BRUSSELS, Belgium — Edward Snowden may be amoldering in the transit lounge of a Moscow airport, but the spy scandal he unleashed goes marching on across Europe's political and diplomatic landscape.
As a US military court on Tuesday convicted that other American security leaker — the WikiLeaks source Pfc. Bradley Manning — on espionage, computer fraud and multiple other charges, it's unclear when the fallout from Snowden's revelations about America's electronic eavesdropping will end.
It's already casting a shadow over Europe's most powerful leader — German Chancellor Angela Merkel — as well as jeopardizing trans-Atlantic agreements that Washington views as vital to the fight against terrorism, and threatening the future of the world's biggest internet companies.
Anger over the PRISM system — under which the US National Security Agency claimed "direct access" to data stored by Google, Microsoft, Yahoo and other tech giants — has boosted the positions of those seeking tough new data-protection rules that would make it harder for the US authorities to get their hands on the private details of European citizens.
"I hope that PRISM has been a wake-up call," Viviane Reding, the European Union's justice commissioner, said recently. "There is no area which lies outside the law in Europe, even when issues of security are involved."
Outspoken in her criticism of the US cyber-snooping, Reding has been leading efforts to update EU data privacy rules.
"In Europe, data protection is a fundamental right. Citizens do not want the secret service to listen to every phone call they make or read every email they write," she said in recent speech in Munich.
"National security is important, but it does not mean that anything goes and that fundamental rights no longer apply."
Draft EU data privacy rules drawn up by Reding's office in 2011 were watered down by politicians who argued they would harm security and hamper business. But the brouhaha over Snowden has prompted a turnaround, with powerful voices now demanding more protection.
Merkel has lent her highly influential voice to the demands for tougher rules. She's publicly called for "very strict" European privacy laws that would force companies such as Google and Facebook to keep European authorities informed of whom they share data with.
"The protection of citizens' data must be ensured," she told ARD television.
With Germany's national elections looming in September, Merkel is under pressure to take a firm stance.
Snowden's exposure of collusion between Germany's BND spy agency and the NSA caused widespread outrage in a country where intrusion into private lives by secret services revives bad memories of the Nazi Gestapo and Communist Stasi.
Trailing Merkel in opinion polls, Germany's opposition has seized on the spy scandal. Social Democratic Party leader Peer Steinbrueck has accused the chancellor of breaking her oath of office for failing to protect citizens from privacy violations by US intelligence.
However, Merkel is far from the sole European politician pressed by public disquiet over PRISM to take a harder line.
A change of heart in the European Parliament now seems certain to ensure that strict limits on how internet companies share European citizens' data with foreign governments will be re-inserted into the proposed EU data-privacy legislation.
Lawmakers fearful of upsetting EU-US relations had opposed the so-called anti-FISA clause — named after the Foreign Intelligence Surveillance Act, which enables the US government to monitor international phone and email conversations. Snowden has changed their minds.
"It's definitely a big step in the right direction," says Joe McNamee, director of the privacy campaign group European Digital Rights.
"In the space of a few days, we went from being the only ones asking for this text to seeing the biggest groups in the European Parliament standing up and saying it must be re-introduced. It was a pleasant trip into the mainstream for us."
The inclusion of the clause in the final EU law could have profound implications for American tech firms. They could find themselves obliged by American legislation to share information about foreigners with government agencies at home, but facing massive EU fines for passing on such data.
The clause was removed from the bill originally drafted by Reding's office in 2011 after a bout of intense lobbying by the Obama administration. The US authorities and American internet giants are continuing to mount a major lobbying campaign to dilute the legislation.
"I've never seen anything like it, such a powerful lobbying operation," Reding told Spain's El Pais newspaper last week. "The lobbies have 10 times more people than my team, there are hundreds of lawyers' offices active on this and representatives paid by the big companies."
The Snowden scandal has pushed American lobbyists onto the back foot as European politicians call not just for tough new legislation, but also a rollback of existing rules that allow the sharing of information such as airline passenger data or bank account details.
Reding has also ordered a review of "safe-harbor" rules set up in the 1990s that — under the assumption that both sides of the Atlantic shared broadly similar privacy standards — allow American companies to self-regulate their compliance with European laws under the supervision of the US Federal Trade Commission.
Germany's Conference of Data Protection Commissioners wrote to Merkel last week urging her to support a suspension of the safe-harbor arrangements.
"Supervisory authorities may suspend the transfer of data to such countries when there is a 'substantial likelihood' that the safe harbor principles ... are being violated. This is now the case," the German authorities wrote.
All of this is casting a dark cloud over the recently launched negotiations between the United States and European Union to create the world's largest free-trade zone.
Merkel intervened to persuade French President Francois Hollande not to block the first round of talks over the PRISM scandal, but privacy issues seem certain to dog future progress.
They are also exacerbating divisions within the EU.
Britain — which has close ties with US intelligence services — and Ireland — which has sought to attract major investment from American tech companies — are coming under fire for their own lax approaches to privacy.
"It's bad enough that you have elected politicians acting against the best interests of their own citizens," privacy campaigner McNamee says. "But when the data protection authorities start acting in the way the Irish and in particular the British have been doing, it just beggars belief."