In 2012, what would become a four-year process started: the creation of new European data protection rules. The General Data Protection Regulation would replace the existing European Data Protection Directive adopted in 1995 and enhance and harmonise data protection levels across Europe. The result is an influential piece of legislation that touches on the lives of 500 million people and creates the highest regional standard for data protection.
A lobbyist feeding frenzy
With so much at stake, civil society was preparing for strong push-back from companies. But we could never have dreamed just how dead set corporate lobbyists were on undermining citizens’ rights – or the lengths they would go to to achieve their goals. Former European Commissioner Viviane Reding said it was the most aggressive lobbying campaign she had ever encountered. The European Parliament was flooded with the largest lobby offensive in its political history.
Civil society fights back
The European Digital Rights network worked together and continued to fight back. Among other things we had to explain that data leaks are dangerous and need to be reported, and that it’s not acceptable to track and profile people without their consent. We were up against the combined resources of the largest multinational corporations and data-hungry governments, but we also had two things in our favor: the rapporteur Jan Philipp Albrecht and his team were adamant about safeguarding civil rights, and in 2013 the Snowden-revelations made politicians more keen on doing the same. Against all odds, we prevailed!
GDPR isn’t perfect, but it is a way forward
The General Data Protection Regulation that was adopted in 2016, and will be enforced starting May 25th, is far from perfect. As we pointed out in 2015, we did however manage to save “the essential elements of data protection in Europe”, and now have a tool with which to hold companies and governments using your data to account. We are committed to doing just that. We will continue to fight for your privacy, speak out when and where it is necessary and help you do the same.
EU Data Protection Package – Lacking ambition but saving the basics (17.12.2015)
EDRi GDPR document pool
(Contribution by Evelyn Austin, EDRi member Bits of Freedom, the Netherlands)