100 likes | 116 Views
In this presentation, Peter Swire provides a summary of key findings from his sworn testimony in the Schrems v. Facebook case, explaining US surveillance law to a European audience. He discusses the systemic remedies, the Foreign Intelligence Surveillance Court, individual remedies for privacy violations, and the broader implications of the case. The testimony provides a detailed understanding of the safeguards within US law for intelligence oversight.
E N D
Panel: “Surveillance Oversight, Intelligence Sharing, and the Rule of Law” Peter Swire Holder Chair of Law and Ethics @tlantic conference on Surveillance in EU & US Brussels (presented remotely) September 26, 2017
Overview • This talk summarizes key findings from 300-page sworn testimony in Schrems v. Facebook • Recently published • Explains US surveillance law to an EU audience • Full materials at: https://www.alston.com/en/resources/peter-swire-irish-high-court-case-testimony • Short summary essays about the testimony • Chapitre 1, “Résumé de Témoinage” estdisponible en français • Testimony of other experts at https://iapp.org/resources/article/schrems-2-0-expert-testimony
Swire Background • Student (a long time ago) at ULB on European Community law • Over 20 years as privacy, data protection, and cybersecurity professor • 1998 book on EU/US data protection • 1999-2001, Chief Counselor for Privacy in Clinton White House • Extensive work on the Safe Harbor • 2004: “The System of Foreign Intelligence Surveillance Law” • 2013, one of five members of President Obama’s Review Group on Intelligence & Communications Technology (“NSA Review Group”) • 2015, after Schrems I, sole non-government US expert who testified for DPAs on effects of Schrems – testimony documented 24 US surveillance reforms since 2013 (and more since) – https://ssrn.com/abstract=2709619
Background for the Testimony • Current case in High Court of Ireland, Schrems v. Facebook, on adequacy of Standard Contract Clauses • Irish Data Protection Commissioner found complaint by Schrems to be “well founded” • Issue: is there inadequacy due to national security surveillance for personal data transferred to the U.S.? • Irish court procedure: experts selected by a party (I was selected by FB), but sworn obligation to provide independent testimony to the Court on US law • I retained completed editorial control over content • Experts conferred about disagreements with each other’s testimony; based on that, I changed two sentences in 300 pages of testimony
U.S. Systemic Remedies • Many of the most effective protections for privacy exist systemically, before a violation, rather than only by ex post remedies • For auto accidents, it is good to have a remedy after the accident; it is better to prevent the accident from occurring • Chapter 3: many systemic remedies under US law (49 pages) • Chapter 6, Oxford team led by Ian Brown found “the US now serves as a baseline for foreign intelligence standards.” • The legal framework for foreign intelligence collection in the US “contains much clearer rules on the authorisation and limits on the collection, use, sharing and oversight of data relating to foreign nationals than the laws of almost all EU Member States.” • Chapter 4: strong systemic remedies for US criminal law
Foreign Intelligence Surveillance Court • Chapter 5: We reviewed all materials declassified by the FISC from 2013 to late 2016 • Significant compliance problems until about 2009 • The FISC today exercises independent and effective oversight over US intelligence surveillance • Growing number of requests refused or modified • Several surveillance programs halted or modified by the FISC • The FISC monitors surveillance programs far more than most have realized • Improved transparency • Third party, independent litigants increasingly appear before the FISC
Many US Individual Remedies for Privacy • Chapter 7 details many US remedies for privacy violations • Under US law in general, many advantages for plaintiffs, such as: • Broad discovery • Contingency fees • Favorable attorney’s fees • Jury trials • Class actions • Important remedies against service providers who violate law to provide telecommunications records to the government
Broader Implications of the SCC Case • Major impact if inadequacy finding “only” applies to (a) the US, for (b) Standard Contract Clauses • Geographic scope: study of the BRIC countries (Brazil, Russia, India, China), and none are close to the US in adequacy of surveillance oversight • Beyond SCCs: • Extent of surveillance within US is independent of the lawful basis of the transfer • Privacy Shield – very similar safeguards as SCCs • Binding Corporate Rules – again, within US, similar safeguards • And, US as “baseline” for strict standards for intelligence oversight • Therefore, hard to see how to limit the scope of an inadequacy finding – there may be no lawful basis for many transfers to most countries outside of the EU
Conclusion • For Schrems I, there was not much factual record about US law for oversight of national security surveillance • In my experience, there has been limited appreciation of the multiple safeguards within US law for intelligence oversight • This sworn testimony – very detailed, with footnotes for everything • I respectfully suggest that EU experts should read the published testimony of the experts in US law, in the current case • Without study of this material, we could see a decision with large consequences, without accurate recognition of actual US law and practice