BRUSSELS: The European Commission has asked the United States about a secret court order Yahoo used to scan thousands of customer emails for possible terrorism links, following concerns that may have violated a new data transfer pact.
Under the Privacy Shield agreement that came into force in August, the United States agreed to limit the collection of and access to Europeans’ data stored on US servers because of EU concerns about data privacy and mass US surveillance.
The previous deal was thrown out by the EU’s top court in October 2015, leaving thousands of firms scrambling for legal ways to provide data on transactions ranging from credit cards to travel and e-commerce that underpin billions of dollars of transatlantic trade.
Reuters reported last month that Yahoo had scanned all incoming customer emails in 2015 for a digital signature linked to a foreign state sponsor of terrorism, at the behest of a secret court order. That raised fresh questions about the scope of U.S. spying.
“The Commission services have contacted the US authorities to ask for a number of clarifications,” Commission spokesman Christian Wigand said.
The United States had pledged not to engage in mass, indiscriminate espionage, assuaging Commission concerns about the privacy of Europeans’ data stored on U.S. servers following disclosures of intrusive U.S. surveillance programs in 2013 by former National Security Agency contractor Edward Snowden.
Two people familiar with the matter said the Commission had now asked the United States to explain how the Yahoo order fitted with its commitments, even if the program ran before the Privacy Shield was in place.
The Commission was seeking clarifications on the nature of the court order itself and how targeted it was, said one person familiar with the matter. Another said it had also asked if the program was continuing.
“The U.S. will be held accountable to these commitments both through review mechanisms and through redress possibilities, including the newly established Ombudsperson mechanism in the U.S. State Department,” Wigand said.
Privacy Shield, which Yahoo has not signed up to, provides for a joint annual review to ensure the United States is respecting its commitment to limit the amount of data hoovered up by U.S. agents.
A senior U.S. government official said he could not confirm or deny the reports about Yahoo, but said if true the surveillance would have been targeted at identifying terrorists while protecting the privacy of others.
That would be “good intelligence work,” he said.