Mass Surveillance of Personal Data by EU Member States and its Compatibility with EU Law
by Didier Bigo, Sergio Carrera, Nicholas Hernanz, Julien Jeandesboz, Joanna Parkin, Francesco Ragazzi , Amandine Scherrer
In the wake of the disclosures surrounding PRISM and other US surveillance programmes, this paper assesses the large-scale surveillance practices by a selection of EU member states: the UK, Sweden, France, Germany and the Netherlands.
Given the large-scale nature of these practices, which represent a reconfiguration of traditional intelligence gathering, the paper contends that an analysis of European surveillance programmes cannot be reduced to a question of the balance between data protection versus national security, but has to be framed in terms of collective freedoms and democracy.
It finds that four of the five EU member states selected for in-depth examination are engaging in some form of large-scale interception and surveillance of communication data, and identifies parallels and discrepancies between these programmes and the NSA-run operations.
The paper argues that these programmes do not stand outside the realm of EU intervention but can be analysed from an EU law perspective via
i) an understanding of national security in a democratic rule of law framework where fundamental human rights and judicial oversight constitute key norms;
ii) the risks posed to the internal security of the Union as a whole as well as the privacy of EU citizens as data owners and
iii) the potential spillover into the activities and responsibilities of EU agencies. The paper then presents a set of policy recommendations to the European Parliament.
To access the complete document