Lobby groups take CTRL+V of data protection proposal

By EDRi · February 11, 2013

From Wired to the New York Times, every news platform has been reporting about the massive lobbying efforts against the data protection reform over the past few months. Vice-President of the EU Commission Viviane Reding has stated in the Telegraph that the proposed rules were subject to the most aggressive lobbying she has ever witnessed. Many of these corporate lobbying efforts in Brussels do not simply wish to prevent better data protection rules but rather to weaken already existing standards.

The extent to which industry lobbying is falling on good soil at the Parliament has now been revealed by the initiative Europe vs Facebook. The first Committee opinion (pdf) adopted in the European Parliament is a long list (pdf) of examples of “copy and paste” adoption of proposals from lobbying documents. More information will be soon available on the portal which is collecting text that has been copied & pasted into European legislation.

Parliamentarians in the Internal Market and Consumer Committee (IMCO) have adopted amendments written by Amazon, eBay or the American Chamber of Commerce (AmCham EU) – to the detriment of European citizens and their fundamental rights to privacy and data protection. It has become clear that corporate lobbying is currently replacing European citizens’ voices and manifest concerns.

Here are some examples of the lobbying papers that were copied into the EU Parliament’s opinion:


  • Definition of pseudonymous data: the text adopted by the IMCO Committee allows for much weaker protection for “pseudonymous data” as proposed by the American Chamber of Commerce and the European ISP Association. This broad definition leads to a situation where a lot of problematic data falls out of the scope of data protection rules (Art. 4.3 b).
  • Consent: Amazon and ebay succeeded in having amendments adopted that weaken the notion of “explicit consent”. One amendment indicates that “less explicit” consent is also acceptable, depending on (undefined) “context” (Art. 4,8).
  • Consent: Another amendment deletes a protection ensuring that companies cannot force users to a “freely given” consent to data processing when there is a significant imbalance (Art. 7.4) between the power of the company and the individual.
  • Profiling: According to the wishes of the American Chamber of Commerce, the IMCO Committee has adopted a text replacing the word “profiling” by “automated processing” and restricting the general prohibition to measures that would probably be already illegal – i.e. measures that are unfair and discriminatory.
  • The necessity of independence of the internal Data Protection Officer has been deleted by the Committee in accordance to the wishes of American Chamber of Commerce and the European Banking Federation (Art. 35.7).
  • Sanctions: the Parliamentarians have adopted a text written by the American Chamber of Commerce and DigitalEurope weakening the sanctions for data controllers in the event of abuse of personal data (Art. 79).


“Three for the price of one” lobbying

Many of the largest companies are undertaking a lot of lobbying in their own name, which is what one would expect. However, they are also mobilising their trade associations in order to spread the same message again. Then, as we see with the ironically-named Industry Coalition for Data Protection (pdf), they are making associations of their associations, in order to repeat the same message yet again. One group of companies, three sets of messages.