PRISM and privacy: Will this change everything?

Both the offline and online media have reported extensively on access by the US National Security Agency (NSA) to electronic communications data held by private companies, most notably via the so-called PRISM program. Meanwhile, there is growing concern regarding reports the UK's Government Communications Headquarters (GCHQ) is conducting massive surveillance of communications traffic both on its own behalf and for the benefit of other members of the ‘Five Eyes Alliance’ (comprising the UK, the USA, Canada, Australia, and New Zealand), and other European governments have been reported to have entered into arrangements to share the data collected by the USA and the UK. At least one European government (France) allegedly also runs a vast electronic surveillance operation of its own.

We hesitate to make pronouncements about such developments before the facts are clear, but feel justified in predicting that they will have significant long-term impacts on data protection and privacy law around the world, and on the political, economic, and social climate for data processing.

Not that there is anything new in systematic governmental access to private sector data. In November 2012 we published a symposium issue (volume 2, number 4 of IDPL) containing legal analysis of such access in nine countries (Australia, Canada, China, Germany, India, Israel, Japan, the UK, and the USA; further reports will be published in an upcoming issue), and a guest editorial concluded that it is a widespread phenomenon and gives rise to a number of legal issues that should be urgently addressed. Systematic government access to private data thus goes far beyond a particular country and a particular intelligence agency.