Global Winners and Losers Post-Snowden
EU privacy hawks and U.S. cloud providers have seen their near-term outlooks swing following the former NSA contractor's disclosures.
Wed, September 04, 2013
Computerworld — Just about everyone assumed all along that the U.S. government makes the most of modern technology to keep an eye on its overseas enemies. The disclosures of former National Security Agency system administrator Edward Snowden detailing the comprehensive harvesting by the NSA of U.S.-based data have exceeded people's imaginations, however, and created some clear winners and losers. How the White House manages the ongoing disclosures over the next three months will determine whether these wins and losses become permanent.
Winner: EU privacy hawks
In May, right before the Snowden revelations, EU privacy hawks were on the ropes. At issue was the much-anticipated and ballyhooed reform of the European Directive on Data Protection. Here is some inside baseball on that reform, and why the hawks are crowing now.
Simply called "the Directive" in privacy circles, it was the shot heard round the world when the young European Union first adopted it in 1995. Until then, only the United Nations had recognized data privacy as a fundamental human right.
But the elevation of data privacy to the same status as the freedoms of speech and religion across the vast European market spurred a decade of reverberations. EU member states implemented their own versions of the Directive in ways that American corporations found bureaucratic, costly and inimical to smooth international commerce. As a result, Americans led the way in deriding the Directive as an obsolete, pre-Internet dinosaur.
A Franco-German axis of privacy hawks, however, held the line undeterred, pushing back against the privacy practices of Google, Facebook and other American icons. Brussels clashed with Washington over data transfers of passenger-name records and SWIFT financial transactions. This decade-long transatlantic confrontation spawned a generation of European privacy attorneys who enlisted in the battle, sometimes with the same vim and vigor as ACLU volunteers and gun-rights activists.
Somewhere around 2009, more business-friendly moderation began to prevail at France's data-protection authority. The Franco-German axis weakened. Moderates in Brussels seized the opportunity, and by 2011 Europe was looking at draft legislation to overhaul its approach to data protection.
The new draft privacy law was more balanced, in parts taking aim squarely at Silicon Valley and imposing a jaw-dropping 2% fine on global revenues for egregious violations. In other parts, however, the draft provided new provisions for cloud computing and streamlined compliance.
American corporations heavily lobbied the bill. The various EU committees charged with reviewing the legislation considered hundreds of amendments, many of them watering it down. With the vice president of the EU herself championing the passage of the bill, the privacy hawks were on the defensive. It looked as if they were going to get steamrolled in an eleventh-hour flurry of compromises.