Wednesday

31st May 2023

  1. News
  2. Rule of Law

National governments punch holes in EU data protection bill

  • Digital rights campaigners say member states are undermining basic standards in the EU's data protection bill (Photo: nitot)

By

National governments are unraveling a EU data protection bill for the benefit of big business, according to leaked documents published by pro-privacy campaigners.

Digital rights advocate Joe McNamee at the Brussels-based EDRi on Tuesday (3 March) said the regulation is now at risk of becoming “an empty shell”.

Read and decide

Join EUobserver today

Become an expert on Europe

Get instant access to all articles — and 20 years of archives. 14-day free trial.

Choose your plan

... or subscribe as a group

Don't miss out on

Our exclusive news stories and investigations. Influential. Investigative. Independent.

Lisbeth Kirk

Why join?

Watch our founder Lisbeth Kirk explain the reasons in this 30-second video.

  • Should national security interests be accepted as reason to profile citizens? (Photo: printing.com)

He said member states are “undermining the meaning of every article, every paragraph, almost every single comma and full stop in the original proposal.”

Raegan MacDonald, European policy manager at Access, accused the member states of “carving out so many loopholes there’ll soon be nothing left.”

The bill aims to update two-decade old EU data protection laws and create one set of rules across all 28-member states via a legally binding regulation.

First proposed in 2012, the bill has undergone intense lobbying over the years with the European Parliament having adopted its position in March 2014 before passing it onto the co-legislating member states.

MEPs spearheading the bill at the time had to sift through some 4,000 amendments.

Despite the lobbying, parliament’s version was largely seen as an improvement on the privacy protection rights initially proposed by the commission.

Member states have since held protracted internal debates with signs suggesting that Germany is now leading the pack in rolling back key points in the original draft.

Wording in the latest texts dated from the end of February (see here,here, here, and here) show government representatives diluting issues of consent, a number of other rights, and a central oversight and arbitration feature known as the one stop shop.

Marketing

On consent, anyone can authorise a company to process personal details for things like marketing.

However, national governments say that the same company should then also be able to pass on the details to another company – through a “legitimate interest” clause - without the person being informed.

Those companies can then process the data for reasons that are entirely unrelated to the original authorisation.

“If a company you have never heard of can process your data for reasons you've never heard of, what is the point in having data protection legislation,” note the digital advocates in an eight-page analysis of the leaked texts.

Another anomaly is that member states have removed the concept of “explicit consent”, initially proposed by the commission.

Default browser settings may automatically accept cookies, which can be used by advertising websites to track sites visited. According to the leaked texts, a user provides consent to be tracked and profiled, if, for instance, those default browser settings remain untouched.

Other sensitive bits include removing an article that requires people to be informed on “concise, transparent, clear and easily accessible policies” whenever their personal data is being used.

Profiling

They have also reinserted an article, removed by the parliament in their text, that would allow governments to claim national security interests to profile their own citizens.

“This is basically providing a blank cheque to governments which, under various excuses, may start to profile people based on their online political activities,” notes the analysis paper.

On oversight, the commission's plan allows companies to tackle EU-wide data cases through the data chief in the EU country in which they have their HQ, instead of dealing with 28 national regimes.

A single data protection authority would also be responsible for taking legally binding decisions against a firm. Their final decision applies to all other member states.

In case things go wrong, a European Data Protection Board (EDPB) would step in to make sure the rules are applied correctly.

But member states do not like the idea and instead have proposed a more complex arbitration feature that would require the consent of two data protection authorities in some cases. Ministers had already expressed dislike of the dea last December.

EU lawmakers are hoping to enter into negotiations with the member states before the summer in the hope of having the bill passed before the end of the year.

PDF

  1. Comparison of the Parliament and Council text on the General Data Protection Regulation

Site Section

  1. Rule of Law

Related stories

  1. EU ministers back key pillar in data reform bill
  2. EU and US sign law enforcement data pact
  3. Data bill enters final leg of state-level talks
  4. German-led moves to weaken EU data bill a 'scandal'
  5. EU countries to break promise on roaming surcharges
EU ministers back key pillar in data reform bill

Member states on Thursday (4 December) reached a broad consensus on a key area of the EU’s reformed data protection bill but some problems remain for the next EU presidency to resolve.

EU and US sign law enforcement data pact

EU and US have signed a data protection agreement following 2013 revelations that US security services conduct mass, indiscriminate surveillance on EU citizens.

EU countries to break promise on roaming surcharges

National governments are set to break a promise EU politicians have been making to citizens, by suggesting that roaming surcharges could continue beyond the end of 2015, and adding exceptions to the principle of network neutrality.

Latest News

  1. Germany unsure if Orbán fit to be 'EU president'
  2. EU Parliament chief given report on MEP abuse 30 weeks before sanction
  3. EU clashes over protection of workers exposed to asbestos
  4. EU to blacklist nine Russians over jailing of dissident
  5. Russia-Ukraine relations the Year After the war
  6. Why creating a new legal class of 'climate refugees' is a bad idea
  7. Equatorial Guinea: a 'tough nut' for the EU
  8. New EU ethics body and Moldova conference This WEEK

Stakeholders' Highlights

  1. International Sustainable Finance CentreJoin CEE Sustainable Finance Summit, 15 – 19 May 2023, high-level event for finance & business
  2. ICLEISeven actionable measures to make food procurement in Europe more sustainable
  3. World BankWorld Bank Report Highlights Role of Human Development for a Successful Green Transition in Europe
  4. Nordic Council of MinistersNordic summit to step up the fight against food loss and waste
  5. Nordic Council of MinistersThink-tank: Strengthen co-operation around tech giants’ influence in the Nordics
  6. EFBWWEFBWW calls for the EC to stop exploitation in subcontracting chains

Stakeholders' Highlights

  1. InformaConnecting Expert Industry-Leaders, Top Suppliers, and Inquiring Buyers all in one space - visit Battery Show Europe.
  2. EFBWWEFBWW and FIEC do not agree to any exemptions to mandatory prior notifications in construction
  3. Nordic Council of MinistersNordic and Baltic ways to prevent gender-based violence
  4. Nordic Council of MinistersCSW67: Economic gender equality now! Nordic ways to close the pension gap
  5. Nordic Council of MinistersCSW67: Pushing back the push-back - Nordic solutions to online gender-based violence
  6. Nordic Council of MinistersCSW67: The Nordics are ready to push for gender equality

Join EUobserver

Support quality EU news

Join us