Friday

19th Aug 2022

National governments punch holes in EU data protection bill

  • Digital rights campaigners say member states are undermining basic standards in the EU's data protection bill (Photo: nitot)

National governments are unraveling a EU data protection bill for the benefit of big business, according to leaked documents published by pro-privacy campaigners.

Digital rights advocate Joe McNamee at the Brussels-based EDRi on Tuesday (3 March) said the regulation is now at risk of becoming “an empty shell”.

Read and decide

Join EUobserver today

Become an expert on Europe

Get instant access to all articles — and 20 years of archives. 14-day free trial.

... or subscribe as a group

  • Should national security interests be accepted as reason to profile citizens? (Photo: printing.com)

He said member states are “undermining the meaning of every article, every paragraph, almost every single comma and full stop in the original proposal.”

Raegan MacDonald, European policy manager at Access, accused the member states of “carving out so many loopholes there’ll soon be nothing left.”

The bill aims to update two-decade old EU data protection laws and create one set of rules across all 28-member states via a legally binding regulation.

First proposed in 2012, the bill has undergone intense lobbying over the years with the European Parliament having adopted its position in March 2014 before passing it onto the co-legislating member states.

MEPs spearheading the bill at the time had to sift through some 4,000 amendments.

Despite the lobbying, parliament’s version was largely seen as an improvement on the privacy protection rights initially proposed by the commission.

Member states have since held protracted internal debates with signs suggesting that Germany is now leading the pack in rolling back key points in the original draft.

Wording in the latest texts dated from the end of February (see here,here, here, and here) show government representatives diluting issues of consent, a number of other rights, and a central oversight and arbitration feature known as the one stop shop.

Marketing

On consent, anyone can authorise a company to process personal details for things like marketing.

However, national governments say that the same company should then also be able to pass on the details to another company – through a “legitimate interest” clause - without the person being informed.

Those companies can then process the data for reasons that are entirely unrelated to the original authorisation.

“If a company you have never heard of can process your data for reasons you've never heard of, what is the point in having data protection legislation,” note the digital advocates in an eight-page analysis of the leaked texts.

Another anomaly is that member states have removed the concept of “explicit consent”, initially proposed by the commission.

Default browser settings may automatically accept cookies, which can be used by advertising websites to track sites visited. According to the leaked texts, a user provides consent to be tracked and profiled, if, for instance, those default browser settings remain untouched.

Other sensitive bits include removing an article that requires people to be informed on “concise, transparent, clear and easily accessible policies” whenever their personal data is being used.

Profiling

They have also reinserted an article, removed by the parliament in their text, that would allow governments to claim national security interests to profile their own citizens.

“This is basically providing a blank cheque to governments which, under various excuses, may start to profile people based on their online political activities,” notes the analysis paper.

On oversight, the commission's plan allows companies to tackle EU-wide data cases through the data chief in the EU country in which they have their HQ, instead of dealing with 28 national regimes.

A single data protection authority would also be responsible for taking legally binding decisions against a firm. Their final decision applies to all other member states.

In case things go wrong, a European Data Protection Board (EDPB) would step in to make sure the rules are applied correctly.

But member states do not like the idea and instead have proposed a more complex arbitration feature that would require the consent of two data protection authorities in some cases. Ministers had already expressed dislike of the dea last December.

EU lawmakers are hoping to enter into negotiations with the member states before the summer in the hope of having the bill passed before the end of the year.

EU ministers back key pillar in data reform bill

Member states on Thursday (4 December) reached a broad consensus on a key area of the EU’s reformed data protection bill but some problems remain for the next EU presidency to resolve.

EU and US sign law enforcement data pact

EU and US have signed a data protection agreement following 2013 revelations that US security services conduct mass, indiscriminate surveillance on EU citizens.

EU countries to break promise on roaming surcharges

National governments are set to break a promise EU politicians have been making to citizens, by suggesting that roaming surcharges could continue beyond the end of 2015, and adding exceptions to the principle of network neutrality.

News in Brief

  1. UN chief meets Zelensky and Erdogan over grain exports
  2. Fighting stalls ahead of UN visit, Ukraine says
  3. German chancellor to face MPs over tax-fraud probe
  4. Norway wealth fund makes record €171bn loss
  5. German utility firm Uniper on 'brink of insolvency'
  6. ECB mulls big interest rate hike amid recession risk
  7. Germany unlikely to hit November gas-storage target
  8. Mali accuses France of arming Islamist fighters

Stakeholders' Highlights

  1. Nordic Council of MinistersNordic prime ministers: “We will deepen co-operation on defence”
  2. EFBWW – EFBH – FETBBConstruction workers can check wages and working conditions in 36 countries
  3. Nordic Council of MinistersNordic and Canadian ministers join forces to combat harmful content online
  4. European Centre for Press and Media FreedomEuropean Anti-SLAPP Conference 2022
  5. Nordic Council of MinistersNordic ministers write to EU about new food labelling
  6. Nordic Council of MinistersEmerging journalists from the Nordics and Canada report the facts of the climate crisis

Latest News

  1. Serbia expects difficult talks with Kosovo at EU meeting
  2. How scary is threat to Ukraine's Zaporizhzhia nuclear plant?
  3. Slovakia's government stares into the abyss
  4. Finland restricts Russian tourist visas
  5. Conditions met for German nuclear extension, officials say
  6. A year of Taliban — only aid is keeping Afghan kids alive
  7. Is this strange summer a moment of change?
  8. Germany rejects visa ban for Russian tourists

Join EUobserver

Support quality EU news

Join us