The lobby-tomy 5: legal help or political choices?

By EDRi · April 20, 2016

Is legal help always objective? Writing laws is a complicated process. A frequently used lobby strategy involves offering “legal help” and arguments that promise legal certainty. Parties claim to make no substantive choices for policy makers, but is that really the case?

................................................................. Support our work - make a recurrent donation! .................................................................

The new European data protection regulation is the most lobbied piece of legislation thus far because the subject is very important and touches upon almost every aspect of our daily lives. Therefore Bits of Freedom used the Dutch freedom of information act to ask the government to publicise all the lobby documents they received on this new law. We published these documents on the Bits of Freedom website with our analysis in a series of blogs. What parties lobby? What do they want? What does that mean for you? We have now translated these nine blogs into English for the EDRi-gram. This is part 5.
Drafting legislation is a complicated process, in particular where it concerns laws of this magnitude. An additional issue is that the subject matter is often technical in nature. This means that policy makers actively seek the help of experts. It also means that any offered help is very welcome.

Technical amendments

Parties offer that help happily. The Dutch employers’ federation VNO-NCW offers the Dutch Permanent Representation (perm rep) its expertise in a 76 page letter. The letter contains “technical amendments.” In other words, matters that according to them are not political. It concerns the correct legal articulation of an article, but also other choices: how access request should be answered (“that they should be answered is without question”).
The letter contains a lot of legal fine tuning. For example, the employers’ organisation corrects the point regarding the obligation to provide information to people, explaining that this should happen in “a notice” and not in “a policy” which is written into the regulation. That is a justifiable correction: after all, you’re not sending policies to people, but a notification that contains that policy.

However, it appears choices are made that go one step further than mere legal fine tuning. In one article for example, they edit the text to say that an organization may process information for a legitimate interest or for “that of a third party.” That makes the article much broader in scope. Although they state that this would be a return to the previous privacy directive, it concerns choices that are controversial. They also write that it should be left to organisations themselves how they answer information requests (electronically or not?), but that also exceeds mere legal fine tuning. In yet other articles they talk about diminishing the “burdens” on companies – which frames the issue in very negative terms. Even though this can sometimes be a good thing, it isn’t necessarily neutral.


Techamerica Europe (an organisation which acted on behalf of tech companies with American roots) also offered some clarifications in an email to the perm rep and the ministry of justice. They mention a misunderstanding about profiling, in which they think the intention behind the article hasn’t been addressed properly. The text at the time said that people only have to be informed about profiling if it has a “significant effect” on them and that only then they should be offered an opt-out. This means that the protection of this article grants applies only in limited cases, because of its low threshold. However, they want to change the wording “significant effect” into “severely affects.” This would mean you would only have to offer an opt-out from profiling if it has really severe consequences. This makes the protection offerered by this article much more difficult to apply. About the original text they say:
“We reject this idea, and believe that the intention of the Article is to focus on clearly unfair or discriminatory practices such as the denial of insurance cover.”

Oh really? Many different organisations, including us, would disagree with that. To us, this article is about allowing people to know that personality profiles are being developed about them and allowing them protection from this. Furthermore, it would be difficult to prove “severe consequences” in this context, which would drastically limit the protection the article offers.

Legal certainty

Closely tied to this legal help is the concept of legal certainty. It means you should be able to trust a clear interpretation of the law, instead of encountering surprising interpretations that could cost you either freedom, money, or something else. In other words: legal certainty is important for businesses and citizens alike.

This legal certainty isn’t always there in the regulation. The law aimed to harmonise all privacy legislation in Europe. The current text however has many exceptions allowing the member states of the European Union to regulate areas themselves or allowing the Commission to adopt further clarifying measures (called delegated and implementing acts).

IBM justly addresses some remarks to this in a letter to the ministry of economic affairs:
“The final text must, then, provide for a high degree of legal certainty and predictability. With its [49] delegated and implementing acts, the draft does anything but.”

But IBM extends this legal certainty to the obligations put on businesses.
“Newly proposed obligations are too vague or too complex to be properly understood – or complied with. New constraints on implementation would remove the flexibility European businesses need to innovate and thrive. Nor are IBM’s concerns limited to the information technology sector in which we participate.”
They make a connection between legal certainty and obligations. IBM wants more flexibility. But that would make it more unpredictable for people. How would people be able to tell which obligations apply to companies and whether they stick to those obligations?

Industry lobbying ultimately led to the final text of the General Data Protection Regulation having significantly more national exceptions than the preceding legislation had articles – a case of politicians learning the hard way that lobbyists don’t always know what they want.
It shows that although offering legal help can be necessary, it can also be abused.

To be continued.

Want to continue reading about this? On the Bits of Freedom website, you can find all the lobby documents and the analysis. The next part is about the “not in my backyard” argument.

For the series of blogs and documents, see the Bits of Freedom website

Email VNO-NCW en MKB Nederland to Dutch perm rep (06.03.2013)

Email by TechAmerica Europe to Dutch perm rep (15.01.2014)

Letter by TechAmerica Europe to ministry of justice (14.01.2014)

Letter by IBM to ministry of economic affairs

(Contribution by Floris Kreiken, Bits of Freedom)