skip to main content
Close Icon We use cookies to improve your website experience.  To learn about our use of cookies and how you can manage your cookie settings, please see our Cookie Policy.  By continuing to use the website, you consent to our use of cookies.
Global Search Configuration

Ovum view

Summary

The approval of the USA Freedom Act by the US Senate on June 2, 2015 came one day after some of the provisions of the Patriot Act had expired, forcing the National Security Agency (NSA) to discontinue bulk collection of communications metadata. Data retention requirements are still in place, but the new act puts an end to the era of bulk data collection, which has damaged the reputation of some US companies.

The US still has some way to go to regain international trust in privacy matters

Despite attempts to amend the bill at the last minute, the newly approved Freedom Act is not a mere extension of the expired provisions of the Patriot Act; rather it reintroduces a much more reasonable and sensible form of data retention requirements, which telcos and Internet companies should welcome. The bulk collection is over; public bodies will only be able to issue requests for metadata related to specific individual persons or accounts, and will require a court order for that (something they did not need before). Crucially, the NSA will no longer be allowed to store this information on its own servers; this information will now sit on companies' servers.

Many privacy advocates have argued that the bill does not go far enough, in that it still retains provisions allowing the monitoring of "lone wolf" suspects (i.e. potential attackers not linked to foreign terror groups), despite the US authorities admitting these powers have never been used. The act also continues to allow investigators to monitor travel and business records of individuals, something law officers say is more effective than bulk collection. Nonetheless, it should be seen as a promising change in direction compared to the privacy-invasive policies that have become a point of concern for users and businesses, both within the US and abroad.

Tech companies in the US have faced pressure from EU regulators which have sought tighter measures on data protection; these include the intention to review the Safe Harbor agreement, which allows US businesses to transfer European customers' data in an almost self-regulatory regime. This could still happen once EU institutions have agreed on the long-awaited data protection reform; however, US legislators can minimize the risk of business-unfriendly regulation from the EU if they continue on the path they have taken this week.

Appendix

Further reading

Current Status and Future Developments in Data Protection, TE0007-000812 (August 2014)

Data Protection Tracker: 1Q15, TE0007-000867 (January 2015)

Author

Luca Schiavoni, Senior Analyst, Regulation

luca.schiavoni@ovum.com

Recommended Articles

;

Have any questions? Speak to a Specialist

Europe, Middle East & Africa team - +44 (0) 207 017 7700


Asia-Pacific team - +61 (0)3 960 16700

US team - +1 646 957 8878

Email us at ClientServices@ovum.com

You can also contact your named/allocated Client Services Executive using their direct dial.
PR enquiries - Call us at +44 788 597 5160 or email us at pr@ovum.com

Contact marketing - 
marketingdepartment@ovum.com

Already an Ovum client? Login to the Knowledge Center now