The lobby-tomy 9: Lessons of the lobby

By EDRi · September 7, 2016

The new European privacy law was a feast for lobbyists, but how did the Dutch government deal with all that information? And is lobbying bad?

The new European data protection regulation is the most lobbied piece of legislation ever because the subject is very important and touches upon almost every aspect of our daily lives. Therefore EDRi member Bits of Freedom used the Dutch freedom of information act to ask the government to publicise all the lobby documents they received on this new law. These documents were published on the Bits of Freedom website, with analysis, in a series of blogs. What parties lobby? What do they want? What does that mean for you? These nine articles are now translated into English for the EDRi-gram. In the previous blogs you’ve been able to read about the privacy lobby: what parties lobbied, what they lobbied about, and what kind of arguments they used. This is part 9.

What will the Netherlands do?

The question that quickly arises is, “What was the attitude of the Netherlands?” There’s no simple answer. In the parliamentary papers there are letters from the government in which the state secretary periodically informed the Dutch parliament about any developments with regards to the negotiations. In a document dealing with data protection, he describes in general terms what has been discussed and what the Dutch position was. Apart from that, Statewatch (a non-profit organisation monitoring the state, justice and home affairs, security and civil liberties in the European Union) occasionally leaked preliminary reports of meetings.

................................................................. Support our work - make a recurrent donation! .................................................................

From state secretary’s letter to the Dutch parliament in 2012, it’s for example clear that the Netherlands strongly supported a risk based approach (as seen in the lobby-tomy 7). This was the most lobbied point of view: in particular when it comes to the obligation to make an “impact assessment” before processing data, and that companies are required to have a data protection officer. About those obligations, the Dutch government says:

“Furthermore, article 22 in principle fully applies to all controllers, which includes small entrepreneurs and even in some circumstances to individual citizens. It will create a higher burden on supervisory authorities. A risk based approach would have been better.

Apart from that, according to a letter to the Dutch parliament from 2014, the Netherlands wanted to make it easier to process health data. This is justified by it’s importance for research. Many lobby letters were sent to the Dutch government on this topic, for example by medical research centers (see the lobby-tomy 6). The government also wanted broader exceptions for the processing of health data by other organisations, for example insurance companies. This topic was actively lobbied as well (in the case of anti-fraud, see the lobby-tomy 8).

There are many similarities between the contents of the lobby letters and what the Dutch government proposed. Although the Netherlands claims to be a proponent of strong protections in the field of profiling, they do ask for the a certain degree of flexibility for other forms of automated decision making. Apart from that, the Dutch state secretary argues in the letter to the Dutch parliament that companies should more often have a legitimate interest in cases of “less significant measures” like direct marketing. That means that companies in those cases do not require consent to collect and use data (see the lobby-tomy 4 and lobby-tomy 6).

How successful has the lobby been?

Although there are visible similarities between the lobby letters and the position of the Dutch government, it is difficult to produce evidence for the fact that representatives of the government have listened to lobbyists too much. We simply can’t know what has been said in meetings between government representatives and lobbyists. It’s also difficult to prove a causal link: maybe policymakers had already agreed on a specific position before the lobby letters arrived.

So… Is lobbying bad?

Looking at the amount of legislative texts circulating, being drafted and adapted back and forth, and looking at the amount of invitations for meetings and letters sent to the ministries, it’s clear that lobbying plays a large role in our decision making process. Lobbying is important. However, the revelations of the lobbyplag initiative shocked many.

That’s why we advocate for citizens’ in Brussels too. Lobbying can be very useful. It allows organisations to shed new light or to bring forward a unique problem that hasn’t been considered yet. You can’t expect that everyone shares the same expertise. It can therefore be very important and useful to offer it to policy-makers.

However, there are also worries. Looking at the letters, it’s clear that large companies are over-represented. How can we know that there has been a proper weighing of all the different interests in society? Also, the letters at times contain bad and misleading arguments.

Also, there are transparency issues: this is just the tip of the influence iceberg concerning a long and complicated legislative process. The scale and untransparency of the documents released by lobbyplag shows what is wrong. This can and should be better.

Read all our lobby-tomy blogposts:

Data Protection Lobby-tomy Part 1: Influencing the Dutch government

The lobby-tomy 2: What was the lobbying about?

The lobby-tomy 3: who are lobbying?

The lobby-tomy 4: Innovation is the magic word

The lobby-tomy 5: legal help or political choices?

The lobby-tomy 6: Not in my backyard

The lobby-tomy 7: Not all roads lead to privacy

The lobby-tomy 8: “Anti-fraud” – another magic word

We hope that our lobby-tomy series has given you a useful insider’s view of the lobby process concerning the new European privacy legislation.

(Contribution by Floris Kreiken, EDRi member Bits of Freedom, the Netherlands)