Counterterrorism Blog

Terrorism and Data Protection: Balancing Privacy and Security

By Victor Comras

The threat of terrorism has given rise over the past four years to an expanding array of new security measures in Europe and here at home that intrude into areas previously considered by many as protected by rights of privacy. The 9/11 attacks provided impetus for Congress to pass the Patriot Act, and the Madrid and London bombings prompted the EU and its member countries to provide their local authorities with new unprecedented access to what was previously considered private and personal data. Now, privacy rights advocates and others are beginning to press home their own concerns. A new debate is being engaged in the U.S. Senate, and in the EU Commission, as to whether the current anti-terrorism measures are too intrusive and damaging to legitimate rights of privacy. The U.S. business community has also enter the fray. They are pushing the Senate to cut back, or place new controls and limitations on Patriot Act investigative powers. And in Europe, the EU Commission, under pressure from its Privacy Rights Directorate, has just proposed new measures to protect against European government data inquiry abuse.

The Patriot Act is up for renewal this session, and final Senate action is expected before the end of the year. Concerned with consumer privacy, and the burden that government records searches place on businesses, the US Chamber of Commerce, the National Association of Manufacturers, the National Association of Realtors, the Association of Corporate Counsel, the Financial Services Roundtable and Business Civil Liberties, Inc have just called on the Senate to cut back on the Patriot Act�s own investigative intrusiveness. Their letter to Senate Judiciary Committee Chairman Arlen Spector states plainly thir concern that "the rights of businesses to confidential files � records about our customers or our employees, as well as our trade secrets and other proprietary information � can too easily be obtained and disseminated under investigative powers expanded by the Patriot Act. It is our belief that these new powers lack sufficient checks and balances� (For a copy of the full letter click here.) These national business groups want Congress to amend the Patriot Act to require a statement of fact and some linkage between the records sought and the individual suspected of being a terrorist or spy and to provide for a meaningful right to challenge the order. The sentiments in the letter are closely aligned to those being expressed by diverse other groups including, for example, Librarians, the NRA, and the ACLU. All have asked for new oversight and control measures.

Similarly, EU Justice Commissioner Franco Frattini has just presented a new set of proposals to protect against government abuse of the EU�s new anti-terrorism data access and retention requirements. These measures would be used to balance the new data retention measures which allows for unprecedented levels of information gathering and exchange among EU countries. This would include new rules on confidentiality, security of processing systems, judicial remedies and government liability. The measures would also cut back considerably on earlier proposed counter-terrorism information sharing arrangements. Personal data could only be transferred to third countries in �very exceptional cases.� These proposals still must be considered by the EU Council and Parliament.