Ireland in top three EU countries for undermining data privacy

Ireland is one of the EU’s top three offenders for undermining data privacy rules, according to an analysis of leaked Brussels documents.

Justice minister France Fitzgerald and her ministry have been awarded third place after Germany and the UK by the lobbyplag.eu collective for tabling changes the groups claims will weaken user privacy rights in the EU’s new data protection regulation.

After studying 11,000 pages of classified documents, the group said just one of Ireland’s 34 tabled changes to the new EU data regulation improved privacy. But the lobbyplag.eu team said they were surprised by the worst offender, which knocked the UK and Ireland into places two and three respectively.

“The country with the support for the most negative changes may be a surprise to many: Germany,” it noted.

According to lobbyplag.eu, German interior minister Thomas de Maizière’s officials have tabled a total of 62 amendments to weaken privacy provisions and just 11 to strengthen privacy rights.

Amendments In second place was the UK with 49 amendments watering down privacy, in the view of the data analysis team, and just two pro-privacy proposals,.

Since 2012 EU institutions have worked to update 1995 data privacy laws. Following proposals from the European Commission and then the European Parliament, the member states have been negotiating their own proposals for three years behind closed doors in the European Council.

Lobbyplag.eu says the leaked drafts expose an opaque process of horse-trading, with considerable industry lobbying going on via EU capitals.

It analysed all changes in three crucial chapters of the council’s regulation draft and claims that 132 of 151 changes – or 87 per cent – would lower privacy standards. More than a quarter – 40 changes in total – could result in protection lower than the current 1995 standard. Just 19 proposals, (13 per cent) would result in more protection, the group claims.

One of the hundreds of amendments backed by Ireland appears to water down when data collectors must delete user data, in particular data collected when the user was a child.

Germany and Ireland, for instance, have proposed deleting the obligation of data collectors to erase user data “when the storage period consented to has expired”.

Ireland appears to support removing an article that “respect(s) the essence of the right to the protection of personal data”. The proposed replacement would allow a seemingly broader user data collection, “carried out in the public interest”.

Ireland is also involved in amendments permitting “profiling” of users via their data. Lobbyplag.eu fears this would remove limits on collating of user data and open the door to deep analysis of data.

For the data analysts, however, the most striking player in the data regulation negotiations is Germany – with a vast gulf between its public promises to defend user privacy and private actions undermining the same.

In 500 pages of German diplomatic cables, also leaked to lobbyplag.eu, Germany makes the case for loosening existing data collection principles. In particular Berlin favours abolishing provisions allowing personal data collection for “specified and explicit purposes” with further use under only “strict conditions”.

Changes Changes proposed by Germany, privacy campaigners complain, could allow user data collected by one company or body for one purpose to be passed onto another company for another purpose without seeking the user's explicit consent.

In talks, Germany is pushing for unlimited storage of data and for “further transmission” of EU user data. Assisting in this push is its proposal to alter the current philosophy of data protection - the “minimum necessary” approach – to a new philosophy that data collection is “not excessive”.

Throughout the negotiations in Brussels, particularly since the Edward Snowden revelations Berlin has insisted in public it would not agree to EU privacy measures lower than its own standards.

The lobbyplag.eu research indicates, however, that Germany is the most energetic in tabling motions to protect the rights of direct marketing and credit scoring companies to collate data from various sources – and pass it on to third parties.

According to the lobbyplag.eu analysis, the European Commission, Hungary and Austria seem to be resisting pressure from other member state to lower privacy standards, while other countries such as Greece Croatia and Bulgaria have remained mostly silent.

Method for analysis of documents

The group analysed council proposals in recent leaked draft documents from the European Council and compared them to the European Commission privacy regulation draft from 2012.

The council amendment was considered as lowering privacy standards if it offered companies limits or exceptions to privacy rules, or proposed new provisions for data processing.

Also viewed negatively were proposed exemptions for privacy duties to citizens, as well as ambiguous wording, unclear concepts or amendments to allow easier data transfer with non-EU countries.

The lobbyplag.eu group viewed as privacy-enhancing any proposals in the EU council documents to remove privacy exemptions or lower the threshold or reduce the number of reasons for data collection.

The team admits their analysis of 11,000 pages of documents is not perfect. It reviewed only the three negotiating chapters it found most crucal to talks. It admitted, too, that “not every limitation of the right to privacy is bad (and) not every additional right is good”.

Finally, the team said it was only able to document official interventions by member states, but noted that many other changes are proposed unofficially “in emails or talks that are not reflected in the documents