In Affirmative Data Protection Revamp Vote, European Parliament Warns U.S. Trade Deal Could be Scrapped
The European Parliament’s overwhelming vote to revamp data protection rules won cheers from consumers and telecom network operators, but jeers from Europe’s digital technology sector, digital rights activists and direct marketers Wednesday. Parliament members (MEPs) approved 621-10 a regulation aimed at strengthening personal data protections in the digital world, and 544-78 a non-binding resolution ending their a six-month probe into NSA mass surveillance. They also passed 371-276 a proposal to improve data privacy in the context of law enforcement and judicial matters. The draft data protection regulation should help Internet users by giving them a right to have personal information erased, setting new limits on profiling and requiring Internet companies seeking to process personal data to obtain freely given, well-informed, explicit consent from users, Parliament said.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
The message was “unequivocal,” said EU Justice, Citizenship and Fundamental Rights Commissioner Viviane Reding. Reform is necessary “and now it is irreversible,” she said. The “shake-up” of data protection rules includes several positive measures, said the BEUC-The European Consumers Organisation. BEUC said they included the fact that all companies targeting users in Europe must abide by the law, and that the legal meaning of “personal data” now includes Internet Protocol addresses. The regulation may be the “beginning of a tilt in balance of control back towards users,” said BEUC Director General Monique Goyens. Billions of euros are made every day using personal data, she said. “Companies must stop seeing consumers as commodities and start seeing them as citizens with legal rights whose trust needs earning again.”
The European Telecommunications Network Operators’ Association said reform of current EU rules is “urgently needed to take account of the new digital context” and create more harmonization and legal certainty. Telecom operators want to ensure that the rules apply to all EU and non-EU players offering services to Europeans; that there is a risk-based approach to privacy legislation; and that red tape for businesses is reduced, ETNO said. Responsible companies must be allowed to “unlock the value of personal data through new digital services that consumers are demanding,” said Executive Board Chairman Luigi Gambardella. In turn, those services will generate growth and jobs, he said.
The Industry Coalition for Data Protection (ICDP) “expressed regret” at the outcome of the vote, saying many of the provisions “reflect an overly prescriptive, ‘freeze-frame’ approach” that will be unworkable in practice and threatens digital innovation and investment while failing to provide meaningful safeguards to individuals. ICDP members include DigitalEurope, the American Chamber of Commerce of the EU, the European Internet Services Providers’ Association, Business Software Alliance and TechAmerica Europe. The adopted text doesn’t strike the right balance between protecting people’s rights and spurring innovation, said DigitalEurope Director General John Higgins.
MEPs approved a “less business-friendly” version of the regulation, said U.K. Direct Marketing Association Executive Director Chris Combemale. “While this is by no means a done-deal, this vote should be ringing alarm bells in the board room of every business that’s involved with one-to-one communications,” he said in a statement. Brands will soon have to work harder to engage with consumers and offer compelling reasons for people to share their personal information, he said.
European Parliament members “finally succeeded in resisting pressure by lobbyists” and rejected their most harmful proposals, but failed to remove the “dangerous concepts” of “legitimate interest” and “pseudonymous data,” said French citizen’s advocacy group La Quadrature du Net. Anybody’s “legitimate interest” can be used as a legal basis to bypass user consent for the processing of their personal data, it said. The adopted report also introduces the misleading idea of “pseudonymous” data favored by technology lobbyists, it said.
The resolution on NSA surveillance warned that parliamentary consent to the EU-U.S. trade and investment partnership could be endangered if blanket mass spying by the NSA doesn’t stop, and asked the EU to suspend the safe-harbor agreement for transfer of personal data to the U.S. and the Terrorist Finance Tracking Program. La Quadrature, however, said the resolution is welcome, but it failed to call for strong political measures to defend citizens’ fundamental rights. The “timid warning” that mass surveillance activities could endanger the Trans-Atlantic Free Trade Agreement is “far too weak,” it said. MEPs don’t understand the amplitude of the damaging effects of mass surveillance on the contemporary world, said La Quadrature co-founder Benjamin Sonntag. By refusing to adopt concrete, effective measures, lawmakers missed the change to affirm their opposition to the massive violation of privacy rights, he said.
The data protection reform package will now go to the next Parliament after the May 22 elections. The proposals still need Council approval, but governments have yet to stake their position, which prompted fury at Tuesday’s plenary debate (CD March 12 p17).