Is personal data better shielded in Europe from the prying eyes of national security investigations than in the US? That is a general assumption of some, following the revelations by former US intelligence contractor Edward Snowden. But it may be incorrect.

在欧洲，个人数据受到更好的保护，不像美国那样被国家安全调查的“窥伺之眼”紧盯？在美国前情报合同工爱德华•斯诺登(Edward Snowden)爆料之后，这是一些人的大致想法。但事实或许不然。

It is naive to think that European intelligence agencies do not use data collected from phone and internet companies in their investigations. Privacy hawks may also be surprised to learn that the US imposes at least as much due process and oversight on foreign intelligence surveillance as others. Currently, there is quarrelling over how well the judicial and legislative approval process is working in America. But the fact that it exists at all is the critical point because few countries provide the kind of framework of judicial authorisation and legislative oversight of national security investigations found in the US.

如果你以为欧洲情报机构在调查中不会使用从电话和互联网企业收集的数据，那就太天真了。捍卫隐私权的鹰派人士听到以下这一点或许也会感到吃惊：在监听外国情报方面，美国所实施的法定程序和监督至少不亚于其他国家。关于美国这套司法和立法批准程序是否在很好地运转，人们仍在争执不休。但它毕竟存在，这一点才是关键所在，因为在国家安全调查方面，很少有国家具备与美国相当的司法授权和立法监督框架。

In France, for example, no court is involved in interceptions under the law governing access to information on national security grounds, and the interceptions are kept secret. Requests for interception are presented to the prime minister’s office, which grants authorisation. Afterwards, the authorisations are presented to a special security commission that can evaluate the justification for the warrant and inform the prime minister of any concerns.

以法国为例，按照有关规范以国家安全理由获取信息活动的法律，不会有法庭受理信息监听案件，而监听行动也是秘密进行的。监听请求被呈递给总理办公室，在总理办公室授权后，由一个特别安全委员会进行评估，裁定授权是否合理，如有问题就上报总理。

The lack of court involvement in France is in contrast to the US Foreign Intelligence Surveillance Act. In France, “oversight” is undertaken by a committee that can only recommend modifications to the executive. In addition, the law is broader than Fisa in that it permits interceptions to protect “economic and scientific potential”.

法国没有法庭介入情报监听活动，而美国则有《外国情报监视法》（Foreign Intelligence Surveillance Act，简称Fisa）。在法国，负责“监督”此类活动的委员会只能向执行机构提出修改意见。此外，法国相关法律也比Fisa更宽泛，它允许为保护“经济与科技潜在利益”实施监听。

In Germany, the federal office

在德国，联邦调查办公室在涉及国家安全或恐怖主义的调查中拥有广泛权力。例如，该办公室有权在用户或服务提供商不知情的情况下，使用一种叫Bundestrojaner（“联邦木马”）的电脑病毒来搜索IT系统、监控通信和收集数据。尽管使用这种病毒要获得法院命令，但服务提供商并不知道病毒的部署。在美国，服务提供商会收到有关获取信息的指令，还可以提出异议。

of investigation has broad authority in investigations that concern national security or terrorism. For example, it is permitted to use a computer virus, the Bundestrojaner (“Federal Trojan”), to search IT systems, monitor communications and collect data without the knowledge of users or service providers. While a court order is needed to use the Trojan, service providers are not aware of its deployment. In the US, service providers are notified of acquisition orders, which they can contest.

在英国，关系到外国情报的监听授权通常由外交大臣颁发。与美国不同的是，法院在监听授权或评估中不发挥任何作用。

In the UK, interception warrants relating to foreign intelligence are generally issued by the foreign secretary. Unlike in the US, the courts play no role in the authorisation or review of these interceptions.

一个独立于政府的司法机构-——调查权力法庭(Investigatory Powers Tribunal)依据监视法审理投诉。但受监视者在事后不会被告知他们受到了监视，因此很多原本有理由申诉至该法庭的人实际上不会这么做。

There is an Investigatory Powers Tribunal, a judicial body independent of government, that hears complaints under the surveillance law. But the absence of after-the-fact notification to those placed under surveillance means that many who might have cause to bring claims to the tribunal will not in practice do so.

欧洲人质疑Fisa的隐私保护效力可以理解。如果只是对美国法律稍有涉猎，就可能错误地得出结论，认为所有针对非美国人的外国情报措施都没有差别，并且不受法庭监督。实际上，美国政府必须向相关法庭证明，监视是为了获取“外国情报信息”，这个词汇与外国以及恐怖组织的敌对行为和官方活动密切相关。

European scepticism about the privacy protections in Fisa is understandable. A casual reader of the US law might conclude – mistakenly – that foreign intelligence measures targeting non-Americans are indiscriminate and conducted without court supervision. In reality, the government must certify before the relevant court that the surveillance is to obtain “foreign intelligence information”, a term closely tied to the hostile acts and official activities of foreign countries and terrorist organisations.

还值得注意的是，在欧盟地区，电信与互联网企业有义务保留个人信息，期限可能长达两年。欧盟数据保护监督官曾说，这条规定是欧盟采取的最为侵犯隐私的措施。信息保留规定，加上欧洲许多国家在以国家安全名义获取个人数据时缺乏透明度和正式检查，应该让拥护者在指摘美国国家安全活动时，三思而言。

It is also worth noting that, in the EU, there is an obligation for telecoms and internet companies to retain personal information, potentially for up to two years. The EU data protection supervisor has called this rule the most privacy-invasive instrument ever adopted by the union. That data retention directive, combined with the lack of transparency and formal checks on national security access to personal data in many European countries, should give advocates pause when they single out the US for its national security activities.

不管是在美国还是其他任何地方，都无法保证政府当局一定会遵守旨在约束以国家安全名义获取个人信息活动的法律。但是，要求取得什么样的授权以及采取什么样的评估活动，关系到个人隐私与自由受到多好保护的问题。

There are no guarantees, in the US or anywhere else, that authorities are abiding by the laws restricting access to personal data in the name of national security. But the degree of authorisation required and the kind of review that occurs is relevant indeed to a determination of how well personal privacy and liberty are protected.

这么看来，美国的情况比其他许多地方都要好得多。批评美国隐私保护问题的欧洲人最好回过头看看本国以国家安全名义获取个人信息的情况吧。

Viewed that way, the US fares better than many others. European critics of US privacy protections would be well advised to take stock of their own countries’ national security access to personal data.

本文作者是霍金路伟律师事务所(Hogan Lovells)全球隐私与信息管理负责人，他曾与人合作撰写了一篇有关国家安全机构获取云端数据的调查报告

The writer is head of global privacy and information management at law firm Hogan Lovells and is co-author of a study of national security access to data in the cloud