As the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE) passed the compromise on new European data protection rules with an overwhelming majority (49 yes votes, 1 vote against, 3 abstentions) last October, thus bringing the reform into the three-way negotiations between the parliament, council and commission, many in the media celebrated this vote as a real breakthrough on the data protection front.
In my first blog article on the topic of data protection at the end of October, as an observer of the divided European political landscape and prevailing ambivalence in the EU institutions seen in many of the negotiations, I was already cautious and expected a long and rocky road to the implementation of the “right to be forgotten”. And as the political reality reveals, my restraint unfortunately looks like being well founded.
As a provider of European B2B cloud solutions my company and I of course take an interest in the strengthening of European data protection because it’s the only way to build up the necessary customer trust in autonomous European IT solutions. Clearly defined rules for an improved protection of sensitive personal and economic data on the basis of an EU-wide harmonious legal framework could stimulate the market for information services in Europe and thereby also provide the impulse envisaged by the “Digital Agenda 2020” for stable economic growth and the protection of prosperity.
I can only try and imagine the frame of mind of leading MEP Jan Philipp Albrecht, who now has to experience on the European stage how his almost two year marathon towards shaping new data protection rules on the basis of the lowest common denominators of various particular interests threatens to evolve into a Sisyphean task.
Put a stop to Mephisto’s data!
It was almost symbolic and unavoidably tinged with a hint of irony! The MP of the faction “The Greens/European Free Alliance (EFA)” and European Parliament rapporteur on the new data protection rules made an appeal to the Home and Justice Minister of the European Council on “Krampustag” (http://en.wikipedia.org/wiki/Krampus) of all days, to work out a common standpoint on data protection in their current session under the soon to end Lithuanian council presidency so as to be able to soon safeguard against the “devilish” collecting mania, particularly of the Americans. If there is no agreement on the regulation before the European elections in May 2014, the Silicon Valley lobby will overrun Brussels for another one and a half years, claims Albrecht, who shows understanding for the fact that increasingly clued up citizens will no longer trust the parties responsible for possible failed negotiations during as they go to the polls.
German tactics prevent quick progress
In keeping with Günter Grass’ “The Plebeians Rehearse the Uprising” you can describe the German skirmishing for position regarding data protection as a “German tragedy”. Confidential meeting documents of the council working group on new protection rules passed on to German news magazine “Der Spiegel” show that at council level, which represents the national government, there’s a culture of blocking and a collective political will is difficult to make out. Leading German officials in particular are slamming on the breaks and campaigning to exclude the public sector from the regulation. But this would leave the door open for data accumulation by authorities as they could continue to save and process data without the explicit consent of citizens. The introduction of this special privilege would be a step away from the “Privacy by design” principle designed to limit the extraction of data to the absolute minimum needed for the handling of legal acts and business transactions.
In summer 2013, after publication of the systematic bugging of her mobile phone by the NSA, Chancellor Angela Merkel expressed a very different tone against the US and stood behind France, Italy and Poland’s demands for the data protection reform to be concluded quickly before 2014. According to Spiegel, for the organisation “European Digital Rights” (EDRi) the strategy behind this German change of heart can be easily explained: “The German republic uses the non-transparent working method of the council to take into account the concerns for its own economy regarding stricter data protection regulations. Furthermore, in return for the tactical delaying of the implementation of the regulation the Brits are supposed to have been brought on board as a strong ally for negotiations with the US over a “No Spy” agreement.”
The armada of industry lobbyists against a tougher European data protection framework are also hardly likely to accept defeat after the voting result of the LIBE committee. At most it can be seen as a changeover in a tennis match. The support wave for the interests of an unbridled liberalism is not going to stop now, exactly when the European Parliament in its entirety must find a common position, taking into consideration MPs from other committees such as the advisory ITRE (Industry, Research and Energy) and IMCO (Internal Market and Consumer Protection).
On the internet page “LobbyPlag” – LobbyPlag.eu – a cooperation project by data journalists from “OpenDatenCity Datenfruende UG” in Berlin and the “europe-v-facebook.org” association in Vienna, whose name incidentally derives from the website “GuttenPlag-Wiki” founded by German volunteers, with dissertations from politicians checked for levels of plagiarism, makes the level of influence of lobbyists on the European data protection regulation according to country, party, MEP, law article and amendments request transparent.
The platform stirred up some excitement in Brussels as it was proven that a number of EU MPs were simply copying industry submissions 1:1 (keyword: Lobby/Paste). From the 3,132 entries that were submitted to the commission’s draft and whose incorporation ultimately led to the compromise at the end of October in the LIBE, 943 voted for stricter data protection, 1,236 for a weaker data protection and 953 were neutral. This results in a clear European overview of 293 more entries for a weakening of data protection. Looking at the different countries reveals a clear continent divide: Great Britain and Ireland, the Benelux states of the Netherlands and Belgium, in the Scandinavian countries Denmark, Sweden and Finland, in the Southern European countries Italy and Spain and in Poland, Hungary and Romania were predominantly for weaker data protection, whereas the Germany-France axis together with Portugal, Bulgaria and Greece were pushing for more data protection.
The “Top Ten” for more and less data privacy in Europe demonstrates the deep split in the debate that is particularly visible in Germany. On the “more data privacy” side, Jan Philipp Albrecht is the clear front-runner with a positive balance of 165 – the regulation is more or less his baby. But the “less data privacy” side is also headed by a German, Axel Voss from the EEP (European People’s Party, CDU), who has a negative balance of -151. With this taken into consideration, the voting result from the end of October 2013 is almost a miracle.
The missing European reaction
Conversely, the day after the LIEBE vote, the “Bundesverband Digitale Wirtschaft e.V.” (federal association of digital economy), the central representation of interests lobby of the German digital industry, criticised the draft as not going far enough. The association acknowledged progress through the anchoring of incentive elements for data processing under pseudonym and for the usage of cryptography processes but particularly criticised the lack of courage regarding a future-oriented data policy for profiling and the European helplessness in the establishment of a better protection of personal data against secret service activities. The association argues that otherwise the existing ("Safe Harbour" agreement with the US needs to be reviewed.)
On 19th November 2013 the former Greek foreign minister and current EU MP, shadow rapporteur for the “data protection regulation” and rapporteur for the “directive for the protection of natural persons in the handling of personal data by police and justice authorities” in Brussels, Dimitrios Droutsas, warned that the EU data protection package could fail spectacularly and might have to start from scratch again in 2014.
Science leaves its ivory tower for data protection
Against the backdrop of the current political and specialist struggle in this legislative procedure to find a definitive European position, over 100 leading scientists spoke out even before the LIBE vote in order to clear up a number of the arguments repeatedly voiced by opponents to improved data protection.
Experts from the IT, legal, economic science and business sectors had particular issues with the claim that the proposed regulations would be too strict, impede innovation and disadvantage the European economy in competition with non-European providers.
The opposite would be the case, because as with traffic security, environmental protection and energy policy it’s precisely a well regulated environment that can stimulate and encourage innovation. Across Europe, start-ups have already formed, wanting to offer a better protection for personal data “out-of-the-box”. And security and data protection experts are advising companies to construct and manage their IT systems in a better, more secure way. For scientists it’s clear that this uncertainty concerning the level of data protection in other countries is a significant reason for the economy’s reluctance to implement cloud computing for important business processes.
Digital identities – the capital of our century
In the appeal published on 14th February 2013 in the German weekly newspaper “Die Zeit”, which can be traced back to the German-Austrian initiators Oliver Günther, Gerrit Hornung, Kai Rannenburg, Alexander Roßnagle, Sarah Spiekerman and Michael Waidner, the professors note that the Boston Consulting Group report on “The Value of our Digital Identity” (http://www.libertyglobal.com) also assesses that five out of six of the large usage areas for personal data are very much compatible with the data protection regulation. The consultancy company sees personal data as the key lever for process automation and for the personalisation and improvement of products and services.
The authors argue that companies who manage direct customer relations for the provision of their services can still build upon the consent of their customers as it has long been proved that customers are happy to supply their data in exchange for a valued service. The only business models that need to worry about limitations under an optimised data protection regime are those where business value is based purely on the aggregation and trade of personal data. (http://www.zeit.de).
Europe must show political will now!
The now over 50 year process of merging national states under the legal entity of the European Union and trans-continental peacekeeping has gained Europe global political respect. Many renowned thinkers, also in the US, see the 21st century as dawn of the era for the great old culture continent, which could become a role model for the entire world for sustainable safeguarding of the future with its visions and scientific and technological potential. As the up until now “quiet superpower” the EU needs to be more aware of this privilege and to express its leading role, both internally and when dealing with external states, in solving the most pressing challenges of the network-based knowledge society, with more faith in its own strengths.
The meshing of the EU institutions and the operating principles of the parliament, commission and council, the envy of many foreign democratic states, sometimes prove to be internal barriers to reaching a quick consensus in the most socio-politically relevant fields of action. The data protection regulation is an excellent example for the tedious but worthwhile attempt to limit and reconcile opposing interests. At the level of the leading LIBE committee this process has already born fruits. In the pending three-way negotiations for the passing of the data protection package it’s essentially about the efforts of each European ethos, based on the entire union, which makes the EU what it is today. Europe has much experience in discourse and would therefore be predestined to interlock the large social sub-systems of bureaucracy, economy and bourgeoisie and their diverging perspectives on data protection within one collective legal framework so that the state security of public order, the trust of citizens in the use of modern media and the innovation power of the economy for the future shaping of new innovation technologies can further develop in parallel. In addition, this case can once again prove that in important matters Europe can overcome national sensitivities for a greater good.
Europe must now resolutely show this political will and cannot afford to be complacent in the face of making every effort to adopt of a clear, common position on data protection. Even if a great deal has been set in motion in the months following the Snowden revelations in summer 2013, both on the political world stage and in economic dialogue with America, the EU must not falsely interpret the current pro-activeness of the US internet giants.
Apple, Facebook, Microsoft, Google, Twitter, AOL, Yahoo and LinkedIn, as rationally analysing market leaders of the global internet, have quickly recognised the seriousness of the situation and must reckon with considerable falls in business due to the loss of trust of their customers caused by the massive espionage activities of their national secret service. That is why they are launching a large scale campaign with a transparent catalogue of demands for their own government as a counter offensive. This self-recognition should be welcomed from a European point of view but it shouldn’t be assumed that these web giants are therefore simply going to give up their existing market positions in Europe. The EU shouldn’t deceive itself – the lobbying against an improved and refined data protection regulation will be continued vigorously in the coming months. Europe must take its own steps. The “Marktortprinzip” (effects doctrine) contained in the draft, which would force American and other foreign companies to be subject to European internet law and the envisaged sanctions regime in case of infringement of these legal foundations, are indispensable if Europe wants to win back its ICT autonomy. If we manage the breakthrough on the data protection front, the US internet industry will realise that the European Union is an equal economic partner. This new self-esteem can also massively spur us on to realise the digital single market and to transform Europe into the most modern and advanced knowledge society by 2020. These arguments are the principles of the negotiation teams looking for a final version of the data protection regulation. As we stand tantalisingly close to a ground-breaking settlement, the outcome will help decide the future of our continent.
In my next blog post I will discuss what toils Brazil has had to endure in order to bring a similar legislative initiative, the Brazilian internet constitution, close to the decision-making chambers of the national congress (federal senate and chamber of MPs).