Freely subscribe to our NEWSLETTER

First of all, the Patriot Act enacted on October 26, 2001 and passed after the September 11 attacks, was an anti-terrorist law that allowed security services to access computer data held by individuals and businesses, without prior authorization and without informing users. The law gave new powers to the U.S. Department of Justice, the National Security Agency and other federal agencies on domestic and international surveillance of electronic communications; it also removed legal barriers that had blocked law enforcement, intelligence and defense agencies from sharing information about potential terrorist threats and coordinating efforts to respond to them. Nevertheless, the Patriot Act raised concerns among civil liberties groups and other critics surrounding the data privacy rights of U.S. citizens. The law has undone previous checks on civil liberty abuses, unnecessarily endangered privacy and discouraged free speech. Therefore, it undermined in total six amendments of the U.S. Constitution.
Following a lack of Congressional approval, parts of the Patriot Act expired on June 1, 2015. With the passage of the USA Freedom Act on June 2, 2015, the expired parts were restored and renewed through 2019.

The Freedom Act: end of mass surveillance?

The Patriot Act was replaced by the Freedom Act enacted on June 2, 2015. The Freedom Act is rather positive for one simple reason: it is virtually impossible to be more intrusive to freedoms than the Patriot Act was. Although the US is still engaged in a war against terrorism, it is rather the revelations of Edward Snowden that motivated the preparation of this law. However, the Freedom Act does not repeal the 2001 Act, since many of the provisions of the Patriot Act were extended. The most important contribution of this text consists in the limitation of the powers of the National Security Agency (NSA) which partially terminates mass surveillance established by the Patriot Act. Under the new law, the intelligence services would have access to U.S. data only when a court deems that there is a legitimate suspicion of connections with international terrorism.

On the other hand, certain American associations defending the individual rights and liberties guaranteed by the American Constitution (American Civil Liberties Union, Electronic Frontier Foundation) believe that this law does not go far enough, as most of the measures in the Patriot Act were extended. Therefore, the civil liberties advocates criticize the Act for extending the Patriot Act Mass surveillance programs without meaningful restraints, undermining the original purpose of the bill.

Unfortunately, the law concerns only the gathering of data in the U.S. and will have no effect on the surveillance carried out by the NSA abroad. Indeed, the law still allows the NSA to spy on communications entering or leaving the U.S. territory.

The LEADS Act and the « warrant cases »

It is the LEADS (Law Enforcement Access to Data Stored Abroad) Act that will regulate the circumstances in which the U.S. government could have access to data from abroad. This Act authorizes the use of extraterritorial search warrants only if the Government is seeking the content of electronic communications belonging to an U.S. national.
Supported by the "United States House Committee on the Judiciary," the bill is currently discussed by the United States Congress.

At the origin of this bill is notably Microsoft Corporation v / United States of America case of 2016. The case began in December 2013 when a New York district court judge issued a warrant asking Microsoft to produce all emails and private information associated with a certain account hosted by Microsoft. The account’s emails were stored on a server located in Dublin, Ireland, one of many datacenters held by Microsoft around the world to improve the speed of service it provides its non-U.S. customers. Microsoft provided account information kept on its U.S. servers but refused to turn the emails over, arguing that a U.S. judge has no authority to issue a warrant for information stored abroad. Microsoft moved to vacate the warrant for the content held abroad on 18 December 2013. In May 2014, a federal magistrate judge disagreed with Microsoft and ordered it to turn over the emails. Microsoft appealed to the District Court for the Southern District of New York. The district court found in favor of the Government and Microsoft appealed to the Second Circuit. According to Microsoft, a domestic search warrant can´t compel American companies to produce data stored in servers outside the United States.

At the same time, the federal judges have tried to limit the power of the Government to access personal data during a criminal investigation. In Riley v/ California case of 2014, the United States Supreme Court ruled that warrantless search and seizure of digital contents of a cell phone during an arrest is unconstitutional (violation of the 4th Amendment of the U.S. Constitution).

Similarly, in Apple v / FBI case, the order of Magistrate Judge James Orenstein of the Federal District Court for the Eastern District of New York of February 2016, refused to order Apple to help FBI unlock the iPhone belonging to Syed Farook, who was responsible for the shootings in San Bernardino in December 2015 which left 14 people dead. To justify such a decision, Judge Orenstein ruled that the Government claimed almost unlimited authority to force Apple to cooperate with police.

The Judicial Redress Act and the protection of European citizens´ rights
Finally, the Judicial Redress Act enacted on February 24, 2016 ensures that all European citizens have the right to enforce data protection rights in U.S. courts on the basis of 1974 Privacy Act. By extending the protection available to U.S. nationals under the 1974 Privacy Act to European citizens, this Act is a part of the Privacy Shield´s negotiation process the will replace the "Safe Harbor", invalidated by the European Court of Justice in a recent ruling (ECJ, 6 October 2015, C-362/14, Maximillian Schrems v/Data Protection Commissioner).

In addition, the Judicial Redress Act provides for the conclusion of an "umbrella agreement" between the United States and the European Union. This agreement signed on June 2, 2016 will guarantee a high level of protection of all personal data, regardless of nationality, when transferred across the Atlantic for law enforcement purposes. It will strengthen privacy, while ensuring legal certainty for transatlantic data exchanges between police and criminal justice authorities.

As for the "Privacy Shield" signed between the European Commission and the U.S Government on February 2, 2016, the new arrangement was finally adopted by the European Commission on July 12, 2016. However, both G29 and the European Data Protection Supervisor (EDPS) issued negative opinions on the new agreement. Therefore, it is not excluded that the new transatlantic data transfer mechanism will be invalidated by the European Court of Justice.