Negotiations over the EU-US trade deal reopened yesterday, demonstrating that the NSA affair has not halted progress here despite the calls from the European Parliament for talks to be suspended. At the same time the Parliament's Civil Liberties, Justice and Home Affairs Committee (LIBE) continues to hold sessions on its inquiry into the spying allegations. Neelie Kroes, the Commissioner that heads the Digital Agenda policy, has said that while the spying revelations are shocking and unacceptable, the spying will probably continue - "Let's not be naive". Instead Kroes argues that Europe should focus on building its digital infrastructure and single market in the internet.
In the EU the spying scandal does not look like it will produce any sharp changes in policy direction, but rather an acceleration of existing policies as the Commission and others capitalise on the political fallout from the affair. For the Data Protection Regulation this has already meant a reversal of the bill's dilution that had been brought about under the influence of lobbyists, and for Kroes it means pushing the European Cloud.
The European Cloud Strategy was adopted by the Commission last year, aiming to boost European cloud computing by sorting through problems of technical standards, data portability, clear cloud computing contracts and user trust. The policy is mostly economically focused, noting that cloud computing can generate jobs and economic growth while providing opportunities for cost-cutting for small and medium businesses. However, cloud computing concerns issues of data protection as well as copyright issues. As the EU works through its data protection reforms, the fact that 85% of cloud computing services are US based will surely raise concerns not only over how much the EU needs to do to catch up in this market, but also over how effective European privacy rules will be in practice.
With European expert groups meeting on how to approach cloud computing contracts and a European Cloud Partnership mulling commercial strategy, the technical discussions seem removed from the headlines in the media, but the Commission probably does see this as part of the solution (as well as using the crisis to promote its policies). First, the Commission's strongest in the single market, so boosting European internet businesses so European consumers (and others) have an alternative to the US-based cloud is one of the few things they can actually do, so they would be naturally inclined to favour this policy. Second, the best way for Brussels to exert its regulatory power in an area (and one of the few ways it can exert any power) is to have a strong market in that area and then come up with high standards for it, setting the pace in the global marketplace.
In a sense, Kroes makes a good point. It is hard to imagine that the Franco-German push to put transatlantic spying on a "legal footing" will do much, if anything, to reduce actual levels of spying. Improving the market position of the EU would help provide an alternative and allow the EU to stamp its data protection philosophy on to the global economy more effectively - and the political impetus behind such an economic policy is unlikely to fizzle out as quickly as the focus on spying may do.
However, this isn't enough - we should and need to push more forcefully to ensure that security services here and in the US are more politically accountable. It is not enough that what they do is legal: after all, it would hardly solve the problem to provide that legal backing wherever it's currently lacking. Rather we need to have a more critical approach to the demands of security for ever more information and resources, and to have a real debate over how we balance safety and security and civil liberties.
Because while we can never have total security, we can run out of privacy.