ENDitorial: Malmström – Always there to protect US

By EDRi · October 22, 2014

Now that Commissioner Cecilia Malmström will be taking over as the EU’s Trade Commissioner, and as the Commissioner in charge of negotiating the controversial TTIP trade deal with the USA, it is a useful time to cast our minds back to her achievements as Commissioner with responsibility for Home Affairs in the European Union.

Commissioner Malmström’s generosity when negotiating with the United States is, to say the least, very consistent. The deal she reached with Australia on processing and storing of passenger name records (PNR) allows processing with regard to crimes that have a minimum four year jail term. She agreed to only three years in a similar deal with the United States. In the deal with Australia, the data must be deleted after five and a half years. She generously agreed to the data being stored for a full ten years in the agreement with the United States. This does leave one question, however: If storing the data for five years is all that is needed, how can it be necessary, proportionate and, therefore, legal, to agree to 10-year data retention with the USA? Now, despite the lack of evidence of usefulness and proportionality, and despite the European Court’s ruling that long-term, suspicionless storage of EU citizen’s data is contrary to EU law, a new Directive on EU PNR Data has been proposed by Malmström’s services and a push is expected shortly to have it adopted by the European Parliament.

Malmström’s reaction to allegations of abuse of financial data of EU citizens shared with the US authorities was perfectly consistent with her generosity in the PNR agreement. In 2013, reports revealed by the German news magazine Der Spiegel indicated that the USA was tapping European data stored by the inter-bank financial telecommunication company SWIFT. Subsequently, the European Parliament voted by majority to suspend the agreement for financial data sharing (“TFTP agreement”) with the United States. The Commissioner leapt into action, politely asking the US if they had breached the agreement. As the US denied the claims, the Commissioner felt that no further action was needed, and so none was taken.

In 1999, US President George W. Bush asked the EU to introduce mandatory retention of communications data “to permit the retention of data for a reasonable period”. Thanks to the tireless work of the UK government in the subsequent seven years, the US got its wish and the EU introduced the Data Retention Directive. In 2009, Commissioner Malmström took responsibility for the Directive. Before her services had a chance to collect any analysis from Member States, without any evidence to back up her position, Commissioner Malmström, who took a personal oath to uphold the European Charter of Fundamental Rights, made her position very clear: “We have to recognise that data retention is here to stay, and for good reasons. Access to telecommunications data are, at least in some cases, the only way of detecting and prosecuting serious crime. And in some cases it can be vital to exclude individuals from crime scenes and clearing them of suspicion. We do need data retention as an instrument to maintain security in our Member States.” Subsequently, Commissioner Malmström, who took a personal oath to act independently in her function as Commissioner, added that she believed that Member States would “not accept any proposal to abolish it.”

It subsequently transpired that she ignored specific legal advice from inside the Commission that the Directive was illegal. Having chosen not to propose either repeal or reform of the Directive, once the Court of Justice of the European Union (CJEU) ruled this year that the data retention directive was incompatible with European law, Malmström inexplicably declared that the judgment confirmed “the critical conclusions in terms of proportionality of the Commission’s evaluation report of 2011 on the implementation of the data retention directive”.

More worryingly, bearing in mind her new function as Commissioner responsible for negotiating with the USA on the TTIP proposals, documents recently made public by EDRi-member Access indicate that Malmström actively conspired with the US authorities to undermine or delay the draft reform of the EU’s data protection reform package – weeks before any elected European politician received an official copy of the proposals.

Finally, Malmström’s cooperation with the USA on internet blocking deserves a mention. In 2012, she was convinced by the US to jointly launch a “global alliance against child pornography”. This encourages, among other things, the promotion of “voluntary” internet blocking, outside any legal framework, by the governments involved. Turkey, that has repeatedly been condemned for excessive and unclear blocking obligations accepted the invitation to join. Malmström confirmed at the press conference launching the event that Russia had been invited, but declined to join. Coincidentally, Netclean, one of the leading internet blocking/filtering companies is heavily promoted by Swedish politicians (and the Swedish Queen). Coincidentally, Turkey has agreed to invest heavily in Netclean products and has, even since signing up to the Global Alliance, been condemned again by the European Court of Human Rights for its excessive, disproportionate blocking practices.

Agreement between the EU and Australia on the processing and transfer of PNR data (13.09.2011)

Agreement between the USA and the EU on the use and transfer of PNR to the US Department of Homeland Security (08.12.2011)

European Union set to vote on data law – George W. Bush’s request for data retention (13.11.2001)

Legal advice against data retention (23.08.2012)

European Commission Press Release: EU-US agreements: Commission reports on TFTP and PNR (27.11.2013)

A global alliance against child sexual abuse online

Malmström acknowledges validity of compromising document (08.10.2014)