European Parliament committees threaten wholesale destruction of privacy and data protection rights


Just over a year ago, vitally important reforms to European privacy and data protection laws were proposed. Now these reforms, which will affect the rights of half a billion Europeans, are being watered down in their passage through various European parliamentary committees as MEPs succumb to an unprecedented industry lobbying onslaught. There is now irrefutable evidence of the impact of this lobbying, thanks to a technology-powered research method comparing corporate lobby documents with the amendments to the draft legislation tabled by individual MEPs.

So is it wrong for elected politicians to copy-paste legislative amendments from lobby papers? Not necessarily; after all, independent organisations representing consumers and citizens, including Privacy International, hope for much the same when they send their suggested changes to MEPs. But politicians need to find the right balance between the needs of Europe plc and those of the consumers and citizens they purport to represent. These needs are inter-dependent, not mutually exclusive; you cannot encourage the development of one without the trust of the other. Equally important, at a time when trust in politicians is at an all-time low, is for our legislators to base their decisions on a range of independent research and expertise.

There are reams of evidence showing the problems that individuals face under the current (woefully outdated) data protection regime – widespread identity theft and fraud, feelings of loss of control over personal data, excessive and disproportionate data collection, ignorance about data rights and data mining technologies, reluctance to engage in e-commerce across borders, poor enforcement of rights and limited possibilities for effective complaints resolution or redress. The risk to companies that do not comply with the law is minimal.
Yet with all this evidence readily available, some European legislators propose to fix these problems by

  • eliminating explicit user consent to personal data collection or sharing;
  • letting corporations share personal data with any other business that has a “legitimate interest” in that data;
  • eliminating the right of people to access their own personal data “in electronic readable, portable format”;
  • disallowing consumer and other groups representing ‘data subjects’ from bringing collective complaints on behalf of individuals; and 
  • lifting all restrictions on individual online profiling, which was restricted in the original proposal.

Thus far only one of the European parliamentary committees has voted and published its final opinion on the Regulation - the committee responsible, inter alia, for “the promotion and protection of the economic interests of consumers”. The opinion, which was adopted with a small majority, is an almost total dismantlement of existing consumer rights to effective data protection. We need to persuade legislators to stop such wholesale rights destruction in its tracks now, which is why Privacy International has teamed with like-minded groups across the EU in the joint Protect Your Data campaign.