Exclusive: US officials try to alter and delay EU data privacy reform, sources tell TechWeekEurope, but Commission stands firm
The US government has shocked the European Commission with its level of lobbying on the latter’s plans to overhaul the continent’s data privacy laws, but the commission is not wavering on even the most controversial aspects of its plans, TechWeekEurope understands.
The EC is trying to update privacy laws first made in 1995 and, somewhat confusingly, has proposed a fresh regulation and a directive. If the regulation is passed, European states will have to enact the regulation in their laws, while they have the option to adjust the language of the directive.
The EC’s proposed provisions include a “right to be forgotten”, which establishes citizens’ right to have their data deleted from the Internet, as well as significantly larger fines for cases where data is mishandled. However, these proposals have attracted scorn from some directions, including American firms, and the US government.
TechWeekEurope previously revealed that Facebook and the US Chamber of Commerce, backed by the US government, have been actively seeking to persuade the Commission to ditch certain aspects of the planned laws.
Facebook in particular has strong objections to the right to be forgotten, claiming it “raises many concerns with regard to the right of others to remember and to freedom of expression”. Facebook would much rather people didn’t delete data from the site, partly because that information allows for more targeted ads on the site – a chief source of the company’s revenue.
US ‘wanted to delay data privacy reform’
The US government has now gone even further than those two American behemoths. According to sources within the Commission, the US was in direct contact with members of the commission as soon as the proposals were drawn up, and now wants to delay the reforms.
US officials sent briefing materials to director generals of the EC during what is known as Interservice Consultation – a procedure “normally purely internal to the Commission, which takes place before Commissioners take a political decision on a proposal”, sources told TechWeekEurope.
“The Commission’s political level – the 27 Commissioners – did not allow the lobbying to interfere with the proposals. Calls for postponing the reform substantially or for lowering its level of ambition were rejected,” they added.
“The strong interest in the US on our reform proposals confirms that Europe is the world player and standard setting in the field of data protection regulation. What Europe does will sooner or later be followed by other continents. It is a sign that in the field of data protection, Europe is already a super power.”
Despite rumours that the right to be forgotten was going to be scrapped, the sources said it was already enshrined in existing rules, but the new regulations would “further clarify this right”.
As for the additional fining powers, which would allow data privacy watchdogs like the UK’s Information Commissioner’s Office (ICO) to fine companies as much as two percent of their annual turnover for a breach of the law, the EC is also standing firm.
In a speech yesterday, Viviane Reding, EU justice commissioner, said tough fines were needed. “If we have weak sanctions, then it weakens the one-stop-shop, it weakens the consistency mechanism and it weakens the ability of businesses to operate in the digital single market,” Reding said. “Promoting growth requires a robust administrative sanction system.”
Onlookers remain concerned at the level of US input, from both public and private organisations, however. Many are calling on European member states to join the Commission in taking a hard line.
“The scale of lobbying by the US government and corporations is extreme. Data privacy in the USA is largely unregulated, and general rights are only given through terms and conditions,” Jim Killock, executive director of the Open Rights Group, told TechWeekEurope.
“There is a huge incentive for the US and companies like Facebook, Yahoo and Google to reduce the rights of UK citizens by trying to water down the regulation. What we need is for the British government to stand up for our citizens, and argue for user control of their data, instead trying to limit the proposal as much as possible.”
In the UK, MPs and Lords of the Justice Committee said the EU needed to “go back to the drawing board” and “devise a regime which is much less prescriptive”.
The actual laws won’t come into being until 2015 at the earliest. But it appears a war over data privacy, with the Commission on one side and heavyweights in both government and private sector spheres on the other, is heating up.
Are you a security expert? Find out with our quiz!