By EDRi

The European Union’s data protection package is supposed to achieve two key goals – the protection of citizens’ fundamental right to data protection and privacy and to avoid barriers to trade in the European single market.

Reading some amendments proposed in the European Parliament, one might be forgiven for thinking that the purpose of the proposed legislation is to ensure the privacy of companies – permitting them to secretly make money out of citizens’ data without any fear that citizens will find out about it. A whole range of amendments have been tabled which will make exploitation of your data more easy, while access to information regarding who uses the data, how they are using it, why they are using it and stopping them from using it becomes much more difficult.

For example, the proposed Regulation suggests that companies can award themselves the right to use your data without your permission if it is in their “legitimate interest” to do so. Parliamentarians have proposed that this should be extended to allow companies you have never heard of to use the data for reasons that are not even related to the original purpose of collecting the data. This was the suggestion of the Internal Market and Consumer Protection (sic) Committee (see amendments 70 and 77).

The proposed Regulation says that you should be told if the data are going to be exported outside the European Union. Parliamentarians have proposed amendments deleting this obligation. Amendment 1210 by British Liberal Democrat MEP Sarah Ludford is an example of this.

The Regulation proposes that you should be told if it is obligatory to provide the personal information that businesses are requesting. Parliamentarians have proposed amendments deleting this obligation. Amendment 1220 by British Liberal Democrat MEP Sarah Ludford is an example of this.

The Regulation proposes that, if a company did not obtain your information directly from you, they should indicate where the data came from. Without knowing this, you cannot find the company that is selling your data in order to ask them to stop. Parliamentarians have proposed amendments deleting this obligation. Amendment 1224 by British Liberal Democrat MEP Sarah Ludford is an example of this.

The Regulation proposes that companies should tell you how long they plan to store your data. Parliamentarians have proposed amendments deleting this obligation. Amendment l193 by MEPs Axel Voss (Germany), Seán Kelly (Ireland), Wim van de Camp (Netherlands), Véronique Mathieu-Houillon (France), Kinga Gál (Hungary), Lara Comi (Italy) and Renate Sommer (Germany) is an example of this.

The Regulation proposes that companies provide details of the supervisory authority that you can complain to if your data are abused. Parliamentarians have proposed amendments deleting this obligation. Amendment 1203 by MEPs Axel Voss (Germany), Seán Kelly (Ireland), Wim van de Camp (Netherlands), Véronique Mathieu-Houillon (France), Kinga Gál (Hungary), Lara Comi (Italy), Renate Sommer (Germany) is an example of this.

One minor question remains, if a Regulation on the protection of personal data :
*allows companies to use your data without your consent,
*allows them to pass on your data to third parties without your consent,
*use your data for purposes that are incompatible with the reasons that you gave them your data in the first place,
*allows them to withhold information about where complaints can be made,
*allows them to fail to tell you if the data will be transferred outside the European Union,
*allows them to withhold information about how long they will retain your data or tell you where they obtained your data

… what exactly is the point of a data protection regulation?

And all of these amendments cover just one article in the proposed Regulation. There are 3300 other amendments, many of which are equally destructive of the rest of the proposed legislation.

Visit the “Naked Citizens” website if you agree that this is unacceptable and you want to help us to defend citizens’ rights.