Transatlantic Trust Breach : the repoliticization of EU-US data exchange agreements in light of US mass surveillance

(1)

Final thesis

Name: Freek Mulder

Student number: 10093761 E-mail: freek.mulder@gmail.com

Course: Transnational spaces: political geographies of security Lecturer: Dr. S. Simon

Second reader: Dr. Darshan Vigneswaran

Date: 28-01-2014

Title: Transatlantic Trust Breach: the repoliticization of EU-US data exchange agreements in light of US mass surveillance

(2)

(3)

1

TRANSATLANTIC TRUST BREACH

The repoliticization of EU-US data exchange agreements

in light of US mass surveillance

Introduction

In the last decade the European Union (EU) and the United States (US) increased their security and intelligence cooperation in order to effectively battle international terrorism. An important aspect of this cooperation is the exchange of personal data, most important financial transactions and passenger name records (PNR).1 This data is being used to monitor and/or investigate individuals and groups so that terrorist threats can be identified and prevented. As shown by Newman (2008) and Wesseling (2013), concerns about privacy of EU citizens and effectiveness against terrorism made negotiations about the exchanges difficult and

contentious. But a shared sense of importance, characteristic to post 9/11 security debates (Zedner, 2009), as well as a changing way of fighting terrorism, helped to reach agreements. After years of clashes, negotiations and setbacks the EU and the US finally agreed on the exchange of PNR in 2007.2 Three years later agreement was reached on the exchange of financial data for the Terrorist Finance Tracking Program (TFTP).3

In 2013, however, the EU was confronted with extensive revelations about large-scale covert mass surveillance on phone and internet communications within EU member states by the National Security Agency (NSA), the American organisation responsible for the collection and analysis of SIGINT.4 The general response was one of ever-increasing outrage, especially within long-term US partners such as France and Germany. German chancellor Angela

Merkel, having been bugged herself by the NSA for possibly as long as a decade, spoke of an "unacceptable breach of trust (...) which has to be established once again" (Reuters, 2013). Germany and France also warned the US that the mass surveillance could seriously jeopardize

1

"PNR data is information provided by passengers during the reservation and booking of tickets and when checking in on flights, as well as collected by air carriers for their own commercial purposes. (...) The data is stored in the airlines' reservation and departure control databases" (EC, 2013 a).

2

2007 OJ L 204/18 3

2010 OJ L 195/5 4

These revelations were also about mass surveillance by other parties of the UKUSA agreement, such as the United Kingdom. My focus however is exclusively on EU-US relations.

(4)

2 the international fight against terrorism (The Guardian, 2013 a). The same sentiment could be overheard within the political arena of the EU. Martin Schultz, president of the European Parliament, demanded full clarification from US authorities and said that these practices would have a "severe impact on transatlantic relations" (The Telegraph, 2013).

As I will show, these revelations about US mass surveillance have put the data exchange agreements between the EU and the US back into the spotlight. The European

Parliament repoliticized the TFTP agreement by calling for it suspension on several occasions. It also repoliticized the PNR agreement by calling for a thorough review. However, the

European Commission ignored the wishes of Parliament and concluded that the agreements haven't been breached and continue to be of great value in fighting terrorism. On the issue of the EU-US data exchange agreements there is an interinstitutional difference in discourse: the Commission continues to operate within the hegemonic discourse while Parliament adopted a challenging discourse after the revelations on US mass surveillance.

My argument is build as follows. First, I discuss the most important concepts and literature in order to provide a framework in which the agreements can be understood. I argue that the fight against terrorism has become an intelligence-led data war in which the main weapons against terrorist threats are dataveillance practices. Second, I examine the process of how the agreements came into place, which involved years of strenuous negotiations and inter-institutional conflict. After that I discuss the concepts of repoliticization and

depoliticization and how I operated these into two distinct discourses.

Fight against terrorism: dataveillance and (transnational) data exchange

Amoore and De Goede (2012) argue that the fight against international terrorism has increasingly become a 'data war', in which states adopt an approach of "proactive and large-scale information gathering and data exchange in the name of pre-empting terrorist attacks"(p. 3). No longer is overt military action considered the primary course of battling terrorism, as it was during the Bush administration and it's War on Terror as executed in Iraq and

Afghanistan in the previous decade. Instead we see a intelligence-led approach which emphasises the role of intelligence and security services as vanguard that wants to disrupt threats before they fully materialize and in order to do so needs information in advance. Because "political authorities in the West have pursued the idea that knowledge about future risk is always already present in the data, if only information on transactions patterns can be effectively integrated and mined" (Amoore and De Goede, 2008:174), connecting existing databases, entailing personal data such as financial transactions, has become an important

(5)

3 cornerstone of counterterrorism policies.5

Integration of data is one of the most important aspects of what Clarke (1988) calls 'dataveillance', " the systematic use of personal data systems in the investigation or

monitoring of the actions or communications of one or more persons." (p. 499). It enables states to employ controversial but widely used methods such as profiling and data mining. Clarke describes profiling as "“making a judgment about a particular individual based on the past behaviour of other individuals who appear statistically similar” (1988:507). Often this judgment is whether or not someone is a threat to national security. But critics say that this judgment is mostly based on criteria such as ethnicity, religion or gender, and that profiling is therefore immoral and illegal (see for example Kleinder, 2010). Clarke agrees to a certain extent when he writes: "In the hands of the inadequately trained, insufficiently professional, or excessively enthusiastic or pressured, profiling has all the hallmarks of a modern witch-hunting tool." (1988:507). Despite tremendous resistance, profiling is still widely used by law enforcement and intelligence agencies in Europe and the US.

Data mining is a relatively new concept in the public debate and can be defined as the "process of using algorithms to discover predictive patterns in data sets." (DeRosa, 2004:3). Technically the process of using those patterns to analyse data isn't considered data mining but automated data analysis. However, the term 'data mining' tends to refer to both practices in the public debate (Ibid.).Data mining is controversial for two reasons. First, there is concern about the privacy of citizens in light of a more knowledgeable government. Data mining requires large piles of personal data to be effectively executed and will therefore result in expansion of data collection but without increasing government transparency on what this data is being used for. Second, because of the automated analysis process and the use of algorithms data mining can lead to so called false positives, people who are innocent but are flagged as (potential) threats, either because of bad data or imperfect search models (Ibid:14). As a result, people can be detained or denied privileges simply because the system says so. Taking the human element out of the process of specifying threats creates a great deal of new problems which haven't been adequately addressed by practitioners.

Den Boer and Van Buuren (2012) show that such dataveillance practices are well developed within the EU, at both the national and transnational level.6 They describe the

5

Such databases are often kept by private commercial actors, such as financial institutions and airline companies.

6

The authors mention several examples of European cross-border security databases that are used by law enforcement authorities (including customs and border control authorities): VIS

(6)

4 current surveillance practices in the EU as a "diffused web of informational connections", consisting of close cooperation between the public and private sector, the use of sophisticated methods [such as profiling and data mining], and the trans-nationalization of data exchange. (p.98). There is ongoing debate about the influence of US security policies on the

development of these practices within the EU. Argomaniz (2008) for example argues the EU has been internalizing US border security norms in a three-stage process: "norm advocacy and/or imposition by US authorities; norm acceptance as a result of an interactive bargaining process; and, in some instances, voluntary imitation and borrowing by EU actors" (p. 121). Focusing on the PNR agreements, Argomaniz comes to the conclusion that EU measures have been the result of US unilateral decision making. In other words, that the US has pressured the EU to follow its security norms. But not all scholars agree with Argomaniz' picture of the EU as reluctant norm taker (Ibid.). De Goede (2008) for example states that the EU can be considered leader rather than follower when it comes to policies of pre-emption, and that the EU has developed much of its practices either independently or in a cooperative partnership with the US. According to De Goede, EU leaders have themselves "vigorously appropriating and developing important aspects of preemptive security (...) such as data retention and financial data monitoring (2008:175).

In any case, the EU and the US are closely connected in their dataveillance practices, and in the next section I discuss how the data exchange agreements on PNR and financial data came into being.

Controversial genesis of the TFTP and PNR agreements

The debate on EU-US exchange of financial data first came into prominence in 2006 after The New York Times disclosed the existence of the Terrorism Financial Tracking Program (TFTP) (The New York Times, 2006), a secret US program designed to analyse "millions of banking transactions worldwide through access to the financial records stored in the database of a Belgian cooperative called Society for Worldwide Interbank Financial telecommunication (SWIFT)" (Wesseling, 2013:97). The disclosure, branded the SWIFT-affair, sparked vivid debate and outrage in both the US and EU and raised questions about privacy, legality of the

(Visa Information System), SIS I and II (Schengen Information System), CIS (Customs Information System), Eurodac (a fingerprint system for asylum-seekers) and EIS (Europol Information System) (2012:86-87).

(7)

5 programme and the transatlantic security cooperation.7 In 2007 the US authorities, in an attempt to smooth out EU concerns, adopted a "series of unilateral commitments to the European Union concerning the processing of personal data received under the TFTP" and stated that an 'eminent European person', designated by the European Commission, could verify that the TFTP is consistent with these commitments (Bruguiere, 2010). In 2008 French Judge Mr. Bruguiere was appointed to fulfil this role and his first report, published late 2008, concluded that the US indeed complied with the strict regulations set out in the 2007

commitments.8 This report was instrumental in the adoption of the first interim agreement on 30 November 2009.9 In February 2010, however, the European Parliament rejected the interim agreement, ten days after the agreement entered into force. This rejection was partly based on a report written by Dutch Member of the European Parliament (MEP) Hennis-Plasschaert, which recommended a rejection of the interim agreement, because a) adopting the agreement would mean a continuation of outsourcing EU financial intelligence service instead of working together as equal partners; b) there were a lot of legal shortcomings in the agreements; and c) the European Commission and Council failed to inform the Parliament fully and immediately at all stages of the procedure (Wesseling, 2013:135-136). Rejection meant reopening negotiations with the Americans and a second attempt at smoothing out EU concerns, this time by vice-president Joe Biden, who gave a speech in the European

Parliament in May 2010 in which he emphasized the shared responsibility to provide security worldwide, stating that the TFTP is essential to "our security, as well as to yours" (The White House, 2010). Two months later the European Parliament accepted the new agreement10, which adequately addressed the concerns put forth by Parliament (Wesseling, 2013:138), with overwhelming majority: 484 in favour, 109 against and 12 abstentions. The TFTP-agreement has been firmly in place since 2010 and was subjected to review in February 2011 (EC, 2011), December 2012 (EC, 2012) and November 2013 (EC, 2013 j).11In all three instances the European Commission stressed the importance of data exchange in order to effectively fight international terrorism and reviewed that only small changes within the agreements were

7

The debates in 2013 after the disclosure of NSA mass surveillance resonate the same concerns and sentiments and in a way reignited the 2006 debate.

8

Bruguiere's second report, published January 2010, was mainly concerned with additional mechanisms put into place after 2008. Brugueire concluded that these additional mechanisms enhanced existing privacy safeguards and that the TFTP continues to be of high value in the fight against terrorism (Bruguiere, 2010).

9

2010 OJ L 8/11 10

2010 OJ L 195/5 11

(8)

6 necessary, such as enhancing the role of Europol and providing more transparency on what the TFTP does.

The agreement on PNR exchange was necessary because conflicting EU and US demands had put airline companies in a catch-22. After the terrorist attacks of September 2001 the US authorities enacted the Aviation and Transportation Security Act (ATSA) requiring all airline companies "operating to, from, or across U.S. territory to provide the U.S Customs and Border Protection Bureau (...) with electronic access to the PNR data contained in their reservation and departure control systems" (Van Wasshnova, 2006:835), which would be a violation of the European Data Protection Directive. Newman (2008) states that the European Commission feared that because of the importance of the transatlantic air transport market failure to resolve the dispute could threaten a major component of European

competitiveness. Negotiations to resolve this problem started in February 2003 and lead to an agreement in May 2004, in which the US were limited in use and scope of European PNR.12 The agreement, however, was annulled in 2006 after the European Parliament applied to the European Court of Justice (ECJ) for two reasons: "First, the Commission had overstepped its authority by concluding the agreement under the first pillar of the European Union dealing with the internal market when the transfer of airline data was clearly a security concern governed by the third pillar. Second, (...) the agreement was in violation of Article 8 of the European convention on Human Rights, which protects the private life of European citizens" (Newman, 2008:16). The ECJ accepted the first argument but "sidestepped the more

fundamental debate about privacy" (Ibid.).13 After the Commission addressed the concerns set forth by Parliament and the ECJ by moving the agreement from the first pillar to the third an interim agreement14 was signed in 2006, followed by a long term agreement15 the year after. The current (fourth) agreement was signed in 2012 and brought "additional clarity and legal certainty to citizens and carriers (..) provided for better information sharing by US authorities with law enforcement and judicial authorities from the EU, (...) and a series of enhanced data protection guarantees" (EC, 2013 b).16

The PNR and TFTP agreements are just two of seven agreements between the EU and

12

2004 OJ L 183/84. PNR data could only be used for combating transnational terrorism and crime, and the use of sensitive data such as ethnic origin and political opinions was not allowed.

13

See Wasshnova (2006:836) for a legal analysis of the ECJ decision. 14 2006 OJ L 298/29 15 2007 OJ L 204/18 16 2012 OJ L 215/5

(9)

7 the US for the purpose of law enforcement.17 In order to reduce bureaucracy and improve uniformity among these agreements in for example data protection standards EU and US officials (in particular EU Commissioner Reding and US Attorney General Holder) have been negotiating an 'umbrella' agreement on the exchange of data for law enforcement since 2010. As I will show in my analysis these negotiations became more prominent after the revelations on US mass surveillance in 2013, with the EU pressuring itself to come to an agreement. Comparing both data exchange agreements four similarities stand out. First, it was US initiative that made negotiations necessary. The PNR agreement was in response to the ATSA while the TFTP agreement was in response to the then illegal practices of the TFTP. Second, negotiations on the agreements were prolong and difficult. Third, in both cases there was conflict between on the one hand the European Commission and the European Council and on the other hand the European Parliament, the latter expressing concerns about being sidelined. And fourth, all parties involved, including Parliament, underlined the importance of the agreements in the fight against international terrorism, which is why the data exchange agreements both eventually became depoliticized.18

Depoliticization versus Repoliticization

Before examining EU response to the revelations about US mass surveillance I want to discuss the concepts and methods that are central to my analysis. I discuss Edkins'

interpretation of depoliticization and (re)politicization, two opposite processes that confine what policymakers are concerned with. These concepts are then used to form two distinct discourses that I will use in my analysis.

Edkins' (1999) definition of depoliticization and repoliticization draws on the

distinction between 'politics' and 'the political'. What she describes as 'politics' is the day-to-day decision-making, parliaments, diplomacy, treaties and so on. In other words, everything that is commonly called politics (p. 2). She defines 'the political' as having to do with "the establishment of that very social order which sets out a particular, historically specific account of what counts as politics and defines other areas of social as not politics" (Ibid.). When something is depoliticized, the debate surrounding it is exclusively concerned with 'politics'

17

1. exchange of PNR; 2. exchange of financial data for the TFTP; 3. data exchange between Europol and the US; 4.data exchange between Eurojust and the US; 5. agreement on

extradition; 6. agreement on mutual legal assistance; 7.Container Security Initiative. 18

The EU has been investigating the possibilities for both an EU PNR agreement and an EU Terrorist Financial Tracking System but both plans have met extensive resistance, mainly from MEPs who are concerned about the privacy of EU citizens.

(10)

8 without questioning the social order in which these take place - 'the political'. The debate will be concerned with technical questions and details, as seen in the latter days of the SWIFT-affair described above. Edkins describes depoliticization more clearly as "the process wherein politics is limited [emphasis added] to the calculable and instrumental" (p. 9).19 In other words, depoliticization is the process in which decision makers are only concerned with which colour to use when colouring in the lines without questioning the lines themselves. Re-politicization then becomes the process in which the lines are subject of debate and decision makers are concerned with 'the political'. In this process the limits are being questioned, creating a 'moment of openness' that allows for the establishment of a new social order with different limits (p. 126) In regard to the SWIFT-affair, Wesseling (2013) uses 'moment of openness' to describe the phases of the debate where the assumptions on which the fight against terrorism finance is based are being questioned (p. 105).

It is clear that within the concepts of 'depoliticization' and 'repoliticization' is already a notion of the interrelatedness of power and language. As stated above, (re)politicization is the process in which decision makers are concerned with 'the political' . According to Wesseling (2013) 'the political' can be described as the moment of defining "a regime of truth (...) marked by the articulation of a particular type of discourse and a set of practices" (p. 101). Drawing on this, I state that repoliticization can also be described as the process of

challenging the existing discourse and set of practices, while depoliticization is the process of working within the existing discourse and set of practices.

Therefore two sets of discourse can be distinguished. First, the existing or hegemonic discourse, which came in place during the depoliticization of the data exchange agreements. This discourse doesn't want to change the current set of practices and emphasizes the value of the data exchange for counterterrorism purposes. Second, a challenging discourse, which repoliticizes the data exchange agreements in light of US mass surveillance. This discourse does want to change the current set of practices and emphasizes privacy and civil rights of EU citizens. I have set out the two discourses and their properties in table 1.

19

This definition echoes the concept of securitization as described by Zedner (2010), which according to Edkins(1999) is "technologization par excellence" (p. 11).

(11)

9 Hegemonic discourse Challenging discourse

-depoliticizes the data exchange agreements; -focus on 'politics';

-works within the existing set of practices; -more concerned with how;

-emphasizes security and antiterrorism.

Markers

'data exchange is necessary and vital', 'regardless of NSA mass surveillance', not mentioning the data exchange agreements in response to US mass

surveillance, or only wanting to make small changes within the agreement.

-repoliticizes the data exchange agreements; -focus on 'the political';

-challenges the existing set of practices; -more concerned with if;

-emphasizes privacy and civil rights.

Markers

're-evaluate data exchange', ''unnecessary and/or unwanted', 'renegotiate the framework',

questioning the effects of the data exchange agreements, drawing the data exchange agreements into the debate about US mass surveillance.

Table 1. the two discourses I focus exclusively on the political institutions of the EU, primarily the European Commission and the European Parliament, and to a lesser extent the European Council, mainly because debate is almost entirely centered in the Commission and Parliament. As demonstrated in the previous section, it is important not to consider these institutions as a homogeneous entity, working effectively together as a unified body, but to be aware of intra- and interinstitutional differences. Together these institutions form the political arena of the EU, and in an arena one often finds a complex mixture of opponents and allies.

My main sources are official documents of these institutions, including press releases, resolutions, reports, and committee inquiries, which are all primary sources, published

between June 2013 and January 2014.20As Marsh and Stoker argue, there is a risk of

selection bias when looking at (primary) textual sources: "Some sources tend to get prioritised over others, either because of accessibility or because the researcher isn't aware of the

20

All official EU documents can be found online at: http://europa.eu/publications/official-documents/index_en.htm. I have looked at any document related to data, data protection, data exchange, TFTP, PNR, Snowden, NSA, and surveillance. Although an important element of the EU response to US mass surveillance, I do not address Safe Harbour or the Data

Protection Directive in my analysis because these aren't directly related to the data exchange agreements nor to law enforcement.

(12)

10 existence of certain documents." (2010:262) . I have tried to strike a balance between being thorough and doing a coherent analysis in which the process becomes clear with focus on key players. Therefore I also looked at Twitter accounts of policymakers in search of more

personal statements not present in the official documents, as well as to find documents that aren't as easily found in the depths of the archives of the European Union. It is important to realise that the dialogue and debate continues on the web, with policymaker communicating amongst each other as well as with the electorate, thereby making social media another tool and stage in the political arena worthy of the researcher's attention.

My analysis is divided in four parts. The first part runs roughly from June until Augustus and focuses on the initial response of the EU to the revelations on US mass surveillance, including a first resolution. The second part deals with the debate between September and November, the period wherein the TFTP-agreement became repoliticized by Parliament. In the third part I discuss the Commission's response on November 27th. And in the last part I focus on the concluding of Parliament's investigation, with the draft report discussed and presented in December and January.

Analysis

A cascade of revelations and starting the investigation

The revelations about US mass surveillance started on June 5th 2013.21 EU Commissioner for Justice Reding is one of the first EU officials to respond, stating on a press conference22 that she asked her American colleague Holbert a series of questions on how the surveillance

programs affect the privacy of EU citizens and that she received 'answers and assurances' (EC, 2013 d). Reding stressed not only the importance of reform of EU data protection standards, but also of "the negotiations on the "Umbrella Agreement" on the exchange of data in the law enforcement sector" in order to make sure that "authorities access data through legal

channels" (Ibid), which is a clear example of wanting to work within the existing set of practices. EU and US officials agreed on setting up a transatlantic group of experts to address concerns (Ibid.). The debate between Reding and the Parliament that followed on this initial response is mostly concerned with EU privacy policies. MEPs asked for "safeguards for

21

Al-Jazeera America has a great timeline of all the revelations, including links to the original articles:

http://america.aljazeera.com/articles/multimedia/timeline-edward-snowden-revelations.html 22

This press conference was held after the EU-U.S. Justice and Home Affairs Ministerial in Dublin on June 14th. EU Commissioner for Home Affairs Malmström, one of the key players in this debate, was also present and expressed the same opinions as Reding (EC, 2013 c).

(13)

11 personal data transferred outside the EU (EP, 2013 a) and agreed on setting up a working group of experts to investigate this issue.23

On June 29th German news magazine Der Spiegel published an article on US surveillance of EU offices, in which it stated that the US bugged EU representation in Washington, New York (at the UN headquarters) and Brussels, as well as infiltrated its computer network (Der Spiegel, 2013 a). The next day British newspaper The Guardian published an article on US surveillance on EU member states embassies (The Guardian, 2013 b). These new revelations gave impetus to a tougher EU response: On July 4th, while the US celebrated its independence, European Parliament adopted a resolution24 to launch an in-depth inquiry into the US surveillance programs, and to give "consideration to all the instruments at [the Commission and Council's] disposal in discussions and negotiations with the US (...) including the possible suspension of the passenger name record (PNR) and terrorist finance tracking programme (TFTP) agreements [emphasis added]". The majority of Parliament (483 votes to 98 with 65 abstentions) inserted the data exchange agreements into the debate about the revelations on US mass surveillance, in order to give the Commission and Council resources in their negotiations with the US, to make sure that present and future agreements, such as the 'umbrella' agreement on data exchange for law enforcement and the Transatlantic Trade and Investment Partnership (TTIP), comply fully with EU data protection standards. Commissioner Reding responded to the adoption as follows on Twitter: "Good news: All political groups in @Europarl_EN agree that work on #EUDataP reform needs to move faster (...)" (Twitter Reding, 2013), thereby focusing on the reform of EU data protection standards and not on the transatlantic data exchange. Reding followed up on this on July 19th, in a speech given in Vilnius: "PRISM has been a wake-up call. The data protection reform is Europe's answer." (EC, 2013 e).

In the resolution Parliaments tasked its Civil Liberties Committee (LIBE) with conducting the inquiry (EP, 2013 b), thereby framing the revelations primarily as a violation of the rights of citizens, not as a matter of (trans)national security. LIBE agreed six days later on its next steps: A series of hearings25 will be held with all relevant parties and experts, two studies will be conducted on the surveillance practices of the US and EU member states, and

23

This EU-US ad hoc working group met for the first time on July 8th in Washington D.C. Between July and November there were three follow-up meetings before the group presented its conclusions on November 27th.

24

2013/2682(RSP) 25

LIBE held fifteen of these hearings between September 2013 and January 2014. The first one was on September 5th.

(14)

12 there is a possibility for meetings between MEPs and US authorities during an already

planned visit near the end of October (EP, 2013 c). A report on LIBE's findings is set out to be presented to Parliament before the year is over (Ibid.). MEP Moraes was appointed Rapporteur for the inquiry and stated the following: "Whilst the fight against terrorism is extremely important, large bulk-data transfers appear to breach the proportionality test applied to justify data transfers for security reasons alone" (Moraes, 2013). In this statement Moraes makes clear that the inquiry isn't just about the revelations, but also about the broader context in which these surveillance practices took place, making it seem like he has concerns about the securitization of policy on data transfers in the last decade.

During the first few weeks policymakers were mostly concerned with EU data protection standards. The data exchange agreements are mentioned in the resolution of July 4th, but only as a possible resource of pressure for the Commission and Council in upcoming discussions and negotiations with US counterparts. The resolution doesn't directly call for the suspension of the agreements, and therefore I don't consider the agreements to be repoliticized in this period. Parliament did however introduce these agreements into the debate on mass surveillance. Together with the remarks made by Rapporteur Moraes and tasking LIBE with conducting the inquiry this can be seen as the first manifestation of an upcoming challenging discourse.

Parliament repoliticizes TFTP-agreement

Unlike EU policymakers, journalists didn't go on summer recess and published more and more revelations each week. In the first half of September several newspapers reported that US agencies covertly monitored financial networks, including SWIFT, which was reminiscent of the SWIFT-affair of 2006 (e.g. Der Spiegel, 2013 b). It implied that the TFTP-agreement meant to solve the SWIFT-affair was bypassed by the Americans and therefore obsolete if not a joke. Commissioner Malmström expressed her concerns about these revelations and made clear that she will seek full clarifications from Washington (Twitter Malmström, 2013). These revelations gave the debate real momentum, which is exemplified by the changing nature of the hearings held by LIBE. On the first and second hearing (September 5th and 12th) only MEPs and non-governmental experts were present. But the third hearing (September 24th) was a joint meeting where Commissioner Malmström was questioned and several high-level officials in the US and EU, such as NSA Director Alexander and Dutch Minister of Security

(15)

13 and Justice Opstelten, were invited (and declined).26 However, the most important element of this third hearing is the growing number of MEPs that questioned the raison d'être of the TFTP-agreement, some even going as far as stating that "the [TFTP] agreement is effectively dead (...) it is null and void" (EP, 2013 d). Rapporteur Moraes asked Commisioner

Malmström to explain what these revelations meant for the TFTP-agreement and if she considers suspension necessary (Twitter Moraes, 2013). Malmström agreed only to a certain extent: ""If media reports are true this constitutes a breach of the agreement and a breach of the agreement can lead to suspension (...) this should be decided by qualified majority in the Council" (EP, 2013 d). While Parliament thus repoliticized the TFTP agreement by calling for its suspension, thereby challenging the current set of practices, Commission seemed hesitant and careful not to draw conclusions too soon, at the same time making it clear that the decision to suspend the TFTP-agreement is not made by the Commission nor by Parliament. In the next two months Parliament examined and sometimes pursued more

confrontational actions in response to the recent revelations on US mass surveillance. At the LIBE hearing of September 30th some members of Parliament listened carefully to the suggestion that "[The EU] should not go forward with the new trade agreement [TTIP] [with the US] unless [it has] adequate assurance for the protection of privacy" (EP, 2013 e). On the same day Edward Snowden, the whistleblower who fed newspapers the secret documents on which the revelations are based, expressed his gratitude for the way LIBE conducts its debate (Ibid.). Parliament replied supportive of Snowden by announcing that it nominated the whistleblower for the prestigious Sakharov Price for Freedom of Thought (EP, 2013 f), thereby also further tensioning the relationship with US authorities, who consider Snowden for the most part a renegade traitor.27 On October 22th LIBE voted in favour of the

Commission's new data protection rules (EC, 2013 f), which was good news for Commissioner Reding, having tried to reform the data protection rules even before the revelations on US mass surveillance on EU citizens started. It seems that all European

political institutions, including Parliament, Commission and Council, agree on the importance of reforming the data protection rules: European president Van Rompuy remarked on a

26

Other invitees were Wood (Chargé d’Affaires at the U.S. Mission to the European Union), Plasterk (Dutch Minister of the Interior), Litt (General Council of the Office of the Director of National Intelligence) and Medine (Chairman of the US Privacy & Civil Liberties

Oversight Board). 27

Althought the cases are far from similar, Bradley Manning, the man who leaked a large set of secret documents to mediasite Wikileaks, was sentenced to thirty five years in prison in 2013. Some hardliners in Washington D.C. want the same thing for Edward Snowden.

(16)

14 meeting of the European Council late October that European citizens must "know they are in control of their own data and "digital lives"" and that "online privacy is also a civil right" (European Council, 2013). And President of the Commission Barroso called the new data protection rules essential for the trust that is needed in order to build a strong digital market (Barroso, 2013).28

For Parliament, however, reforming the data protection rules isn't enough. Having already repoliticized the TFTP-agreement a month earlier, on October 23th it adopted a nonbinding resolution29 in which it called upon the Commission to suspend the TFTP-agreement, stating that "although Parliament has no formal powers (...) to initiate the suspension or termination of an international agreement, the Commission will have to act if Parliament withdraws its support for a particular agreement". In the resolution Parliament is particular critical of the Commission, stating that initial support for the TFTP was only on account of strengthened protection of personal data and that the legal and technical framework the Commission proposed to address this issue was incomplete and without detail.30

Furthermore, Parliament is critical of the way the Commission conducted its 'research' in the wake of the revelations: "talks between Commission services and the US administration cannot be considered to count as an investigation, and nor does mere reliance on statements by the US". In other words, Parliament deems the way the Commission responded to the revelations inadequate and flawed, therefore calling for the suspension of the

TFTP-agreement until satisfactory mechanisms are in place that will protect the rights of EU citizens. In the resolution Parliament also took stance against the securitization of policy per se: "the test of the necessity and proportionality of any measure that limits fundamental rights and freedoms needs to take into account the entire body of existing security measures targeting terrorism and serious crime; [Parliament] believes that blanket justification of every security measure by a general reference to the fight against terrorism or serious crime is not sufficient". While this resolution is only concerned with the TFTP-agreement, experts stated on the next LIBE hearing that Parliament “should use all its powers to reconsider instruments of

cooperation with the US”, thereby hinting that suspension of just one agreement isn't enough

28

Data protection is the only issue in this debate the European Council expressed an opinion about.

29

2013/2831(RSP). While the weaker formulated resolution of July 4th was accepted with overwhelming majority, this one barely made it: 280 votes to 254, with 30 abstentions (EP, 2013 g).

30

It is unclear if Parliament referred to the same data protection rules LIBE approved on October 22th.

(17)

15 (EP, 2013 h). Reaction from the Commission was short and simple: Commissioner

Malmström declared there are "no indications that the TFTP Agreement has been violated " and that the Commission "will follow up our request for written assurance with the US" (EC, 2013 g). In the meantime the TFTP-agreement will stay in place (Ibid.). Late October

Commissioner Reding published a speech in which she stressed the importance of the

transatlantic relationship and negotiations on the TTIP (EC, 2013 h), which for Reding aren't part of the debate on US mass surveillance.

In this period we see all political institutions agree on the need for new data protection rules, which has been the emphasis of the European Commission since the revelations started. But for Parliament this isn't enough; it repoliticizes the TFTP-agreement, calling for its suspension until adequate mechanisms that guarantee the rights of EU citizens are in place. It is thus a majority in Parliament that adopts the challenging discourse. The Commission on the other hand still operates within the hegemonic discourse and doesn't mention the TFTP-agreement, instead continues to focus on improving data protection rules. The short statement made by Commissioner Malmström is a clear sign the Commission and Parliament operate within different discourses. Although the resolution Parliament adopted was non-binding, it is peculiar that the Commission can ignore the resolution so easily and straightforward, thereby bypassing Parliament once again. It is also important to note here that the discussion so far is exclusively concerned with the TFTP-agreement; apart from a brief mentioning in the

resolution of July 4th, almost no extra thought has been given to the PNR-agreement.

Commission presents strategy and evaluation PNR and TFTP agreements

The differences between the Commission and Parliament were deepened during the next few months, especially on and after November 27th.31 On that day the Commission presented several documents32 to restore " trust in EU-US data flows" (EC, 2013 i), therebyoperating firmly within the hegemonic discourse. With these documents Commission tried to reassure

31

Between the resolution of October 23th and the events of November 27th there was almost no progress in the EU debate on US mass surveillance. The LIBE hearings did continue, but were focused on the role of European agencies and how to improve national parliamentary oversight. Therefore I go directly to the events of November 27th.

32

The most important are a Communication containing a strategy on transatlantic data flows, which also addresses the reviews of the TFTP agreement and PNR agreements, a

Communication on a European TFTP, and the final report on the findings of the EU-US Working Group on Data Protection. The reviews of the two agreements were already planned (annual review) and not specifically conducted to address the revelations on US mass

(18)

16 Parliament by saying there is no indication that the TFTP agreement has been breached (EC, 2013 k). In the case of the PNR-agreement the Commission concluded the same: "[The] review did not give any indication that US surveillance programmes extend to or have impact on the passenger data covered by the PNR Agreement" (Ibid.). Furthermore, the Commission stressed in all the documents the importance and effectiveness of both data exchange

agreements for antiterrorism purposes, speaking in terms of "added value" and "highly valuable" throughout the reviews.33 This excerpt from a press release by Commissioner Malmström further exemplifies the hegemonic discourse in which the Commission operates: "TFTP data provides key insight into the financial support networks of terrorist organisations, helping to identify new methods of terrorist financing and persons involved in the US, the EU or elsewhere. EU Member States and Europol benefit from such information and receive valuable investigative leads [all emphases added]" (EC, 2013 l).

Clear as it was for the Commission that suspension of the agreements is unnecessary and can even be considered threatening (trans)national security, some MEPs weren't

convinced at all by these positive reports. Critique consisted of two elements. First, Parliament felt it was being sidelined again, mainly because the non-binding resolution of October 23th was all but ignored by the Commission, which several MEPs said was an indication of a deeper inter-institutional problem (EP, 2013 i). Second, the positive reports were almost exclusively based on assurances from the US without providing real proof, while Parliament demanded to see evidence that the agreements haven't been breached and that the data exchange did help prevent terrorist attacks (Ibid.). In the review of the TFTP-agreement is a list of terrorist attacks which the agreement allegedly helped to prevent (EC, 2013 j). There are however absolutely no details given on how the agreement helped to prevent these attacks. MEP In 't Veld gave a striking allegory of the way these reviews were held: "This reminds me of the fairy tale Little Red Riding Hood," Ms in't Veld said. "Asking the NSA is like asking the wolf if he has eaten grandma" (EP, 2013 i).

Yet not all of Parliament shared this critique. Some MEPs34 gave compliments to the Commission for the way it handled the debate, often emphasizing the importance of the data exchange for our own security (Ibid). MEP Bildt for example criticised the way some of her

33

In the Communication the Commission again stressed the importance of an 'umbrella' agreement on data exchange for law enforcement.

34

It are mostly MEPs of liberal/left-wing parties (ALDE, S&D and the Greens) that adopted the challenging discourse, while conservative/right-wing parties (EPP Group and ECR) tended to agree with the Commission and operated within the hegemonic discourse. There are of course exceptions.

(19)

17 colleagues approached the debate: "I am not sure that bashing and smashing is the right way to go" (Ibid.). These differences within Parliament were already present in the resolution of October 23th, which was only accepted by a small majority. It is therefore important to state that not all of Parliament has adopted a challenging discourse. This became more evident after the Commission presented its position on November 27th..

Besides addressing the EU-US data exchange agreements, the Commission also published a Communication on a European Terrorist Finance Tracking System (TFTS), "an independent European system for tracking terrorist finance through access to, searches on and analysis of the data of Designated Provider(s)" (EC, 2013 m). It would reduce dependence on the American system and give the EU more control over data that is being transferred to the US. In 2010 then MEP Hennis-Plasschaert already commented on the negative sides of the current situation, saying that the TFTP-agreement between the EU and US would mean a continuation of outsourcing EU financial intelligence service (Wesseling, 2013:135-136). The Commission examined a wide variety of possibilities what the TFTS should look like (EC, 2013 m), which would all mean significant costs but all "have the potential to contribute to an enhanced European security situation, as they would use threat assessments specific to

European needs" (Ibid.). However, the Commission comes to the cryptic conclusion that "the case to present at this stage a proposal for an EU TFTS is not clearly demonstrated." (Ibid.). Commissioner Malmström gave further explanation on why the Commission did not table a proposal: “it would not bring any additional intelligence improvements as compared to the current situation” (EP, 2013 i). In effect the Commission chose to work within the current set of practices and not try to improve them by setting up a EU TFTS. On November 27th the EU-US Working Group on Data Protection, set up directly after the revelations started in June, presented its results as well (EC, 2013 n). This report addresses the legal framework on which the mass surveillance is based but doesn't state what consequences this may or may not have for the TFTP- and/or PNR-agreement.

In this period the Commission published several documents in which it elaborated its position in the debate on the data exchange agreements. While Parliament adopted a

resolution calling on the Commission to suspend the TFTP-agreement, the Commission deemed this unnecessary and possibly harmful. By emphasising the benefits and value of the TFTP-agreement the Commission operated firmly within the hegemonic discourse. This is also exemplified by the way it sees a EU TFTS as redundant, precisely because it sees the TFTP-agreement working effectively. In short, in this period the Commission tried to depoliticize the TFTP-agreement and prevent the PNR-agreement from repoliticizing by

(20)

18 addressing some of the concerns of Parliament, and succeeded to the extent that some

Members of Parliament concurred with the way the Commission conducted her research. However, not all Members of Parliament agreed with the positive reports on of the TFTP- and PNR-agreement and challenged the remarks made by the Commission on the actual effects and benefits of these agreements, stating that these remarks are based upon assurances and not on evidence, which reminisces of critique made earlier, for instance within the resolution of October 23th. These MEPs wanted the Commission to act tougher and listen to the demands of Parliament and continued to challenge the data exchange agreements.

LIBE responds: suspend the TFTP agreement and evaluate the PNR agreement properly In the previous section initiative lay with the Commission which tried to depoliticize the TFTP-agreement again and keep the PNR-agreement from repoliticizing. After November 27th however the ball is back in Parliament's court, with the debate focused around the concluding of the LIBE Committee Inquiry.

During the beginning of December Rapporteur Moraes presented several working documents that provide an overview of what the US mass surveillance entails and what it means for EU foreign policy (EP, 2013 j), as well as what it legal implications are on transatlantic agreements and cooperation (EP, 2013 k). In the latter working document Moraes reaffirmed the possibility for suspensions and/or termination of both the TFTP-agreement and the PNR-TFTP-agreement35, stating that while the US and the Commission have given Parliament assurances, concerns are still present en trust hasn't been re-established (Ibid). The recommendations to address this problem are twofold: "(Temporary) suspension and renegotiations of existing economic transatlantic agreements might be a possible legal implication resulting from US surveillance activities (...) [and] the European Commission is strongly urged to conclude the on-going negotiations on a data protection agreement for law enforcement purposes (umbrella agreement)" (Ibid.). While Moraes thus agreed with

Commissioner Reding on the importance of the 'umbrella' agreement, suspension and renegotiation of the current agreements is still very much an option, despite efforts made by the Commission to address these concerns. But like a true politician Reding, in a speech given to the LIBE Committee Inquiry, focused on what binds the European policymakers instead of where they differ (EC, 2013 o). In light of the differences of opinion on the data exchange agreements, the following excerpt seems questionable: " since the first story broke, the

35

Article 21 of the TFTP-agreement and Articles 24-25 of the PNR-agreement set out the conditions in which suspension and/or termination is possible.

(21)

19 Commission has been proactive. It has made its voice heard, it has asked difficult questions, it has defended the rights of EU citizens. It has now set out the ways in which trust in data flows between the EU and the U.S. can be rebuilt. The past months have shown that when the EU speaks with a single voice, it is heard." (Ibid.) Reding concluded that the EU (as a whole) agrees on what has to be done even before Rapporteur Moraes presented his final report. And the remark on 'a single voice' contrasts sharply with earlier remarks made by MEPs on being ignored by the Commission.

In the final weeks of 2013 Moraes presented the preliminary conclusions of the LIBE Committee Inquiry (EP, 2013 l) which were followed by the presentation of the draft report on January 8th 2014 (EP, 2013 m). The report makes clear that despite the Commission's efforts to depoliticize the data exchange agreements Parliament's Committee on Civil Rights isn't convinced that the necessary steps have already been taken. In a motion attached to the draft report it therefore calls again for the suspension of the TFTP-agreement and a thorough review of the PNR-agreement (Ibid.). This is the first time the PNR-agreement became explicitly repoliticized and can be seen as a paradoxical result of the Commission's attempt at trying to prevent this from happening. The Commission chose to present the reviews of the TFTP- and PNR-agreement simultaneously, thereby drawing the PNR-agreement into the debate on the already repoliticized TFTP-agreement and pressuring Parliament to take a stance on the PNR-agreement, which Parliament's vanguard subcommittee LIBE did as follows: "the Joint Review [of the PNR-agreement] fails to mention the fact that in the case of processing of personal data for intelligence purposes, under US law, non-US citizens do not enjoy any judicial or administrative avenue to protect their rights, and constitutional

protections are only granted to US persons; whereas this lack of judicial or administrative rights nullifies the protections for EU citizens laid down in the existing PNR agreement" (Ibid.). However, the motion doesn't call for suspension of the agreement. The PNR-agreement doesn't become as highly contested as the TFTP-PNR-agreement, possibly because there are no indications that the PNR-agreement has been breached as is the case with the TFTP-agreement. Besides calling for action on these two agreements, Moraes also commented on the 'umbrella' agreement, calling it a "pre-condition for the full restoration of trust between the transatlantic partners" and therefore asking "the Commission and the Council not to initiate any new sectorial agreements or arrangements for the transfer of personal data for law

enforcement purposes as long as the ‘Umbrella Agreement’ has not entered into force" (Ibid.). This is in accordance with comments made by Commissioner Reding who on several

(22)

20 the 'umbrella' agreement and the suspension of the TFTP-agreement are part of Moraes' Priority Plan called 'European Digital Habeas Corpus for protecting privacy' which contains five other actions.36 Members of Parliament have the opportunity to table amendments to the resolution until January 22th and "it will be put to the vote by the Civil Liberties Committee at the end of January and Parliament as a whole on 24-27 February" (EP 12, 2013). So far the Commission and other political institutions haven't commented on this draft report nor on Moraes' Priority Plan. However, based on previous remarks made by the Commission and the Council, it is safe to assume most of the actions can count on support, apart from the actions calling for suspension and re-evaluation of agreements.

In the last couple of months the Commission and Parliament didn't change position on the data exchange agreements. MEPs of the LIBE subcommittee kept challenging the TFTP agreement by calling for its suspension until the Commission shows real evidence that the agreement hasn't been breached. The PNR agreement became more present in the debate after the Commission presented a positive review and Parliament deemed this review inadequate. However, the PNR agreement never became as contested as the TFTP agreement, with Parliament only calling for a thorough review and not for suspension, as is the case with the TFTP agreement. Despite the fact that the Commission and Parliament are both somewhat entrenched on the data exchange agreements as a result of operating in different discourses, there is general agreement on the necessity of the 'umbrella' agreement and firmer data protection rules.

Conclusions

The revelations on US mass surveillance on EU citizens and institutions have dented the transatlantic relationship tremendously, making the reestablishment of trust of vital

importance in order to continue the intelligence and security cooperation in the fight against international terrorism the same way it existed in the last decade. This continuation, however, is not necessarily what Parliament wants; a majority of Parliament has been challenging these dataveillance practices by questioning their necessity, effectiveness and proportionality. It called for the suspension of the TFTP agreement on several occasions and a thorough review

36

The seven actions are as followed: 1. Adopt the Data Protection Package in 2014, 2. Conclude the EU-US 'umbrella' agreement, 3. Suspend Safe Harbour, 4. Suspend the TFTP-agreement, 5. Protect the rule of law and the fundamental civil rights of EU citizens with a focus on freedom of press, professional confidentiality and enhanced protection for

whistleblowers, 6. Develop a European strategy for IT independence, 7. Develop the EU as a reference player for a democratic and neutral governance of the internet (EP, 2013 m).

(23)

21 of the PNR agreement, thereby effectively repoliticizing both data exchange agreements. There are four key moments in the debate on US mass surveillance in the EU when the data exchange agreements became heavily contested, which I have set forth in table 2. The first moment was July 4th, the day Parliament adopted a resolution in which it declared its plans to fully investigate these revelations, including an in-depth inquiry done by LIBE. In this resolution the TFTP and PNR agreements became part of the debate on US mass

surveillance by marking them means of pressure in upcoming negotiations with the US on the TTIP and the 'umbrella' agreement. The second key moment was Parliament's resolution of October 23th calling for the suspension of the TFTP agreement after new revelations that claimed the US continued to covertly monitor financial networks. The TFTP agreement thus became repoliticized by Parliament, but since it was a non-binding resolution the Commission all but ignored it.

Date Institution Document(s) Content

04-07-2013 Parliament Resolution

Launching an in-depth inquiry; TFTP and PNR agreement means of

pressure in upcoming negotiations.

23-10-2013 Parliament Resolution Calling for the suspension of the TFTP agreement

27-11-2013 Commission Reviews and Communication

TFTP and PNR are vital aspects of the fight on terrorism;

No indications that the agreements have been breached.

08-01-2014 Parliament

(LIBE Committee) Draft report

Calling for suspension of the TFTP agreement;

Calling for thorough review of PNR agreement;

Table 2.Four key moments The next key moment was on November 27th when the Commission expanded on its position with a Communication and reviews of both the TFTP and PNR agreement. In these

documents the Commission underlined the importance and value of both agreements and that there is no indication that the agreements have been breached by US surveillance practices. However, not all of Parliament was convinced by these positive reviews. On January 8th the LIBE subcommittee tasked with the inquiry presented its results and deemed the reviews

(24)

22 inadequate and based only on assurances, not on evidence. It therefore again calls for the suspension of the TFTP agreement and for a profound review of the PNR agreement. The PNR agreement thus never became as contested as the TFTP agreement.

During this period a majority of Parliament adopts a challenging discourse in which it confronts the Commission with the flaws and deficiencies of the agreements and the

dataveillance framework. This majority, consisting mostly of liberal MEPs concerned about civil rights and privacy of citizens, is led by Parliament's subcommittee on civil liberties LIBE. This subcommittee can be seen as the main opponent of the Commission and the hegemonic discourse in the debate on US mass surveillance: it repoliticizes the data exchange agreements by emphasizing the effects of these agreements and its dataveillance framework on the

privacy and civil rights of EU citizens.

While Parliament and LIBE succeed in opening debate on the agreements, other

political institutions remain firmly in the hegemonic discourse by either countering Parliament, as is the case with the Commission, or simply ignore it, as is the case with the European

Council. The same dynamics could be observed in the initial implementation of the

agreements between 2006 and 2010 when Parliament was also being sidelined in the decision making process, indicating a deeper interinstitutional problem may be present. It will be interesting to see if the actions Parliament then pursued (rejection of the agreement and going to the ECJ) will also be considered a viable course this time.

Whatever Parliament and the Commission decide to do in the next months will be influenced by the way the US responds to European concerns. President Obama has already announced he wants to reform the NSA and its practices (The New York Times, 2014 a). Obama is supported in this decision by the Privacy and Civil Liberties Oversight Board that published a report (The New York Times, 2014 b) in which the collection of meta data of telephone records is called illegal and having only "minimal benefits in counterterrorism efforts" (Ibid.). But so far the Obama decision hasn't had the same effect on European concerns as the Joe Biden speech in the European Parliament in 2010. MEP Moraes

responded aloof to Obama's announcement: "there will be a big pause before we can judge whether the protections will be forthcoming for EU citizens (...) [Obama] didn't actually give any substantial proposals in the foreign area" (The Guardian, 2014). Commissioner Reding called it a step in the right direction and said she looked "forward to seeing these

commitments followed by legislative action" (Ibid.). These reforms however won't be easy and the effect on the EU-US data exchange agreements not clear-cut.

(25)

23 Bibliography

Amoore, L., & De Goede, M. (2008). Transactions after 9/11: the banal face of the preemptive strike. Transactions of the Institute of British Geographers, 33(2), 173-185.

Amoore, L., & De Goede, M. (2012). INTRODUCTION: Data and the war by other means. Journal of Cultural Economy, 5(1), 3-8

Argomaniz, J. (2009). When the EU is the ‘Norm‐taker’: The Passenger Name Records Agreement and the EU’s Internalization of US Border Security Norms. European Integration, 31(1), 119-136.

Barroso, M.J. (2013) [Letter to the European Commission and European Council]

http://ec.europa.eu/commission_2010-2014/president/news/archives/2013/09/pdf/letter_en.pdf Last visited on 27-01-2014.

Brugeire, J.L. (2010) Second report on the processing of EU-originating personal data by the United States Treasury Department for counter terrorism purposes. EU.

Clarke, R. (1988). Information Technology and Dataveillance, Communications of the ACM, 31(5): 498-512.

De Goede, M. (2008). The politics of preemption and the war on terror in Europe. European Journal of International Relations, 14(1), 161-185.

Den Boer, M., & Van Buuren, J. (2012). Security clouds: towards an ethical governance of surveillance in Europe. Journal of Cultural Economy, 5(1), 85-103.

Der Spiegel (2013 a) 'Attacks from America: NSA Spied on European Union Offices' http://www.spiegel.de/international/europe/nsa-spied-on-european-union-offices-a-908590.html Last visited on 27-01-2014.

Der Spiegel (2013 b) ''Follow the Money': NSA Monitors Financial World'

http://www.spiegel.de/international/world/how-the-nsa-spies-on-international-bank-transactions-a-922430.html Last visited on 27-01-2014.

DeRosa, M. (2004). Data mining and data analysis for counterterrorism. CSIS Press.

EC [European Commission] (2011) ' Commission report on the joint review of the implementation of the Agreement between the European Union and the United States of

(26)

24 America on the processing and transfer of Financial Messaging data from the European Union to the United States for the purposes of the Terrorist Finance Tracking Program'

http://ec.europa.eu/dgs/home-affairs/news/intro/docs/commission-report-on-the-joint-review-of-the-tftp.pdf Last visited on 27-01-2014.

EC (2012) 'Report on the second joint review of the implementation of the Agreement

between the European Union and the United States of America on the processing and transfer of Financial Messaging data from the European Union to the United States for the purposes of the Terrorist Finance Tracking Program'

http://ec.europa.eu/dgs/home-affairs/pdf/20121214_joint_review_report_tftp_en.pdf Last visited on 27-01-2014.

EC (2013 a) 'Passenger Name Record (PNR)'

http://ec.europa.eu/dgs/home-affairs/what-we-do/policies/police-cooperation/passenger-name-record/index_en.htm Last visited on 27-01-2014.

EC (2013 b) 'United States'

http://ec.europa.eu/dgs/home-affairs/what-we-do/policies/police-cooperation/passenger-name-record/united-states/index_en.htm Last visited on 27-01-2014.

EC (2013 c) 'EU and U.S. will set a Transatlantic group of experts to discuss the U.S. programmes more in details' SPEECH/13/537 14/06/2013

http://europa.eu/rapid/press-release_SPEECH-13-537_en.htm Last visited on 27-01-2014.

EC (2013 d) 'PRISM scandal: The data protection rights of EU citizens are non-negotiable' SPEECH/13/536 14/06/2013

EC (2013 e) 'Informal Justice Council in Vilnius' MEMO/13/710 19/07/2013

http://europa.eu/rapid/press-release_MEMO-13-710_en.htm Last visited on 27-01-2014.

EC (2013 f) 'LIBE Committee vote backs new EU data protection rules' MEMO/13/923 22/10/2013

EC (2013 g) 'Statement by Commissioner Malmström on the European Parliament's resolution on the EU-US TFTP agreement' MEMO/13/928 23/10/2013

(27)

25 EC (2013 h) 'Towards a more dynamic transatlantic area of growth and investment'

SPEECH/13/867 29/10/2013

EC (2013 i) 'Restoring Trust in EU-US data flows - Frequently Asked Questions' MEMO/13/1059 27/11/2013

EC (2013 j) 'Joint Report from the Commission and the U.S. Treasury Department regarding the value of TFTP Provided Data pursuant to Article 6 (6) of the Agreement between the European Union and the United States of America on the processing and transfer of Financial Messaging Data from the European Union to the United States for the purposes of the

Terrorist Finance Tracking Program'

http://ec.europa.eu/dgs/home-affairs/what-is-new/news/news/docs/20131127_tftp_annex_en.pdf Last visited on 27-01-2014.

EC (2013 k) 'COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL Rebuilding Trust in EU-US Data Flows' COM(2013) 846 final'

http://ec.europa.eu/justice/data-protection/files/com_2013_846_en.pdf Last visited on 27-01-2014.

EC (2013 l) 'EU-US agreements: Commission reports on TFTP and PNR' IP/13/1160 27/11/2013

http://europa.eu/rapid/press-release_IP-13-1160_en.htm Last visited on 27-01-2014.

EC (2013 m) 'COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL A European terrorist finance tracking system (EU TFTS)' COM(2013) 842 final'

http://ec.europa.eu/dgs/home-affairs/what-is-new/news/news/docs/20131127_tfts_en.pdf Last visited on 27-01-2014.

EC (2013 n) 'Report on the Findings by the EU Co-chairs of the ad hoc EU-US Working Group on Data Protection'

http://ec.europa.eu/justice/data-protection/files/report-findings-of-the-ad-hoc-eu-us-working- group-on-data-protection.pdf Last visited on 27-01-2014.

(28)

26 EC (2013 o) 'Mass surveillance is unacceptable – U.S. action to restore trust is needed now' SPEECH/13/1048 09/12/2013

Edkins, J. (1999). Poststructuralism and International Relations: Bringing the Political Back in, Critical Perspectives on World Politics. Boulder, CO and London: Lynne Rienner

Publishers.

EP [European Parliament] (2013 a) ' PRISM: EU citizens' data must be properly protected against US surveillance' 20130617IPR12352

http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//NONSGML+IM-PRESS+20130617IPR12352+0+DOC+PDF+V0//EN&language=EN Last visited on 27-01-2014.

EP (2013 b) 'Parliament to launch in-depth inquiry into US surveillance programmes' 20130701IPR14770

EP (2013 c) 'Civil Liberties Committee MEPs agree on surveillance inquiry's next steps' 20130708IPR16833

EP (2013 d) 'MEPs raise suspension of EU-US bank data deal' 20130923IPR20604

EP (2013 e) 'NSA inquiry: MEPs hear US privacy experts, whistleblowers and Snowden statement' 20130930IPR21126

(29)

27 EP (2013 f) '2013 Sakharov Prize finalists announced' 20130930IPR21128

EP (2013 g) 'MEPs call for suspension of EU-US bank data deal in response to NSA snooping' 20131021IPR22725

EP (2013 h) 'NSA inquiry: EP should rethink data transfer deals with the US, experts say' 20131104IPR23614

EP (2013 i) 'MEPs not convinced by positive reports of data exchange deals with the US' 20131127IPR27769

http://www.europarl.europa.eu/pdfs/news/expert/infopress/20131127IPR27769/20131127IPR 27769_en.pdf Last visited on 27-01-2014.

EP (2013 j) 'WORKING DOCUMENT 1 on the US and EU Surveillance programmes and their impact on EU citizens fundamental rights' 1012434

http://www.europarl.europa.eu/meetdocs/2009_2014/documents/libe/dv/wd_moraes_1012434 /wd_moraes_1012434en.pdf Last visited on 27-01-2014.

EP (2013 k) ' WORKING DOCUMENT 4 on US Surveillance activities with respect to EU data and its possible legal implications on transatlantic agreements and cooperation' 1011371 http://www.europarl.europa.eu/meetdocs/2009_2014/documents/libe/dv/wd4_1011371/WD4_ 1011371EN.pdf Last visited on 27-01-2014.

EP (2013 l) 'NSA inquiry: lead MEP presents preliminary conclusions' 20131216IPR31029