The Closing of the Net  "original and valuable"  Times Higher Education

The European Parliament  today adopted a data protection package  that is being described as 'historic' and monumental'.  The new EU measures  update data protection rules for the era of the Internet and social media, including the use of data by  police  and law enforcement. The hot buttons have been the transfer of data outside the EU – especially to the United States -  and how the large digital corporations may exploit data for commercial purposes. For whose benefit is this law and how should we regard it?

The main part of the package is the General Data Protection Regulation, that has been shepherded theough the European Parliament by the German MEP Jan-Philipp Albrecht. The Regulation has gained the support of all political groups, and of the Council of Ministers, meaning that was adopted  without opposition. This cross-party and cross-country consensus reflects an achievement by Mr Albrecht,  who had a  very tough role in getting there.

The new measures  will apply from 2018 and all 28 member states will be subject to the same data protection rules.   Changes were  necessary because the current law was devised in an era when the Internet was just an emerging technology, and notion of analysing billions of pieces of data or automated profiling individuals by their location and spending habits had not yet been invented. The updates  address issues such as  data profiling techniques and so-called 'big data' processing,

Nevertheless, anyone listening to the  debate in the European Parliament  that took place yesterday  may have been struck by the apparent contradictions.  There were  claims that the law will  give individuals more control over their data and in that way it would do more to protect  privacy. In particular, provisions on data portability will   allow people to take their data from one service provider  to another, and  to get more information on how their data is processed.

There were also claims that the new law will  be 'a market  opener',  providing  legal certainty for business. One law for one continent. A “sensible”  compromise.  MEPs said that 'data is the new currency' and that this law is a plank in the creation of   the digital single market.  

This contractiction highlights the paradox of privacy law, and especially data protection. It is positioned as a law to protect the privacy of individuals whereas it is actually about protecting the industries that rely on the processing of data.

Data protection law  is an  essential cornerstone  of privacy law,  and as individual citizens we look to it to protect some of our most private information. However, from the viewpoint of those industries  for whom data is the new currency, it takes on a totally different aspect. To them, data protection law is about their liability exposure and about their ability to run a business and make profit.

It is precisely because 'data is the new currency' that  the Data Protection Regulation  attacted a  massive and co-ordinated lobbying campaign   -  probably the largest lobbying campaign that I have witnessed in nearly 10 years following European Parliament matters ( See The Closing of the Net ) .

That is why the issue of transferring data outside the EU was eEspecially controversial, because it sits at the nexus of commercial interest and individual privacy protection. This matter rumbles on with the so-called Privacy Shield agreement between the EU and the US. Mostly the political debate has been dominated by the  Google, Facebook and other US-based corporations. They  were concerned  because they transfer data to their data centres in the US on a daily basis, and potential changes to EU law would render their activity illegal.  Bubbling under was of course, the ability of the US intelligence services to process the data of EU citizens for other reasons.

The Privacy Shield does seem to be a misnomer. It  has a set of get-out exceptions that seem to render it more  privacy sieve than shield. The European Commission's own advisers, in the form of the Article 29 Working Party, yesterday made public their objections to it:

Key data protection principles as outlined in European law are not reflected “ and “the representations of the U.S. Office of the Director of National Intelligence (ODNI) do not provide sufficient details in order to exclude massive and indiscriminate collection of personal data originating from the EU”.

In response, Justice Commissioner Jourova, speaking in the European Parliament yesterday,  said that she would address their concerns. The political question is  whether she can convince her US colleagues to make any changes.

The other part of the data protection package contained a new directive covering the use of personal databy  law enforcement and police. It  addresses  the requirement  for law enforcement authorities to  process  and share data as part of criminal investigations.  This directive has also obtained the full support of all party groups and of the Member States, and it too was adopted without opposition.

A third piece of legislation addressing privacy matters  was also adopted.  This is the directive on pasenger name records,   a law that deals with  the collection of airline passenger data.   This law is more controversial, with  disagreement between MEPs in the dominant EPP group, and the smaller Green and Liberal groups, concerning the necessity for the mass collection of these records.  

Note that the legislation adopted  today  was the Council's position, which was agreed last December by all three EU institutions: European Parliament, Commission and Council of Ministers. See  Recommendation for Second Reading.

---

For the back story to today's vote, and more on the trans-atalantic data transfer issues, see my new book The Closing of the Net, now available from Polity Press.Here's what the Times Higher Education had to say about it: "In one of the book’s best chapters, Horten’s description of the lobbying process surrounding data protection reform in the European Union shows how lobbyists work in practice – and it is a cautionary tale."

 ---

This is an original article from Iptegrity.com and reflects research that I have carried out. If you refer to it, please cite my name as the author, and provide a link back to iptegrity.com. Media and Academics – please cite as Monica Horten, 2016,  EU 'historic' data protection rules highlight privacy paradox    in Iptegrity.com, 14 April  2016. Commercial users - please contact me.

If you like this article, you might also like my latest book The Closing of the Net which discusses corporate influences over EU policy. It has three chapters on privacy policy including the back story to the EU data retention directive, with a singular lesson for today's legislators. 


 

 

 

 

 

 

The Copyright Enforcement Enigma tells the story of the 2009 Telecoms Package and how the copyright industries tried to hijack it.

'accurate and absorbing account of the story of the Telecoms Package' -Journal of International Commercial Law and Technology

'...a must read for those interested in knowing in depth about copyright enforcement and Internet.' -Journal of Intellectual Property Rights.  

Read more  

Ask your library to get it!

Order direct from the publisher.

Go to   Amazon

Copyright Enforcement Enigma launch, March 2012

European Parliament launch for Copyright Enforcement Enigma

Don't miss Iptegrity! Iptegrity.com  RSS/ Bookmark      

Iptegrity.com is the website of Dr Monica Horten, European expert on Internet policy and Visiting Fellow at the London School of Economics & Political Science. She is an independent expert on the Council of Europe Committee on Cross-border flow of Internet traffic and Internet freedom (MSI-INT). She was shortlisted for The Guardian Open Internet Poll 2012. Iptegrity  offers expert insights into Internet policy. Iptegrity has a core readership in the Brussels policy community, and has been cited in the media. Please acknowledge Iptegrity when you cite or link.  For more, see IP politics with integrity

Iptegrity.com is made available free of charge for  non-commercial use, Please link-back & attribute Monica Horten. Thank you for respecting this.

Contact  me to use  iptegrity content for commercial purposes