BRUSSELS — “It looks to me like it could become one of the biggest data privacy scandals ever,” Renate Künast, a German politician, recently said. Europeans were shocked to hear that, after having their banking data and air passenger data transferred to the U.S. authorities without their knowledge, they now also have their personal online data snooped on by U.S. authorities.

U.S. whistleblower Edward Snowden revealed that the American National Security Agency and the FBI were monitoring the phone, email and Internet activities of foreign citizens through companies such as Microsoft, Yahoo, Google, Facebook, AOL, Skype, YouTube and others. The program – called PRISM – is the latest in a series of secret data gathering schemes put in place after the 9/11 terrorist attacks on the World Trade Center in 2001.

Add to that the fact that U.S. authorities also have sweeping powers to collect the information stored in U.S.-based cloud computing providers like Amazon or Google, regardless of who the owner of the information is and where she or he lives, and you have all the ingredients of a massive transfer of Europeans’ personal data to American intelligence agencies.

To some, however, there is nothing new here, since widespread spying by Americans has always been something of an open secret. “I am somewhat surprised everybody is getting so excited about this latest scandal. It is just one of the many examples of the U.S. tapping in our data without telling us,” Dutch member of European Parliament (MEP) Sophie In’t Veld said.

But whereas previous scandals had a veneer of deniability and only provoked a reaction from a few knowledgeable insiders, PRISM has had a much wider impact, causing public furor across borders and political affiliations. Europeans citizens were shocked to learn that a foreign country has access to the most intimate details of their private lives. The mainstream media, which in the past provided very limited coverage on the question of data transfers to the U.S., have all run stories on the issue this time.

Breach of international law

The American authorities were prompt to claim the gathering of data was legal. U.S. attorney general Eric Holder indicated to his EU counterparts that the secret snooping operation on EU citizens by the American intelligence agency operates within the law; U.S. intelligence chief James Clapper defended PRISM, saying, “There is a robust legal regime in place governing all activities conducted pursuant to the Foreign Intelligence Surveillance Act [FISA] which ensures that those activities comply with the Constitution and laws and appropriately protect privacy and civil liberties.”

First, what Clapper says may not be entirely true: if FISA does indeed offer some protection to American citizens by stipulating that investigations should be conducted in a manner consistent with the Fourth Amendment’s guard against unreasonable searches and seizures, this amendment has no relevance for non-U.S. citizens. In other words, because American law allows for spying on foreigners, the privacy safeguards therein do not apply.

The rest of the world is left with no protection at all; nor is there judicial redress offered to European citizens. “How can we speak about an EU-US special relationship, when president Obama explicitly says that they only spy on foreigners? That means us,” Sophie in’t Veld said during an emergency debate in the European Parliament about the scandal.

Second, what may be legal in the United States is not necessarily legal in an international context. EU Commission officials say that where the privacy rights of a European citizen are concerned, it is for a judge in their own state to determine whether the data can be lawfully transmitted. The Commission also made it clear that the extra-territorial application of laws by third countries constitutes a breach of international law. If all the countries adopted laws and applied them unilaterally to other countries’ citizens, the world would be a total mess. This is why international law was created in the first place.

Transmission of personal data between countries should only be done through established official channels such as mutual legal assistance agreements. Instead, by designating thousands of keywords, names, phrases and phone numbers, NSA computers can pick them out of millions of messages written by citizens around the world and pass anything of interest on to analysts. “It is like having a postal service that opens and reads every letter,” a Belgian observer commented. One can only speculate about what happens next.

Dubious security concerns

Third, Europeans don’t care so much about the legality than about their privacy, an issue that has always been more sensitive on the European side of the Atlantic. You hear more concerns about the U.S. Patriot Act in Europe than in the U.S., and people generally consider that if the law does not appropriately protect privacy, it means there is the law is flawed. Declarations like President Obama’s, who defended the spy program as a “modest encroachment” on privacy needed to keep Americans safe from terrorism, are unlikely to satisfy Europeans. They do not believe the encroachment is “modest” — quite the opposite actually. Nor do they think Obama’s argument justifies the massive scale of the snooping.

To Europeans, even national security issues cannot come at the expense of fundamental rights. What sense does it make to protect citizens’ freedoms, they ask, by curtailing their freedoms? In Europe, the law clearly stipulates that the collection of personal data should always be proportional and strictly limited to what is absolutely necessary. The massive snooping by the Americans goes far beyond that.

Last week, Germans demonstrated against the PRISM program. The rallies came after leaked files showed that the U.S. did more spying on Germany than any other European country. But Germany has never been more of a hotbed of radicalism or terrorist threat than other countries in Europe.

So why has it been targeted by the spying? Germany is a major economic power and plays an important role in shaping the EU’s economic policy — some are wondering if issues other than terrorism were at stake. Back in 2001, the European Parliament investigated a case of large-scale economic espionage by the United States on European companies and institutions. The report it published on “the existence of a global system for the interception of private and commercial communications” concluded that the program, called ECHELON and operated by the US intelligence agencies, was capable of interception and content inspection of telephone calls, fax, e-mail and other data traffic globally. Clearly, nothing has changed since that report.

Asking American citizens for support?

Systems like ECHELON and PRISM clearly violate the human right to individual privacy. Now the question many are asking is, what can be done about it? Before answering this question, however, there is another, preliminary one: Do European governments really want to do something about it?

Indeed, it soon became clear that at least some European governments were complicit in the snooping by the Americans. In the United Kingdom, The Guardian reported that the British intelligence agency GCHQ cooperated with the NSA to secretly spy on its own citizens. In the Netherlands, the Dutch daily De Telegraaf wrote that the country’s top intelligence branch, the AIVD, also worked directly with the Americans on PRISM.

As for the European Commission, it appears more often than not to have given in to American pressure. On June 12, the Financial Times reported that due to U.S. pressure and high-level lobbying, the Commission’s draft proposal for a new EU regulation on data protection was amended by deleting Article 42, which effectively would have been an “anti-FISA clause.” The legislation is currently being debated by the European Parliament; executives at several large U.S. technology companies said they are now worried the measure could be reintroduced by MEPs angry at the NSA disclosures. In practice, though, the original legislation would do nothing to stop a PRISM-type operation even if it gets reintroduced.

In other words, the only support European citizens can expect to have in terms of protecting their privacy lies with a handful of MEPs like Sophie in’t Veld. In a heated debate in the European Parliament on the NSA scandal, MEPs complained that for more than a decade, the European Union has yielded to U.S. demands for access to EU financial and travel data and said it was now time to reexamine the deals and to limit data access. But the European Parliament itself has a hard time making its concerns heard by individual European governments. In the end, the European citizen is left pretty much alone in his or her fight to protect their fundamental right to privacy.

The Justice Minister for the German state of Hesse, Joerg-Uwe Hahn, called for a boycott of the American companies involved in the snooping. “I am amazed by the flippant way in which companies such as Google and Microsoft seem to treat their users’ data. Anyone who does not want that to happen should switch providers,” he advised. This could be part of the solution; but are European citizens ready to renounce all American service providers? Others have called for independent European Internet services, something that seems unlikely to happen anytime soon.

Instead, Sophie in’t Veld’s suggestion could be the most relevant one: she thinks Europeans should put more hope in American citizens to protect their rights. According to her, if ordinary Americans demand a roll-back on data snooping, it might force the U.S. to take a softer line in EU talks. Europeans can only hope that American citizens get the message.