EU Data Protection: Proposed Amendments Written by US Lobbyists - Open Enterprise

It's becoming clear that the lobbying around the proposed EU directive on Data Protection is some of the most intense ever seen - some activists have said it's even worse than during ACTA, while on the US side there's mutterings about starting a "trade war" if it's passed in its present form.

Given that pressure to water down protection for our privacy, a key issue is: who is fighting our corner? The obvious answer would be the MEPs, since they are our elected representatives in the European Parliament. Their job is exactly that: to represent and defend us in just these circumstances. And some, like the Green MEP Jan Albrecht, are certainly doing their best, as I noted in a previous column. But what about the rest - what exactly are they up to?

In the past, that would have been an almost impossible question to answer. But thanks to the wonders of modern technology, and the rise of open data that sees all kinds of information made available, it is now possible to piece together a much clearer picture of what exactly our EU representatives are up to.

A new site has been created with the rather unwieldy name of LobbyPlag. Ungainly it may be, but it describes well the shocking truth: that MEPs are proposing amendments to the Data Protection proposal that are taken word for word from the lobbyists. Obviously, what's worrying here is not the plagiarism, but the fact that measures designed to protect the European public are being stripped out and/or watered down by the very people we elected to defend us.

Here, for example, is an important section on profiling. The original version reads:

Every natural person shall have the right not to be subject to a measure which produces legal effects concerning this natural person or significantly affects this natural person, and which is based solely on automated processing intended to evaluate certain personal aspects relating to this natural person or to analyse or predict in particular the natural person's performance at work, economic situation, location, health, personal preferences, reliability or behaviour.

But the American Chamber of Commerce - that well-known European organisation - didn't like that, and wanted it changed to this:

A data subject shall not be subject to a decision which is unfair or discriminatory, and which is based solely on automated processing intended to evaluate certain personal aspects relating to this data subject.

Which is rather different - it strips out an important right. So what text did the MEPs in no less than three committees propose? Why this:

A data subject shall not be subject to a decision which is unfair or discriminatory, and which is based solely on automated processing intended to evaluate certain personal aspects relating to this data subject.

Which just happens to be exactly the same as what the American Chamber of Commerce were demanding.

Here's another telling example, found in an entirely new section from the MEPs, which reads as follows:

The controller is deemed to have fulfilled the obligations set out in paragraph 1 when choosing a processor who has voluntarily self-certified or voluntarily obtained a certification, seal or mark pursuant to Articles 38 or 39 of this Regulation showing the implementation of appropriate standard technical and organizational measures in response to the requirements set out in this Regulation.

This basically makes self-certification sufficient for cloud computing services. So, where did that text come from, one wonders? Well, here's what Amazon suggested on precisely this subject:

The controller is deemed to have fulfilled the obligations set out in paragraph 1 when employing a processor who has voluntarily self-certified or voluntarily obtained a third party certification, seal or mark showing the implementation of appropriate standard technical and organizational measures in response to the requirements set out in this Regulation.

Which, by an amazing coincidence, is practically identical to what the MEPs have decided would be a really good idea.

LobbyPlag provides an interesting breakdown of what percentage of the proposed amendments with content from lobbyists. Here are the figures for UK MEPs, as calculated by the site:

Giles Chichester (giles.chichester@europarl.europa.eu): Amendments with lobby content: 10 of 44 (22.73%)

Malcolm Harbour (malcolm.harbour@europarl.europa.eu): Amendments with lobby content: 14 of 55 (25.45%)

Sajjad Karim (sajjad.karim@europarl.europa.eu): Amendments with lobby content: 13 of 55 (23.64%)

Emma McClarkin (emma.mcclarkin@europarl.europa.eu): Amendments with lobby content: 1 of 8 (12.50%)

Now, unfortunately, none of these MEPs represents me, so I wouldn't be able to contact them. But if there's one of your MEPs there, they have a duty to reply, so perhaps you might drop them an email and ask them why exactly they have proposed amendments that are taken word-for-word, or nearly so, from US companies and lobbyists, and that will harm the EU public and benefit those same US organisations.

You might ask them who exactly they think they represent: you and the other 500 million EU citizens that pay their salary, currently running at around £80,000 per year, or a bunch of extremely rich US companies that are intent on taking away our privacy so that they can get even richer? If you receive any interesting answers, please send them to me - glyn.moody@gmail.com - so that I can share them with readers. I'm sure the explanations will be fascinating.

Follow me @glynmoody on Twitter or identi.ca, and on Google+