Europe’s planned new data protection law has been “mangled” by the Council of the European Union, according to the IT news source, The Register. Have ministers yielded to pressure from ISPs, big internet companies and security services to water down the original rules, which were designed to safeguard the personal information of EU citizens when in the hands of government and big business?
It’s probably impossible to tell at this stage. But the latest draft of the proposed new law, which was obtained and leaked by a group of digital rights activists, suggests that the Council has put forward a raft of changes that favour big business and government rather than the individual citizen. As Register journalist, Jennifer Baker puts it:
“The one-stop-shop law, which was supposed to simplify citizens’ right to redress if their privacy had been breached, has been mangled by the council, and now resembles a tri-part-multi-stop-hyper-market of legislation.”
The four civil liberties groups behind the leak (Access, EDRi, the Panoptykon Foundation and Privacy International) claim that a number of the Council’s proposals “gut data protection of all meaning,”
In a statement, they cite a suggestion from the Council that default internet browser settings should be taken as consent for being profiled and tracked online. The least savvy net users, they claim, will “sleepwalk into web surveillance by advertising networks” unless they work out how to dig into their browser settings and disable tracking.
The draft also removes the possibility of group or class action lawsuits in the event of sensitive personal details being leaked. Campaigners will also be required to challenge businesses they believe are breaching privacy protections via regulators rather than through the courts (some ministers also apparently want to see the fines imposed on companies who breach the rules significantly lowered).
Not only that, but the new draft (which is not a final document) proposes that a company may process people’s personal records if it can show a “legitimate interest” in so doing – a term so broad as to effectively let big businesses capture and analyse any and all the information they desire on EU citizens.
Minsters are scheduled to agree a common position before mid-year. But some national ministers appear to be very much at odds with the notion of privacy.