Blog Post

Sorry, lobbyists! Europe’s post-Snowden privacy reform gets a major boost

Stay on Top of Enterprise Technology Trends

Get updates impacting your industry from our GigaOm Research Community
Join the Community!

Tough times loom for U.S. cloud companies selling into Europe. On Monday, the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs voted overwhelmingly in favor of toughening up the EU’s privacy regime.

The EU’s new Data Protection Regulation has been crawling through the European legislative process for more than a year and a half now, and it began as quite a strident proposal for boosting Europeans’ privacy. Then the U.S. corporate lobbying machine sprang to life, gutting key aspects of the new legislation.

And then Edward Snowden leaked the NSA documents, showing the world how the U.S. is subverting web services from Google(s goog) to Microsoft(s msft) in order to spy on everyone, including those in Europe.

Following months of revelations, and on the same day that France heard its citizens’ phone calls were being reportedly recorded en masse by the Americans, the Parliament’s committee gave a resounding thumbs-up to every single amendment proposed by industrious German Green MEP Jan Phillip Albrecht (pictured above).

Now, this was only a committee vote – this stuff will only go before the European Parliament for a full plenary vote in April 2014, ahead of the parliament’s elections. There will probably be quite a few further amendments made before then, so lots of fun lies ahead.

However, Monday’s vote represented a pretty stunning turnaround for the legislation, and one that should explain why the online ad industry is so mad at the NSA. Here’s a quick run-down of Albrecht’s best bits:

  • Users have a right to have their online data deleted, and providers also have to explain very clearly what they do with data, and hand it over to the user when asked.
  • No tracking people when they’ve not consented to being traced. Also, terms of use must be clear.
  • “Users should receive understandable information on how their own data are being processed or if the provider has transferred data to public prosecution authorities or intelligence services.”
  • Here’s the real post-Snowden bit: Providers cannot transfer Europeans’ data to third-party (e.g. U.S.) authorities, except under European law. This reverses changes made after secretive lobbying by the U.S. government but, as the U.S. will continue to demand this data under the Patriot Act, this will leave Google etc in a very sticky spot indeed.
  • All identifying data – even that which can be extrapolated out of “big data” – must be protected. Pseudonymized data is to be encouraged.
  • Big sanctions for naughty companies, potentially in the billions of euros. Right now, the EU has a patchwork of nation-based data protection law and the kind of fines Google would laugh off.
  • Privacy by design, including the minimization of data collection, is to be encouraged.
  • Companies should have data protection officers if they process lots of data, not just because they’re big.

I’ll give the last word to Albrecht, seeing as this is very much his day:

8 Responses to “Sorry, lobbyists! Europe’s post-Snowden privacy reform gets a major boost”

  1. ReggieRoning

    I don’t know how you can think that this isn’t going to help at all. All these measures will give the people a false sense of security. The reality will be that the USA will harden it’s gag orders and secretive laws. As long as they have access to our digital infrastructure(s) there won’t change any bit!

  2. This is not surveillence! This is spying at its best!!!
    Never before in history of our planet was information about ‘not so friendly countries’ & ‘friendly countries’ available so easily. Sure you will not get all of the information. But you sure as hell get a lot more information, a lot easier that spying used to be!!! Sure there will be a lot of junk and thrash talk, but its that less than 1% of information which they are after!

    If europe is smart they will pass this bill with intent of containing information across borders with no limit!!

  3. Rick Mendes

    Privacy by design can’t slow innovation, mass surveillance will !
    Terrorism use for data-breach & collection for commercial & individual-mass profiling purpose is our current reality, this can’t lead to any innovation, just more control, less privacy.

    what has been achieved tonight is far from ideal, far from the context of this document here : full context tools to call your MEP’s congratulate them to listen to loopholes put in light by civil society like LQDN & EDRI here goes the PIPphone (call them for free) here you can follow the disruptive effect of the #NSA revelation and #PRISM related information tracking in Europe

    you can also hit our thunderclap and support our campaign to make sure MEP’s start working in the interest of citizens all across EU, enforce the TransparencyRegister for Lobbyist, and start actually representing the Citizens, not Corporations driven technocracy.

    in 2014, please Vote ! national level is compromised (it will fight against tonight’s good achievement, it’s time for more Europe & Less EC driven disastrous policies.

    EC : don’t regulate my olive Oil bottle!, but enforce Privacy by Design & by Default & launch the future economy based on sustainable vision for a social Europe !

    Citizens for Europe

  4. Seansmith

    I don’t’ understand your glee (nor your Google bashing) basically this is all heavy handed stuff that doesn’t really address government surveillance but makes it very difficult to innovate. The EU wants to harm US companies an give home filed advantage to EU ones and all this is just a smoke screen for it.

    It’s not just US companies that might be harmed by this type of heavy handed approach but also users because this is going to slow innovation considerably.

    • This does address government surveillance. The tracking being done by private companies is what has facilitated tracking by the NSA. If companies like Google were not collecting a permanent record on every individual who ever used their service, there would be no records for the NSA to seize from Google.

      The law in the US is the exact opposite. Retention times are large and mandatory. The US laws exist to offload the cost of surveillance onto private companies. It’s really encouraging to see that Europe is making a stand.

        • Then you won’t mind a black box in your car which monitors your speed and GPS location. You won’t mind when technology mails you a ticket for going 56 in a 55. Right?

          No problem? Then you won’t mind knowing that the black box already exists, that the law which mails you a ticket could pass tomorrow, and all your speeding transgressions will be applied against you, retroactively. Oops. You just lost your driver’s license.