemed group of leaders shaping the future of the IAPP.

Contact Us

Need someone to talk to? We’re here for you.

IAPP Staff

Looking for someone specific? Visit the staff directory.

Learn more about the IAPP»

Daily Dashboard

The day’s top stories from around the world

Privacy Perspectives

Where the real conversations in privacy happen

The Privacy Advisor

Original reporting and feature articles on the latest privacy developments

Privacy Tracker

Alerts and legal analysis of legislative trends

Privacy Tech

Exploring the technology of privacy

Canada Dashboard Digest

A roundup of the top Canadian privacy news

Europe Data Protection Digest

A roundup of the top European data protection news

Asia-Pacific Dashboard Digest

A roundup of the top privacy news from the Asia-Pacific region

Latin America Dashboard Digest

A roundup of the top privacy news from Latin America

IAPP Westin Research Center

Original works. Groundbreaking research. Emerging scholars.

Get more News »

Find a KnowledgeNet Chapter Near You

Network and talk privacy at IAPP KnowledgeNet meetings, taking place worldwide.

Women Leading Privacy

Events, volunteer opportunities and more designed to help you give and get career support and expand your network.

IAPP Job Board

Looking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.

Join the Privacy List

Have ideas? Need advice? Subscribe to the Privacy List. It’s crowdsourcing, with an exceptional crowd.

Find more ways to Connect »

Find a Privacy Training Class

Two-day privacy training classes are held around the world. See the complete schedule now.

Online Privacy Training

Build your knowledge. The privacy know-how you need is just a click away.

The Training Post—Can’t-Miss Training Updates

Subscribe now to get the latest alerts on training opportunities around the world.

New Web Conferences Added!

See our list of upcoming web conferences. Just log on, listen in and learn!

Train Your Staff

Get your team up to speed on privacy by bringing IAPP training to your organization.

Learn more »

CIPP Certification

The global standard for the go-to person for privacy laws, regulations and frameworks

CIPM Certification

The first and only privacy certification for professionals who manage day-to-day operations

CIPT Certification

The industry benchmark for IT professionals worldwide to validate their knowledge of privacy requirements

Certify Your Staff

Find out how you can bring the world’s only globally recognized privacy certification to a group in your organization.

Learn more about IAPP certification »

Get Close-up

Looking for tools and info on a hot topic? Our close-up pages organize it for you in one easy-to-find place.

Where's Your DPA?

Our interactive DPA locator helps you find data protection authorities and summary of law by country.

IAPP Westin Research Center

See the latest original research from the IAPP Westin fellows.

Looking for Certification Study Resources?

Find out what you need to prepare for your exams

More Resources »

GDPR Comprehensive: Spots Going Fast

With the top minds in the field leading this exceptional program, it's no wonder it's filling quickly. Register now to secure your spot.

Be Part of Something Big: Join the Summit

Registration is open for the Global Privacy Summit 2016. Discounted early bird rates available for a short time, register today!

Data Protection Intensive Returns to London

Registration is now open for the IAPP Europe Data Protection Intensive in London. Check out the program!

P.S.R. Call for Speakers Open!

P.S.R. is THE privacy + cloud security event of the year, and you can take a leading role. Propose a session for this year's program.

Sponsor an Event

Increase visibility for your organization—check out sponsorship opportunities today.

Exhibit at an Event

Put your brand in front of the largest gatherings of privacy pros in the world. Learn more.

More Conferences »

Become a Member

Start taking advantage of the many IAPP member benefits today

Corporate Members

See our list of high-profile corporate members—and find out why you should become one, too

Renew Your Membership

Don’t miss out for a minute—continue accessing your benefits

Join the IAPP»