Friday

23rd Jul 2021

National governments punch holes in EU data protection bill

  • Digital rights campaigners say member states are undermining basic standards in the EU's data protection bill (Photo: nitot)

National governments are unraveling a EU data protection bill for the benefit of big business, according to leaked documents published by pro-privacy campaigners.

Digital rights advocate Joe McNamee at the Brussels-based EDRi on Tuesday (3 March) said the regulation is now at risk of becoming “an empty shell”.

Read and decide

Join EUobserver today

Become an expert on Europe

Get instant access to all articles — and 20 years of archives. 14-day free trial.

... or subscribe as a group

  • Should national security interests be accepted as reason to profile citizens? (Photo: printing.com)

He said member states are “undermining the meaning of every article, every paragraph, almost every single comma and full stop in the original proposal.”

Raegan MacDonald, European policy manager at Access, accused the member states of “carving out so many loopholes there’ll soon be nothing left.”

The bill aims to update two-decade old EU data protection laws and create one set of rules across all 28-member states via a legally binding regulation.

First proposed in 2012, the bill has undergone intense lobbying over the years with the European Parliament having adopted its position in March 2014 before passing it onto the co-legislating member states.

MEPs spearheading the bill at the time had to sift through some 4,000 amendments.

Despite the lobbying, parliament’s version was largely seen as an improvement on the privacy protection rights initially proposed by the commission.

Member states have since held protracted internal debates with signs suggesting that Germany is now leading the pack in rolling back key points in the original draft.

Wording in the latest texts dated from the end of February (see here,here, here, and here) show government representatives diluting issues of consent, a number of other rights, and a central oversight and arbitration feature known as the one stop shop.

Marketing

On consent, anyone can authorise a company to process personal details for things like marketing.

However, national governments say that the same company should then also be able to pass on the details to another company – through a “legitimate interest” clause - without the person being informed.

Those companies can then process the data for reasons that are entirely unrelated to the original authorisation.

“If a company you have never heard of can process your data for reasons you've never heard of, what is the point in having data protection legislation,” note the digital advocates in an eight-page analysis of the leaked texts.

Another anomaly is that member states have removed the concept of “explicit consent”, initially proposed by the commission.

Default browser settings may automatically accept cookies, which can be used by advertising websites to track sites visited. According to the leaked texts, a user provides consent to be tracked and profiled, if, for instance, those default browser settings remain untouched.

Other sensitive bits include removing an article that requires people to be informed on “concise, transparent, clear and easily accessible policies” whenever their personal data is being used.

Profiling

They have also reinserted an article, removed by the parliament in their text, that would allow governments to claim national security interests to profile their own citizens.

“This is basically providing a blank cheque to governments which, under various excuses, may start to profile people based on their online political activities,” notes the analysis paper.

On oversight, the commission's plan allows companies to tackle EU-wide data cases through the data chief in the EU country in which they have their HQ, instead of dealing with 28 national regimes.

A single data protection authority would also be responsible for taking legally binding decisions against a firm. Their final decision applies to all other member states.

In case things go wrong, a European Data Protection Board (EDPB) would step in to make sure the rules are applied correctly.

But member states do not like the idea and instead have proposed a more complex arbitration feature that would require the consent of two data protection authorities in some cases. Ministers had already expressed dislike of the dea last December.

EU lawmakers are hoping to enter into negotiations with the member states before the summer in the hope of having the bill passed before the end of the year.

EU ministers back key pillar in data reform bill

Member states on Thursday (4 December) reached a broad consensus on a key area of the EU’s reformed data protection bill but some problems remain for the next EU presidency to resolve.

EU countries to break promise on roaming surcharges

National governments are set to break a promise EU politicians have been making to citizens, by suggesting that roaming surcharges could continue beyond the end of 2015, and adding exceptions to the principle of network neutrality.

EU and US sign law enforcement data pact

EU and US have signed a data protection agreement following 2013 revelations that US security services conduct mass, indiscriminate surveillance on EU citizens.

News in Brief

  1. Macron changes phone after Pegasus spyware revelations
  2. Italy to impose 'vaccinated-only' entry on indoor entertainment
  3. EU 'will not renegotiate' Irish protocol
  4. Brussels migrants end hunger strike
  5. Elderly EU nationals in UK-status limbo after missed deadline
  6. WHO: 11bn doses needed to reach global vaccination target
  7. EU to share 200m Covid vaccine doses by end of 2021
  8. Spain ends outdoor mask-wearing despite surge

Feature

Covid-hit homeless find Xmas relief at Brussels food centre

The Kamiano food distribution centre in Brussels is expecting 20 people every half hour on Christmas Day. For many, Kamiano is also more than that - a support system for those made homeless or impoverished.

Top court finds Hungary and Poland broke EU rules

EU tribunal said Hungary's legislation made it "virtually impossible" to make an asylum application. Restricting access to international protection procedure is a violation of EU rules.

Stakeholders' Highlights

  1. Nordic Council of MinistersNineteen demands by Nordic young people to save biodiversity
  2. Nordic Council of MinistersSustainable public procurement is an effective way to achieve global goals
  3. Nordic Council of MinistersNordic Council enters into formal relations with European Parliament
  4. Nordic Council of MinistersWomen more active in violent extremist circles than first assumed
  5. Nordic Council of MinistersDigitalisation can help us pick up the green pace
  6. Nordic Council of MinistersCOVID19 is a wake-up call in the fight against antibiotic resistance

Latest News

  1. Far left and right MEPs less critical of China and Russia
  2. Why is offshore wind the 'Cinderella' of EU climate policy?
  3. Open letter from 30 embassies ahead of Budapest Pride
  4. Orbán counters EU by calling referendum on anti-LGBTI law
  5. Why aren't EU's CSDP missions working?
  6. Romania most keen to join eurozone
  7. Slovenia risks court over EU anti-graft office
  8. Sweden's gang and gun violence sets politicians bickering

Join EUobserver

Support quality EU news

Join us