The Untold Story of Edward Snowden’s Impact on the GDPR
By Hallie Coyne
| November 15, 2019
In June 2013, National Security Agency contractor Edward Snowden released a trove of information on classified U.S. Government surveillance methods. U.S. Intelligence chiefs warned that the ripple effects of the leak would be devastating and extensive. Five years later, in June 2018, Joel Melstad, a spokesman for the U.S. National Counterintelligence and Security Center, reported that Snowden’s disclosures “have put U.S. personnel or facilities at risk around the world, damaged intelligence collection efforts, exposed tools to amass intelligence, destabilized U.S. partnerships abroad and exposed U.S. intelligence operations, capabilities and priorities.”[1] Snowden’s attorney, Ben Wizner, believes that these reports are exaggerated and alarmist, arguing that “the mainstream view among intelligence professionals is that every day and every year that has gone by has lessened the value and importance of the Snowden archives.”[2] However, Wizner’s assessment is regrettably limited in its scope. Importantly, it fails to account for the significant impact that Snowden’s leaks had on the development of the European Union’s General Data Protection Regulation (GDPR)–a piece of legislation that has fundamentally changed the nature of data privacy in the EU, and the world over.
The connection between Edward Snowden and the GDPR can actually be traced back to the European Parliamentary Committee on Civil Liberties, Justice and Home Affairs[3] (LIBE). This committee has a surprising history because, though its members were exceptionally interested in Snowden’s leaks, its ensuing legislative activity has been largely understudied. For example, on October 29, 2013, then-U.S. Director of National Intelligence, James Clapper, appeared before the U.S. House Intelligence Committee to discuss Snowden’s revelations.[4] The very next day, LIBE representatives met with senior National Security Council officials at the White House.[5] LIBE had an expansive mandate,[6] an entrenched concern for personal data protection,[7] and a history of treating national intelligence services with suspicion if not outright hostility.
Read More: The Untold Story of Edward Snowden’s Impact on the GDPR