Monday

2nd Oct 2023

National governments punch holes in EU data protection bill

  • Digital rights campaigners say member states are undermining basic standards in the EU's data protection bill (Photo: nitot)

National governments are unraveling a EU data protection bill for the benefit of big business, according to leaked documents published by pro-privacy campaigners.

Digital rights advocate Joe McNamee at the Brussels-based EDRi on Tuesday (3 March) said the regulation is now at risk of becoming “an empty shell”.

Read and decide

Join EUobserver today

Become an expert on Europe

Get instant access to all articles — and 20 years of archives. 14-day free trial.

... or subscribe as a group

  • Should national security interests be accepted as reason to profile citizens? (Photo: printing.com)

He said member states are “undermining the meaning of every article, every paragraph, almost every single comma and full stop in the original proposal.”

Raegan MacDonald, European policy manager at Access, accused the member states of “carving out so many loopholes there’ll soon be nothing left.”

The bill aims to update two-decade old EU data protection laws and create one set of rules across all 28-member states via a legally binding regulation.

First proposed in 2012, the bill has undergone intense lobbying over the years with the European Parliament having adopted its position in March 2014 before passing it onto the co-legislating member states.

MEPs spearheading the bill at the time had to sift through some 4,000 amendments.

Despite the lobbying, parliament’s version was largely seen as an improvement on the privacy protection rights initially proposed by the commission.

Member states have since held protracted internal debates with signs suggesting that Germany is now leading the pack in rolling back key points in the original draft.

Wording in the latest texts dated from the end of February (see here,here, here, and here) show government representatives diluting issues of consent, a number of other rights, and a central oversight and arbitration feature known as the one stop shop.

Marketing

On consent, anyone can authorise a company to process personal details for things like marketing.

However, national governments say that the same company should then also be able to pass on the details to another company – through a “legitimate interest” clause - without the person being informed.

Those companies can then process the data for reasons that are entirely unrelated to the original authorisation.

“If a company you have never heard of can process your data for reasons you've never heard of, what is the point in having data protection legislation,” note the digital advocates in an eight-page analysis of the leaked texts.

Another anomaly is that member states have removed the concept of “explicit consent”, initially proposed by the commission.

Default browser settings may automatically accept cookies, which can be used by advertising websites to track sites visited. According to the leaked texts, a user provides consent to be tracked and profiled, if, for instance, those default browser settings remain untouched.

Other sensitive bits include removing an article that requires people to be informed on “concise, transparent, clear and easily accessible policies” whenever their personal data is being used.

Profiling

They have also reinserted an article, removed by the parliament in their text, that would allow governments to claim national security interests to profile their own citizens.

“This is basically providing a blank cheque to governments which, under various excuses, may start to profile people based on their online political activities,” notes the analysis paper.

On oversight, the commission's plan allows companies to tackle EU-wide data cases through the data chief in the EU country in which they have their HQ, instead of dealing with 28 national regimes.

A single data protection authority would also be responsible for taking legally binding decisions against a firm. Their final decision applies to all other member states.

In case things go wrong, a European Data Protection Board (EDPB) would step in to make sure the rules are applied correctly.

But member states do not like the idea and instead have proposed a more complex arbitration feature that would require the consent of two data protection authorities in some cases. Ministers had already expressed dislike of the dea last December.

EU lawmakers are hoping to enter into negotiations with the member states before the summer in the hope of having the bill passed before the end of the year.

EU ministers back key pillar in data reform bill

Member states on Thursday (4 December) reached a broad consensus on a key area of the EU’s reformed data protection bill but some problems remain for the next EU presidency to resolve.

EU and US sign law enforcement data pact

EU and US have signed a data protection agreement following 2013 revelations that US security services conduct mass, indiscriminate surveillance on EU citizens.

EU countries to break promise on roaming surcharges

National governments are set to break a promise EU politicians have been making to citizens, by suggesting that roaming surcharges could continue beyond the end of 2015, and adding exceptions to the principle of network neutrality.

Column

Will Poles vote for the end of democracy?

International media must make clear that these are not fair, democratic elections. The flawed race should be the story at least as much as the race itself.

Opinion

Orbán's 'revenge law' is an Orwellian crackdown on education

On Tuesday, the Hungarian parliament passed a troubling piece of legislation known by its critics as the 'revenge law', which aims to punish and intimidate teachers who dare to defy Viktor Orbán's regime. This law is a brutally oppressive tool.

Latest News

  1. Slovak's 'illiberal' Fico victory boosts Orban, but faces checks
  2. European Political Community and key media vote This WEEK
  3. Is the ECB sabotaging Europe's Green Deal?
  4. The realists vs idealists Brussels battle on Ukraine's EU accession
  5. EU women promised new dawn under anti-violence pact
  6. Three steps EU can take to halt Azerbaijan's mafia-style bullying
  7. Punish Belarus too for aiding Putin's Ukraine war
  8. Added-value for Russia diamond ban, as G7 and EU prepare sanctions

Stakeholders' Highlights

  1. Nordic Council of MinistersThe Nordic Region is stepping up its efforts to reduce food waste
  2. International Medical Devices Regulators Forum (IMDRF)Join regulators, industry & healthcare experts at the 24th IMDRF session, September 25-26, Berlin. Register by 20 Sept to join in person or online.
  3. UNOPSUNOPS begins works under EU-funded project to repair schools in Ukraine
  4. Georgia Ministry of Foreign AffairsGeorgia effectively prevents sanctions evasion against Russia – confirm EU, UK, USA
  5. International Medical Devices Regulators Forum (IMDRF)Join regulators & industry experts at the 24th IMDRF session- Berlin September 25-26. Register early for discounted hotel rates
  6. Nordic Council of MinistersGlobal interest in the new Nordic Nutrition Recommendations – here are the speakers for the launch

Stakeholders' Highlights

  1. Nordic Council of Ministers20 June: Launch of the new Nordic Nutrition Recommendations
  2. International Sustainable Finance CentreJoin CEE Sustainable Finance Summit, 15 – 19 May 2023, high-level event for finance & business
  3. ICLEISeven actionable measures to make food procurement in Europe more sustainable
  4. World BankWorld Bank Report Highlights Role of Human Development for a Successful Green Transition in Europe
  5. Nordic Council of MinistersNordic summit to step up the fight against food loss and waste
  6. Nordic Council of MinistersThink-tank: Strengthen co-operation around tech giants’ influence in the Nordics

Join EUobserver

Support quality EU news

Join us