Will MEPs sell out your privacy rights?

Policy makers in the EU are currently considering a ground breaking new privacy law.

It would grant us more control over how our personal information is collected, stored and exploited, and make sure that those who hold our data play by the rules. This proposed Data Protection Regulation, made in the context of a booming trade in personal information, is a major and rare opportunity to give people back more control over their data.

But the proposed Regulation is under severe pressure. And we need your help to convince MEPs to support privacy.

Pretty much the entire UK establishment, most notably the Ministry of Justice and the UK’s Information Commissioner, has decided to come out against the Regulation. Your Ministry of Justice and Information Commissioner are trying to undermine the proposals by pressing for lighter touch regulation.

They are backing an argument pushed by the advertising industry, US tech companies and the US government: giving you control over your data and making sure companies don’t abuse is a costly nuisance to business. This lobbying could end up seriously weakening our privacy and data protection rights.

SomeUK MEPs are no better. As revealed by LobbyPlag.eu, UK MEPs such as Giles Chichester, Sajjad Karim and Malcolm Harbour have put forward amendments that were written by lobbyists for a number of US organisations, including Amazon and the American Chamber of Commerce. That’s already generated interest from both the Telegraph and the Independent.

We’ve produced an analysis of these amendments.

A stronger regulation is much needed. 70% of Europeans are concerned about companies using information for a purpose different to the one it was collected for. The UK was highest at 80%. 74% said their specific consent should be required for personal information to be collected. Another study found that only 14 percent of respondents believe that Internet companies are honest about their use of consumers’ personal data. The current weak regime is not only leading to privacy intrusions – it is damaging trust in online markets.  

The rights put forward in the new Data Protection Regulation are a great start. They would mean you could more easily request data about you; know how it is being used; be told when it is misused; have it deleted. It would be regulation with teeth so companies know that if they break the rules there are consequences. Here’s a our brief guide to the issues.

The Regulation is being considered by committees in the European Parliament now. Civil society groups from across the EU have joined together to campaign on this (see the campaign site.) Your MEPs need to hear from you to make sure they understand people care about their privacy.


What you can do now

If you are in the North West or South West of England please contact your MEPS now. They are voting next week (on Wednesday 20th February) in the Industry, Research and Energy Committee (ITRE). Some of the amendments they have put forward are very damaging, suggesting they will vote to weaken the Regulation.

If you are in theNorth West: please contact your MEP Sajjad Karim:

Party: Conservative
Contact Tel (Brussels): +32(0)2 28 45640
E-mail: sajjad.karim@europarl.europa.eu

If you are in the South West: please contact your MEP Giles Chichester:

Party: Conservative
Contact Tel (Brussels): +32(0)2 28 45296
E-mail: giles.chichester@europarl.europa.eu

See our quick guide to the key issues for more detail on what is at stake.

If you are not in these constituencies, you can find out who your MEP. Contact them and tell them you care about data protection rights and want to see a strong regulation.  You will likely need to contact them again when further votes take place. 

What should I say?

ITRE Committee

If you are contacting Sajjad Karim MEP or Giles Chichester MEP, you can talk about the basic need to support strong data protection rights and highlight that this is an unique opportunity to promote citizens’ rights to privacy and data protection. We have produced a brief guide to the issues.

If you want to go into more detail, there are some specific issues you could address: 

  • The definition of personal data should be broadenough to include data that can ‘single out’ an individual, not just identify them.

Just because data are not linked to a name does not mean that they are not personal data. It is becoming increasingly possible to identify a person using less and less data, or to “re-identify” someone from data previously considered anonymous.

So we support amendment 323, which takes into account the notion of ‘singling out’. But amendments excluding ‘anonymous’ or ‘pseudonymous’ data weaken the definition. Truly anonymous data is excluded, by definition, by Article 4 (1). However, ‘anonymised’ data is rarely if ever such. “De-anonymisation” is increasingly recognised as impossible.

  • Consent must be explicit, informed and freely given.

Amendments that undermine this significantly weaken the Regulation and undermine the principle that people should be given more control over what happens to their personal information.

So we would like to see amendment 198 rejected because it waters down the notion of consent and proposes to change ‘explicit’ to ‘unambiguous’ consent.“Explicit” needs to be kept in the text! We need to defend the right to say yes or no to the collection of our data.

  • The ‘legitimate interest’ provision means businesses can get away with all sorts of processing without people’s consent, offering a convenient loophole for abusive or excessive processing.

We would like to see amendments that restrict this to exceptional circumstances. Amendments that extend this further, for instance to third parties, would be particularly damaging and should be rejected.

  • Data portability should be supported, as it gives people meaningful control over their data, helps them avoid ‘lock in’ to particular services and drive competition.

So we would like to see amendments 501 & 502 rejected as they undermine this opportunity. The UK Government are actively promoting the MiData initiative in the UK – it makes no sense to reject this in the EU. Citizens’ right to choose the best company and not be locked-in to services must be supported.

  • We need stronger controls over profiling. Through the information they give away, people are being ‘mapped’ and their profiles evaluated, analysed and used to predict behaviour. That influences how they are treated. People need the right to know about and object to profiling in all its forms. That is especially important for sensitive information such as health data.

We do not support amendments which weaken the controls over profiling. Amendment 538 should be supported since we need increased protection with regard to profiling.

  • Those who hold and use data must be held accountable. 

So, for example, we support amendments 673 and 675 because that would help make sure that data breaches are reported and not, as EDRi put it, “swept under the rug”.

For more information on what this vote in ITRE is about, see the campaign site put together by EDRi.

For full details of the Regulation, see the EDRi site www.protectmydata.eu


More Background

What is being proposed?

The Regulation, proposed in January 2012, would give you more control over your personal information and help make sure businesses that handle data play by the rules. It strengthens the right to consent to data collection and processing; it would give you stronger rights to access your data and have it deleted; and it would make sure companies are more accountable for their mistakes or abuses when handling personal information. It is a badly needed update to the existing, weak law.

What is happening now?

The proposed Regulation is currently being looked at by a number of Committees in the European Parliament. The ‘lead’ Committee is the Civil Liberties, Justice and Home Affairs Committee (LIBE). They will write an opinion that includes suggested changes to the Regulation. That will influence the final big vote in the European Parliament later in the year. The LIBE Committee have to take into account the opinion of several other Committees when they write their report. That means the votes in the other Committees are really important.

What is the problem?

The Regulation is coming under sustained lobbying attack from technology companies, the US Government, the ad industry, the UK Government and even the UK’s Information Commissioner. They are all suggesting changes that would undermine your control over your personal information and weaken the obligations on the people who collect and use it.

A number of ‘amendments’ to the law that have been written by industry lobbyists. Lots of the amendments that the Committee will vote on would make the Regulation significantly weaker. We need to make sure the MEPs understand people care about this issue, and that they should be supporting their constituents.

Fr more, see our guide to the issues. EDRi have put together a comprehensive overview of the Regulation.

If you need more information please get in touch with Peter Bradwell: peter@openrightsgroup.org