Global Surveillance Law Comparison
Baker McKenzie’s 2017 Global Surveillance Survey
One year ago, in April 2016, Baker McKenzie published its first global surveillance survey - with overview heat maps and detailed questions and answers for 39 jurisdictions worldwide. A year later, the basic picture has not dramatically changed: Most countries are conducting surveillance and espionage to protect their national security - while at the same time opposing surveillance and espionage by other countries. But, some details have changed since details regarding the U.S. NSA program were leaked in 2013: Germany, Russia, the United Kingdom and a few other European jurisdictions have updated their surveillance, data residency and retention laws in the interest of increased national security - while the United States have enacted additional privacy protections and gradually scaled back their surveillance programs.
Recall that in 2015, the Court of Justice of the European Union (CJEU) raised the question of whether the level of data protection in the US is adequate and equivalent to the European Economic Area (EEA). The CJEU did not answer this question in its judgment of 6 October 2015, but noted concerns regarding reports of indiscriminate mass surveillance by the National Security Agency (NSA)1 and the Federal Bureau of Investigation (FBI) in the United States. Since then, the EU Commission and the U.S. Department of Commerce agreed on a new “EU-U.S. Privacy Shield Program,” which is accompanied by assurances by a number of U.S. government authorities regarding privacy protections relating to surveillance programs.2
At the same time, other institutions in the EU and scholars started to analyze the state of surveillance laws in individual jurisdictions within the EEA and elsewhere. They uniformly found comparisons difficult, as actual practices of intelligence authorities are cloaked in secrecy and laws are complex and fragmented in this area.3 Due to constitutional limitations on the EU’s jurisdiction to legislate matters of national security, the legal situation in the EEA member states is not very uniform. For example, in some EEA member states, senior police or military officers can issue search warrants.4 EU institutions have called for improvements in the U.S. as well as in the EEA.5
Companies around the world are confronted with questions on how to comply with different jurisdictions’ laws and data access requests. Users and providers of cloud services, Software-as-a-Service and other services have to factor in government surveillance and data access practices of different countries into their business and location plans. With our surveillance law survey and heat map, we intend to contribute a global overview with broad jurisdictional scope to the discussion and corporate planning processes.
1 CJEU C-362/14 Schrems v. Data Protection Commissioner), 6.10.2015, #31.
3 Cate/Dempsey/Rubinstein, Systematic government access to private-sector data, 2 International Data Privacy Law, 215 (2012); Schwartz, Systematic government access to private-sector data in Germany, 2 International Data Privacy Law, 289 (2012); Brown, Government access to private-sector data in the United Kingdom, 2 International Data Privacy Law, 230 (2012). Freiwald/ Métille, Reforming Surveillance Law: the Swiss Model, 28 Berkeley Tech. L. J., 1261 (2013).
4 See Study of the EU Agency for Fundamental Rights (FRA), Surveillance by intelligence services: fundamental rights safeguards and remedies in the EU: Mapping Member States’ legal frameworks (2015), A comparison between US and EU data protection legislation for law enforcement purposes.
5 See studies cited in footnote 38