BT has problems with EU proposals on privacy by design and the right to be forgotten
BT has joined the group of organisations, mostly from the US, lobbying to have EU proposals on privacy watered down, TechWeekEurope has found out. The lobbying is apparently proviing effective, as MEPs have been accused of pandering to lobbyists’ concerns.
A host of US companies, including Amazon, eBay, Facebook and Yahoo, have been huckstering with EU officials, as they seek to amend the draft Data Protection Regulation and Directive outlined by the European Commission last year. An EC official told TechWeek last year that “extreme” US attempts to radically alter the laws were being resisted.
Whilst few British tech companies have been spotted making a noise, BT has sent out a document to parliamentarians in Brussels noting numerous issues with some of the more controversial proposals.
In particular, BT has taken umbrage with the way in which European lawmakers want to inculcate “privacy by design” across technology firms, and is angling to have more freedom to use customer data, and fewer requirements to ask permission first.
For example, BT has proposed a change to Article 23 of the regulation, which would delete the draft proposal that a data controller “shall implement mechanisms for ensuring that, by default, only those personal data are processed which are necessary for each specific purpose of the processing and are especially not collected or retained beyond the minimum necessary for those purposes”.
BT’s suggestions appear to suggest that much of the EC’s wording on privacy by design should be deleted from the final regulation entirely.
Instead, BT wants something more broad and less detailed, “to permit innovative design which accommodates itself to developing technology and the variety of circumstances confronting a [data controller]”.
Privacy by design, whilst “laudable”, should be expressed in “terms of its broad objectives”, BT said. “It should not be dependent on detailed technical implementing measures… Nor is it appropriate for the European Commission to lay down technical standards in this area as these could add substantially to the cost of compliance,” the telecoms giant said.
BT is also hoping for less stringent laws on citizen access to data. It believes people should be able to demand their data from service providers unless it “is not reasonably practical”. BT, as a company that deals with massive amounts of bits and bytes on a daily basis, wants to give greater protection to the data controller than the EC has proposed.
Right to be forgotten? Forget it!
The British firm appeared to be wary of the “right to be forgotten” too, noting that in cases where the privacy of a third party, or “other individual”, was affected by someone trying to access or delete their information, that other person would have to be contacted and grant permission.
“As a multinational company BT handles a large amount of personal data and we welcome the opportunity to engage in constructive dialogue on this draft EU Regulation – both directly and via our association with trade bodies such as the CBI,” BT said in a statement sent to TechWeekEurope.
“We recognise that with technological development there is a need to update the existing law, but any changes must balance the need for innovation and growth with the rights of the individual – whilst avoiding the potential for crippling administration costs.
“To this end BT will continue to engage with all the relevant groups to achieve a workable balance for all.”
Meanwhile, rights groups are up in arms about a vote taken in European Parliament yesterday. the European Parliament’s Industry, Research and Energy Committee (ITRE) voted against another of the regulation’s controversial proposals – that the worst offenders could be fined as much as two percent of annual turnover. MEPs voted in favour of national regulators making the decision on how much to fine instead.
Civil liberties groups believe the MEPs went too far in proposing weakened legislation, and that they were being influenced heavily by corporate interests. It was claimed earlier this month that MEPs, including UK representatives, were copying and pasting large parts of lobbyist documents into their recommendations.
“EU Parliament is succumbing to enormous pressure and misinformation from companies like Google and Amazon through to British Telecom,” said Peter Bradwell, who is in Brussels on behalf of the Open Rights Group.
“The MEPs voted to significantly reduce the control people would have over the use of their data. They have weakened the meaning of consent, narrowed the definition of personal information so certain types have less protection, and opened up a loophole that will allow companies to use data for purposes unrelated to the original collection.
“That would mean companies could pass information on to third parties, who could then use it for purposes unrelated to the originally collection so long as it is in their own ‘legitimate interest’. That completely undermines people’s ability to control how their information is used.”
Two more committees have to vote before Parliament decides what should happen with the draft laws. Negotiations will then be held with EU Council before the final laws are formed.
Are you a security expert? Try our quiz!