Sunday

19th Jan 2020

National governments punch holes in EU data protection bill

  • Digital rights campaigners say member states are undermining basic standards in the EU's data protection bill (Photo: nitot)

National governments are unraveling a EU data protection bill for the benefit of big business, according to leaked documents published by pro-privacy campaigners.

Digital rights advocate Joe McNamee at the Brussels-based EDRi on Tuesday (3 March) said the regulation is now at risk of becoming “an empty shell”.

Read and decide

Join EUobserver today

Support quality EU news

Get instant access to all articles — and 20 years of archives. 30-day free trial.

... or join as a group

  • Should national security interests be accepted as reason to profile citizens? (Photo: printing.com)

He said member states are “undermining the meaning of every article, every paragraph, almost every single comma and full stop in the original proposal.”

Raegan MacDonald, European policy manager at Access, accused the member states of “carving out so many loopholes there’ll soon be nothing left.”

The bill aims to update two-decade old EU data protection laws and create one set of rules across all 28-member states via a legally binding regulation.

First proposed in 2012, the bill has undergone intense lobbying over the years with the European Parliament having adopted its position in March 2014 before passing it onto the co-legislating member states.

MEPs spearheading the bill at the time had to sift through some 4,000 amendments.

Despite the lobbying, parliament’s version was largely seen as an improvement on the privacy protection rights initially proposed by the commission.

Member states have since held protracted internal debates with signs suggesting that Germany is now leading the pack in rolling back key points in the original draft.

Wording in the latest texts dated from the end of February (see here,here, here, and here) show government representatives diluting issues of consent, a number of other rights, and a central oversight and arbitration feature known as the one stop shop.

Marketing

On consent, anyone can authorise a company to process personal details for things like marketing.

However, national governments say that the same company should then also be able to pass on the details to another company – through a “legitimate interest” clause - without the person being informed.

Those companies can then process the data for reasons that are entirely unrelated to the original authorisation.

“If a company you have never heard of can process your data for reasons you've never heard of, what is the point in having data protection legislation,” note the digital advocates in an eight-page analysis of the leaked texts.

Another anomaly is that member states have removed the concept of “explicit consent”, initially proposed by the commission.

Default browser settings may automatically accept cookies, which can be used by advertising websites to track sites visited. According to the leaked texts, a user provides consent to be tracked and profiled, if, for instance, those default browser settings remain untouched.

Other sensitive bits include removing an article that requires people to be informed on “concise, transparent, clear and easily accessible policies” whenever their personal data is being used.

Profiling

They have also reinserted an article, removed by the parliament in their text, that would allow governments to claim national security interests to profile their own citizens.

“This is basically providing a blank cheque to governments which, under various excuses, may start to profile people based on their online political activities,” notes the analysis paper.

On oversight, the commission's plan allows companies to tackle EU-wide data cases through the data chief in the EU country in which they have their HQ, instead of dealing with 28 national regimes.

A single data protection authority would also be responsible for taking legally binding decisions against a firm. Their final decision applies to all other member states.

In case things go wrong, a European Data Protection Board (EDPB) would step in to make sure the rules are applied correctly.

But member states do not like the idea and instead have proposed a more complex arbitration feature that would require the consent of two data protection authorities in some cases. Ministers had already expressed dislike of the dea last December.

EU lawmakers are hoping to enter into negotiations with the member states before the summer in the hope of having the bill passed before the end of the year.

EU ministers back key pillar in data reform bill

Member states on Thursday (4 December) reached a broad consensus on a key area of the EU’s reformed data protection bill but some problems remain for the next EU presidency to resolve.

EU countries to break promise on roaming surcharges

National governments are set to break a promise EU politicians have been making to citizens, by suggesting that roaming surcharges could continue beyond the end of 2015, and adding exceptions to the principle of network neutrality.

EU and US sign law enforcement data pact

EU and US have signed a data protection agreement following 2013 revelations that US security services conduct mass, indiscriminate surveillance on EU citizens.

Interview

Cloud of mistrust over Malta's new government

Malta's new government does not look likely to turn it into a normal, law-abiding EU state any time soon, the son of slain journalist Daphne Caruana Galizia has said.

News in Brief

  1. 'No objection in principle' on Huawei cooperation, EU says
  2. French aircraft carrier goes to Middle East amid tensions
  3. EU suggests temporary ban on facial recognition
  4. EU industry cries foul on Chinese restrictions
  5. 'Devil in detail', EU warns on US-China trade deal
  6. Trump threatened EU-tariffs over Iran, Germany confirms
  7. EU trade commissioner warns UK of 'brinkmanship'
  8. Germany strikes coal phase-out deal

European politicians caught with Russian 'fake likes'

Politicians and political parties in Europe have had bots generate fake 'likes', views, and comments to boost their online popularity, in what has been described as outright voter manipulation.

Stakeholders' Highlights

  1. Nordic Council of Ministers40 years of experience have proven its point: Sustainable financing actually works
  2. Nordic Council of MinistersNordic and Baltic ministers paving the way for 5G in the region
  3. Nordic Council of MinistersEarmarked paternity leave – an effective way to change norms
  4. Nordic Council of MinistersNordic Climate Action Weeks in December
  5. UNESDAUNESDA welcomes Nicholas Hodac as new Director General
  6. Nordic Council of MinistersBrussels welcomes Nordic culture

Stakeholders' Highlights

  1. UNESDAUNESDA appoints Nicholas Hodac as Director General
  2. UNESDASoft drinks industry co-signs Circular Plastics Alliance Declaration
  3. FEANIEngineers Europe Advisory Group: Building the engineers of the future
  4. Nordic Council of MinistersNew programme studies infectious diseases and antibiotic resistance
  5. UNESDAUNESDA reduces added sugars 11.9% between 2015-2017
  6. International Partnership for Human RightsEU-Uzbekistan Human Rights Dialogue: EU to raise key fundamental rights issues

Join EUobserver

Support quality EU news

Join us