How Obama’s NSA Reforms Could Help TTIP

This is a guest post by Robert Maxim, research associate, competitiveness and foreign policy, for the Council on Foreign Relations Studies program.

On Friday President Obama will unveil his plan to curb the surveillance practices of the National Security Agency (NSA). When he does, he could inadvertently give a boost to the ambitious U.S.-European Union free trade negotiations. Last June, just weeks before the first round of Transatlantic Trade and Investment Partnership (TTIP) negotiations, Edward Snowden revealed that U.S. government agencies were collecting millions of European citizens’ personal data. Though TTIP is colloquially known as a “trade agreement,” its primary focus is regulatory barriers, not lowering tariffs. The United States wants to use TTIP to prevent barriers to the international transfer of personal data—the very data that the NSA was collecting in bulk. The disclosures provoked outrage among EU officials, and several European heads of state threatened to call off the trade talks. Though negotiations have since begun, European concerns about privacy need to be alleviated in order to ensure the continued free flow of data. In recent months the EU has dropped its strident rhetoric and began to seek compromise with the United States. President Obama should take advantage of the opening.

Privacy is considered a fundamental human right in Europe. In 1995 the EU passed the Data Protection Directive, which codified the right to privacy of personal data. This directive prohibits the transfer of an individual’s personal information to countries that the European Union deems to have inadequate privacy standards, including the United States. Transferring personal data such as names, credit card information, birthdates, or telephone numbers across borders is essential to international trade, and has only grown more important with the rise of the Internet economy. In order to ensure that this type of data could continue to be exchanged, the two parties established a "Safe Harbor" agreement in 2000. This agreement allowed American companies that voluntarily complied with the Data Protection Directive to transfer personal information back to the United States.

In response to the Snowden revelations, the European Parliament called for a full review of the Safe Harbor program, which was led by the European Commission’s Justice Minister Viviane Reding. In the wake of the disclosures, Ms. Reding was among the most outspoken critics of the Safe Harbor agreement. She argued that Safe Harbor “could be a loophole” undermining EU data protection laws, and that it was time for the “development of European clouds” so that the U.S. government could not access European citizens’ data.

The two sides came to a working agreement in early July, launching separate privacy negotiations alongside TTIP. In theory this structure would allow the trade negotiations to continue even if the two sides could not agree on how to proceed on privacy. In reality, it would be nearly impossible to complete a trade agreement containing provisions ensuring the free flow of data without resolving the issue of privacy protections for that data.

In November the EU offered an olive branch. The European Commission published its Safe Harbor review, and called for only moderate reforms to the program. The recommendations included requiring Safe Harbor companies to disclose whether U.S. law allows public authorities to collect data from them, making dispute resolution processes available and affordable to individuals, and enhancing inspections of Safe Harbor compliance and fraud. Considering the staunch public posturing by many EU officials, the report came as a surprise. However, a full overhaul of American privacy law (which is formed from a hodgepodge of different provisions in the Constitution, consumer protection laws, and federal case law, rather than a single directive like the EU) would have been a non-starter, and could have derailed the wider TTIP negotiations. TTIP will be a boon for the EU economy, with studies predicting gains of up to €119 billion per year for EU GDP. By maintaining a hard line on privacy, Europe may have lost out on those economic gains, and the United States probably would not have changed its privacy laws anyway.

It is in the United States’ interest to implement the EU’s Safe Harbor recommendations. They are good policies, and will serve as a lifeline for EU negotiators to move past the privacy issue. Additionally, President Obama should incorporate the recommendation from his presidential advisory committee that the personal data of non-U.S. citizens be treated with the same protections as data on American citizens. This will show that the United States has learned from the incident and is committed to treating its allies as equals.

Europe is currently undergoing an overhaul of its own privacy laws, which will keep the issue on the forefront of many peoples’ minds. This is not just an issue that the two sides can “wait out.” A trade agreement that protects the free flow of data without resolving how governments can collect and use private data may not gain popular support within Europe. And losing popular support could doom the TTIP effort.