A major reform of the EU data protection rules has been grinding through the system for over three years now, subject to some of the fiercest lobbying yet seen in Europe. The original European Commission proposal was amended and accepted by the European Parliament in 2014, but leaked documents obtained by the European digital rights group EDRi show that the Council of the EU, which is made up of the member state governments, is trying to sabotage the new rules (pdf):
Since 2012, the European Commission and the European Parliament both have produced a text that, while not being perfect, would greatly benefit citizens and businesses, establishing a common set of rules for the whole EU and guaranteeing high standards for personal data protection. Unfortunately, within the Council of the EU, Member State governments are working to undermine this reform process. For more than three years, the Council has not only failed to show support for this reform and negotiations, but is now proposing modifications to the text that would lower down the existing level of data protection in Europe guaranteed by the Directive 95/46 and even below the standards required to be in line with the EU treaties.
That’s taken from a detailed analysis of the documents by EDRi, Access, Panoptykon Foundation, and Privacy International. It provides a very clear explanation of the five main areas where the Council of the EU is seeking to undermine much of the hard work done over the last two years. Here’s a summary of the issues:
According to the leaked proposals, crucial privacy protections have been drastically undermined, including the right to be asked for consent, the right to know how your data are used and the right to object to your data being used, minimum standards of behaviour for companies exploiting individuals’ data. In several places, the text would not likely pass judicial scrutiny under Europe’s human rights framework.
This is a really disappointing development, and one that might prove hard to undo, as EDRi explains:
The Council is trying to complete its work by the summer, before negotiating with the Parliament on a compromise. Unless something is done urgently, the Council will simply complete its agreement, at which stage only an absolute majority of the European Parliament would be the only way of saving Europe’s data protection reform.
And so the saga of the EU’s new data protection rules continues.