The United States has not satisfied the European Union’s concerns about Yahoo’s scanning of all customers’ incoming emails for US intelligence purposes, the bloc’s justice chief told Reuters in an interview.
The European Commission, the EU executive, asked the United States in November for clarifications on the secret court order served to Yahoo as part of its monitoring of a new transatlantic pact facilitating the exchange of personal data by businesses.
To clinch an agreement on the EU-US Privacy Shield, as the data transfer framework is known, Washington pledged not to engage in mass, indiscriminate surveillance.
That allayed Commission concerns for the privacy of Europeans’ data stored on US servers raised by disclosures of intrusive US surveillance programmes in 2013 by former National Security Agency contractor Edward Snowden.
“I am not satisfied because to my taste the answer came relatively late and relatively general, and I will make clear at the first possible opportunity to the American side that this is not how we understand good, quick and full exchange of information,” EU Justice Commissioner Vera Jourova said in the interview.
While Yahoo is not signed up to the Privacy Shield and the scanning took place before the framework existed, the issue is a first test case of how the new system, which underpins $260 billion of trade in digital services, and the US commitments on spying work in practice, an EU official said.
The Privacy Shield allows businesses to seamlessly move Europeans’ personal data across the Atlantic, whether for completing credit card transactions, hotel bookings or analysing browsing habits to serve targeted ads, while complying with strict EU data protection rules.
“I understand that the American side, when it comes to national security issues, cannot be fully concrete,” Jourova said.
Nevertheless, she said, she still expects more detailed information on what happened and the reasons for which Yahoo was asked to scan customer emails.
Reuters reported in October that Yahoo scanned all incoming emails for a digital signature linked to a foreign state sponsor of terrorism at the behest of an order from the Foreign Intelligence Surveillance Court.
The Privacy Shield foresees an annual review to ensure the United States is abiding by its commitments and that the framework is effective. The first annual review will take place this summer, under now President-elect Donald Trump.
Jourova said she was not concerned by the incoming Trump administration but that she would closely monitor what he would do with the US government’s presidential policy directive on US surveillance activities and a newly established US ombudsperson office in the State Department to handle complaints from EU citizens about US spying.
“I would expect that Trump’s administration would understand what is good and what is bad for business. This is good for business,” she said, referring to the Privacy Shield.
“We need to see that we can still trust.”