EU fights 'fierce lobbying' to devise data privacy law
WHAT makes Facebook worth $100 billion? In the words of one EU spokesman, "it’s quite simple: Facebook has 850 million users, and it wants to sell their stuff to advertisers. Data is the currency of our age".
While the social network is not selling any individual’s information, its explicit aim is to make advertisements more relevant and personalised than ever before. Now the European Union is seeking a balance between commercial interest and personal privacy.
Viviane Reding, the EU justice commissioner, is hoping that her E-Privacy Directive will offer a solution. She wants to harmonise the rules of all 27 EU member states. At the moment, laws differ significantly between – and sometimes within – countries. The German MEP Axel Voss says that what you can do with a German citizen’s data online differs in the north and the south of the country.
What Europeans will notice first is likely to be a much greater emphasis on telling them what data are being given to companies, whether to Tesco for its Clubcard or to Facebook for social networking.
The aim is to force firms to keep the minimum amount of information about us, to let people have that information back when they want it, and to be able to move it around easily if they need to. If anything goes wrong, authorities and individuals must be told within 24 hours.
“So the person must know when they [data collectors] are giving out data and be transparently informed about what the company [to whom it is given] is going to do with that data,” says Reding. “Consent to that, in clear, plain language, must be given. At the moment, nobody is reading the 50 pages of small print terms and conditions – in future it will have to be in a simple, understandable language so that people know what they are engaging to. But the line of this is very clear: no more 50 pages.”
With citizens routinely offered services from other European countries and America, the need for widespread standards has never been greater. Increased transparency will benefit consumers but the new rules should help businesses too.
Reding claims a single, pan-European policy will save businesses over €2 billion a year and hopes that it will become a gold standard for privacy that other countries, including America, will look towards as they draw up their plans in the future.
Kostas Rossoglou, of the European Consumers Organisation, says that “consumers are sleep-walking in a world without privacy. They do not realise their data is being collected and processed – yet if something goes wrong, say my data gets hacked, surely I should be able to get compensation, just as when I buy something that doesn’t work I can return it.”
He says that the proposals “will have an impact on the practices of a lot of online service providers.”
There are two key additions to the plan, however. Reding says she wants her new regulations to be ambiguous: “This regulation needs to stand for 30 years – it needs to be very clear but imprecise enough that changes in the markets or public opinion can be manoeuvred in the regulation,” she says. “Crazy ideas today, in three or four years will become a very big commercial success; we need to make rules that are capable of adapting themselves to new technologies in the future.
“All these breathtaking possibilities bring about new dangers and the biggest danger is about losing control of your own data.”
The second crucial right that the e-privacy directive adds is the “right to be forgotten”. Matthew Newman, Reding’s spokesman, says it simply aggregates existing rights to get data deleted from servers in a “timely manner”. But he says it also means individual EU information commissioners could arbitrate when, say, a user posts a controversial picture online of someone else and refuses to take it down when the subject asks. If no agreement can be reached, theoretically, the photographer – amateur or professional – could be breaking European law.
But Reding insists: “The right to be forgotten has nothing to do with journalists, nothing to do with the work of bloggers, nothing to do with tweeters – it’s about when you entrust information to a company. Because freedom of expression is very important we have also to take this into account.”
In an age when everyone can claim to be a “citizen journalist”, preserving privacy is tougher than ever. Reding’s aim is to give, say, new job-seekers the right to get embarrassing, five-year-old pictures of university drunkenness taken off the web.
What if those pictures are posted in multiple places by multiple people? Reding implies that Europe can, in some way, change the way the web works and get any content removed. She is nothing if not ambitious.
There are strong interests to reconcile on both sides of the debate but Reding is confident that she has the legislation she wants.
She says: “The lobbying from all sides has been fierce – absolutely fierce. I have not seen such a heavy lobbying operation. But the legislation was on the table on January 25 as I wanted to have it. So much for the efficiency of lobbying.”