EU Council: Private web data to be protected by…abusers

José Manuel Barroso, President of the EC, received John Kerry, US Secretary of State. In a bilateral working lunch, the EU/US relations were discussed, notably the negotiations of the Transatlantic Trade and Investment Agreement, climate change, visa reciprocity and a data protection agreement.

José Manuel Barroso, President of the EC, received John Kerry, US Secretary of State. In a bilateral working lunch, the EU/US relations were discussed, notably the negotiations of the Transatlantic Trade and Investment Agreement, climate change, visa reciprocity and a data protection agreement.

Protection of citizens and businesses web data is still a pending issue in the European Union and internet companies may, probably legally, sell to marketers names, telephone numbers, mail addresses and consumer profiles including personal details. The existing privacy laws are twenty years old and far from effectively protecting our data from being sold and bought. Obviously there is an urgent need for a new legislation to protect EU citizens’ data. To this effect there is an ongoing discussion in the EU legislative bodies over a provisional text of a proposal for a regulation of the European Parliament and the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation).

Unfortunately every time this proposal is debated in the Council more water is added to it. The European Council of Justice and Home Affairs, discussed last week in Luxembourg on 6 and 7 June 2013 this provisional version of a regulation on the protection of individuals, with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation). The British Justice Secretary, Chris Grayling, noted that the proposal as it was worded in its previous version may damage growth and jobs. Along with him the Dutch Minister for Security and Justice, Ivo Opstelten, added that the rules may cost his country up to €1.1 billion per year.

If the council discusses the draft regulation some more times it is highly possible that citizens may be asked to pay for the protection they receive if any at all. The initial proposal was adopted by the Commission and presented in the Councils on 25 January 2012. The package contained two strong legislative proposals based on Article 16 of the Lisbon Treaty, the new legal basis for data protection measures. Last week the Council discussed key issues on this affair. As usually the Irish Presidency was very happy with the watered down outcome. This time the ministers agreed that the obligations of the web firms should be further diluted. The Irish minister of Justice said “we agreed a risk based approach is followed”.

Who decides what?

In plain English this means the web firms would judge by themselves which case of data abuse or ‘loss’ is risky and only then report it to the competent national authorities. According to the Press release issued by the Council, “Delegations generally welcomed the considerable progress achieved on the draft regulation under the Irish Presidency. On the understanding that no part of the draft regulation can be agreed until the whole text of the regulation is agreed. The Chair indicated that the legislative deliberations should take account of both the interests of citizens and of business, in particular SMEs”.

This time the SMEs are ‘used’ by the Council as a shield against possible criticism that they are letting the core data protection issues to the mercy of web firms. And this on the pretext that the web SMEs cannot afford larger administrative load. Ministers also added that protective action should be further restricted also because it may create additional operational costs to the national authorities. As if sovereign governments aren’t elected and financed by taxpayers to protect society from abuses and threats of any kind.

After that, the last hope that citizens’ data may be effectively protected hinges on the European legislators. The Civil Liberties Committee of the European Parliament will debate on Monday and Tuesday 10 and 11 June this draft legislation on data protection. According to the relevant Press release issued by the Parliament “a proposal for a regulation covering the bulk of personal data processing in the EU, both online and off-line, will be discussed from 16.45 on Monday. A draft directive, concerning data processed in criminal investigations, will be debated from 12.10 on Tuesday”. But let’s elaborate a bit what is at stake.

Data flows

The growing globalisation of data flows, via social networks, cloud computing, search engines, location-based services, etc., arguably increases the risk that people could lose control of their own data. In view of that the European parliamentarians are debating a major overhaul of current EU data protection rules, which aims to put people in control of their personal data and to build trust both in social media and in online shopping and communication in general.

The EU’s current data protection laws date from 1995, before the Internet came into widespread use. Today, 250 million people use the Internet daily in Europe. The new rules will update the principles enshrined in existing legislation and apply them to the new online environment, so as to ensure effective protection of the fundamental right to data protection and improve certainty as to the law for companies.

Unfortunately the 27 EU Justice Ministers seem more prone to protect the interests of the web firms rather than the citizen’s rights. That is why the Council stressed the ‘need’ to reduce the new administrative burden for the web SMEs. Obviously the target is that the interests of the big web companies are best protected and their obligations towards society reduced to the absolute minimum.

What next

According to the EU procedures the final text of this regulation will be decided in trilateral negotiations between the Parliament, the Council and the Commission. Given the large discrepancies of opinion between the Parliament on the one side and the Council and the Commission on the other, it is questionable if the regulation will be adopted within this year. Up to now members of the European Parliament have submitted 4,000 amendments!

In detail, 3,133 amendments were tabled to the proposal for a regulation in the Civil Liberties Committee. Together with the amendments tabled in their opinions by the Industry Committee (417), the Internal Market Committee (226), the Employment Committee (27) and the Legal Affairs Committee (196), they make a total of 3,999 amendments. This is the highest number of amendments ever tabled to a single legislative file in Parliament.

The interest of the web industry on this legislation is directly reflected on the extraordinary number of amendments. Nobody is innocent these days…

Speak your Mind Here

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: