In the fight for online privacy, Jan Philipp Albrecht, a German member of the European Parliament, sees himself as Edward Snowden’s comrade in arms. They are the same age, 30, and take the same crusading tone when the subject turns to U.S. government surveillance. They even look alike, with the tousled and bespectacled features of men who spend too much time in front of a computer. And although their tactics are very different, Albrecht is “completely convinced,” he says, that they are fighting the same war.
On Monday evening, Albrecht put forward a new set of rules to protect the data of E.U. citizens from the kinds of wholesale snooping that Snowden revealed this summer, when the former National Security Agency contractor turned asylum seeker in Russia leaked details of U.S. surveillance programs around the world. With those revelations still fresh in the lawmakers’ minds, Albrecht’s proposals passed after less than two hours of debate with a majority rarely seen in a chamber as fussy and divided as the European Parliament. “This was a surprise for everybody,” he tells TIME by phone from the French city of Strasbourg, the seat of the European Parliament, just after the vote. “But it’s also a clear sign of the overall consensus in all political parties here.”
That consensus has been fueled by the anger in Europe over what Snowden revealed. Starting in June, the former worker of U.S. intelligence agencies leaked documents showing how the U.S. spies on millions of communications across the Web. The disclosures have strained U.S. relations with allies around the world, most recently on Monday, when the French daily Le Monde, citing Snowden’s cache of secret files, reported that the U.S. had spied on some 70 million French telephone records and additional millions of text messages. U.S. President Barack Obama admitted in a telephone call with his French counterpart that the reports raised “legitimate questions for our friends and allies” about the scope of U.S. surveillance.
Previous reports based on Snowden’s disclosures have revealed that major Internet companies like Google and Yahoo pass user data to the U.S. National Security Agency, also known as the NSA. A key provision in Albrecht’s proposal — which passed the chamber’s Committee on Civil Rights, Justice and Home Affairs on Monday with a vote of 49 to 3 — would make these firms pay a very high price for that in the future.
Internet companies would face fines of up to 5% of their yearly revenue — a price that could reach into the billions of dollars for giants like Google — if they continue handing over their users’ data without consent. Another provision, known as the “right to be forgotten,” would allow European citizens to have all of their private data wiped from the Internet. At the risk of major fines, Internet companies would have to comply with such requests, deleting all copies of the private information from their servers.
Before Snowden’s leaks began, Albrecht’s proposals came up against ferocious lobbying from the tech industry and faced resistance from politicians who claimed that regulating online privacy should be left to individual states. Chief among them, Albrecht says, were lawmakers from the U.K., Denmark and Hungary, who all raised objections related to sovereignty. But this summer’s disclosure of the extent of U.S. spying made it politically risky for any lawmaker to oppose sweeping new safeguards for online data in Europe. More than a year of divisions over this issue quickly turned into a broad consensus, and Albrecht was even able to tighten the proposed rules against data transfer. “After Snowden we agreed that data protection in Europe is part of our self-determination and dignity,” Albrecht says.
Following Monday’s vote, the new rules will still face major hurdles before they can become E.U. law. The European Parliament still needs to hold a plenary vote, after which all 28 members states would have to agree on the new regulations. Those steps could take at least until next spring, Albrecht says, and may result in some amendments to the rules. But if they are adopted, they would mark a milestone in the global campaign for online privacy, replacing the outdated mosaic of regulations that now offer paltry protections for the E.U.’s 500 million citizens. “This is the moment to safeguard what we have,” Albrecht says, switching into the righteous tone that Snowden has used in defending his leaks: “Hundreds of years ago, citizens gave their lives for fundamental values and principles, which we would like to safeguard in a digital and globalized environment.”
Although Albrecht, who was elected to the European Parliament in 2009 from Germany’s Green Party, has never met Snowden or spoken to him, he applauds his leaks as “extremely courageous,” providing a wake-up call to the world on the vulnerability of online interactions. Next week, Albrecht and other European lawmakers will take part in an official visit to Washington, where he will argue for the U.S. to adopt similar regulations. “The reluctance is a bit broader in the U.S.,” he admits. “They still need to warm up to the concept of data protection.” But if Snowden can no longer do much to help from his temporary asylum in Russia, he can at least feel assured that his admirers in Europe are trying to carry the fight.