As France comes to terms with its deadliest domestic attack since World War II, attention has quickly turned attention to whether European governments need to reassess how they collect, manage and use people’s digital footprint.
Already, European politicians are mulling new rules that would allow them to share airline passenger data across the 28-member bloc to identity potential terrorists. And new legislation in France and Britain is expected to give intelligence agencies further access to peopleâs digital lives. That includes allowing French officials to tap phones and access emails without judicial review and forcing Internet providers in Britain to potentially hold individualsâ communication data for a year so that agencies can review the records when necessary.
Yet European data protection advocates and lawmakers say the strong rules that limit how companies can handle information will likely remain in place, highlighting how Europe has separated how companies handle people’s data from the needs of governments to protect national security. The regionâs tough privacy rules are enshrined as a fundamental right on par with freedom of expression.
âFundamental rights are just that, fundamental,â said Nico van Eijk, a data protection expert at the University of Amsterdam. âOf course, there are exceptions for national security reasons. But governments have to be pragmatic.â
In recent months, Europe’s tough stance towards privacy has taken on greater importance for companies, particularly American tech giants. That includes attempts by some of Europe’s data protection authorities to force search engines like Google to allow people anywhere in the world to ask for the removal of links about themselves from online queries when the information is deemed out of date or irrelevant. If granted, such requests would give Europe’s privacy watchdogs greater say over how the Internet is policed anywhere in the world.
And in a landmark decision, the European Court of Justice, the regionâs highest court, ruled last month that a 15-year-old data-sharing agreement between Europe and the Unites States was invalid. The decision, in part, was based on the judges’ view that Europeans did not have sufficient legal protection if their data was accessed unlawfully by American intelligence agencies when it was transferred outside of Europe.
Such challenges, says Mr. van Eijk, will only increase if European governments â and overseas partners like the United States â fail to balance the national security needs of accessing digital information with the regionâs civil liberties. After the Sept. 11 attacks, as well as attacks in Madrid in 2004 and London in 2005, local authorities passed sweeping reforms to give national agencies greater powers to find, track and stop those who were planning future atrocities.
The region’s mood about surveillance changed, though, after the revelations of Edward J. Snowden, the former National Security Agency contractor, who outlined in 2013 how United States and British intelligence agencies had gained widespread access to peopleâs digital lives.
These disclosures have led to a series of legal challenges aimed at curbing the powers of American and European intelligence agencies. Advocates also have taken aim at companies, including several American tech giants like Facebook and Google, which have been accused of allowing access to their networks as part of the surveillance programs. The companies deny that they cooperated with these activities.
That push has led to stronger individual privacy protections demanded from companies, even though experts say Europe’s national intelligence agencies continue conducting their own surveillance activities on their citizens and those outside their national borders. Last week, for instance, a Brussels-based court ruled that Facebook could not collect online data on people who did not use the social network in Belgium, though the company said it would appeal the ruling.
Many countriesâ intelligence services, privacy groups say, already have access to much of the Internet traffic in Europe and father afield, as long as thereâs sufficient oversight to these surveillance efforts. Others say it remains unclear whether increased powers, particularly access to encrypted online messaging services, would have thwarted the most recent attacks in Paris.
Yet in the aftermath of the Paris attacks, some say they believe the scales may tilt back toward national security, as evidenced by the recent push for expanded surveillance powers in Britain and France.
âThe French and British laws are now seen as the new status quo,â said Claude Moraes, a British politician who is chairman of the civil liberties, justice and home affairs committee in the European Parliament. âThe political climate in Europe is changing.â
But some European lawmakers are already warning that expanded surveillance should not go too far. While governments have a duty to keep their citizens safe, these politicians say, allowing national intelligence agencies almost unfettered access to peopleâs digital lives â from their phone calls and texts to online search histories and social media posts â could jeopardize Europeâs hard-won civil liberties that may prove difficult to unwind.
âIf we go down this path, we would be falling into the trap of these terrorists who want to limit our freedoms,â said Jan Philipp Albrecht, a German politician who had campaigned for greater limits on intelligence agenciesâ surveillance activities.
âIâm afraid that governments want more and more powers when itâs not proven that they would be effective in preventing future terrorism cases,â he added.