Data Protection, NSA Votes Won; Net Neutrality Next

Last week I asked people to write to their MEPs about two important votes in the European Parliament on Wednesday: one regarding data protection, the other surveillance. Lots of people obviously did that, and not just here in the UK: both votes...


Last week I asked people to write to their MEPs about two important votes in the European Parliament on Wednesday: one regarding data protection, the other surveillance. Lots of people obviously did that, and not just here in the UK: both votes went through with huge majorities. That’s not to say that the results are perfect, but they are probably as good as we could have hoped for in the circumstances, and represent a real win for democracy in Europe given the bitter lobbying that was deployed against them.

Here are the main points of the data protection proposals as summarized in the European Parliament’s press release on the vote:

Data transfers to non-EU countries

To better protect EU citizens against surveillance activities like those unveiled since June 2013, MEPs amended the rules to require any firm (e.g. a search engine, social network or cloud storage service provider) to seek the prior authorisation of a national data protection authority in the EU before disclosing any EU citizen’s personal data to a third country. The firm would also have to inform the person concerned of the request.

Deterrent fines

Firms that break the rules should face fines of up to ‚¬100 million, or up to 5% of their annual worldwide turnover, whichever is greater, say MEPs. The European Commission had proposed penalties of up to €1 million or 2% of worldwide annual turnover.

Better protection on the internet

The new rules should also better protect data on the internet. They include a right to have personal data erased, new limits to “profiling” (attempts to analyse or predict a person’s performance at work, economic situation, location, etc.), a requirement to use clear and plain language to explain privacy policies. Any internet service provider wishing to process personal data would first have to obtain the freely given, well-informed and explicit consent of the person concerned.

As you can see, there’s some pretty strong stuff in there – up to 5% of annual global turnover is a lot of Euros, and not something even Google or Facebook can simply find by digging down the back of the sofa. However, this is not the end of the story. Because of the way the EU works, both the European Commission and the shadowy Council of the European Union have to agree as well. Surprisingly, the European Commission is likely to do that; it’s the Council of the European Union that’s the problem – not least because it’s made up of ministers of the EU member states, and therefore gives the UK a chance the mess things up as usual. However, the extremely strong support for the proposals in the European Parliament – the voting was 621 votes in favour, 10 against and 22 abstentions – should at least put some pressure on the UK and others to respect the democratic decision here. Just kidding....

The other big vote was on the European Parliament’s inquiry into the mass surveillance of EU citizens. The resolution put together by the Civil Liberties, Justice and Home Affairs (LIBE) committee of the European Parliament was backed by 544 votes to 78, with 60 abstentions. Its main recommendations are as follows:

Parliament’s should withhold its consent to the final Transatlantic Trade and Investment Partnership (TTIP) deal with the US unless it fully respects EU fundamental rights, stresses the resolution, adding that data protection should be ruled out of the trade talks. This consent “could be endangered as long as blanket mass surveillance activities and the interception of communications in EU institutions and diplomatic representations are not fully stopped”, notes the text.

MEPs also call for the “immediate suspension” of the Safe Harbour privacy principles (voluntary data protection standards for non-EU companies transferring EU citizens’ personal data to the US). These principles “do not provide adequate protection for EU citizens” say MEPs, urging the US to propose new personal data transfer rules that meet EU data protection requirements.

The Terrorist Finance Tracking Programme (TFTP) deal should also be suspended until allegations that US authorities have access to EU citizens’ bank data outside the agreement are clarified, insist MEPs.

Again, there are some very strong measures there: suspending Safe Harbour, which lets US companies take Europeans' personal data and do pretty much what they want with it, would throw a real wrench in the US digital economy. However, that’s not likely to happen, since it doesn’t depend on the European Parliament: it would be for the European Commission to implement, as it does for withdrawing the Terrorist Finance Tracking Programme.

However, the European Parliament is quite able to withhold its consent to TAFTA/TTIP – after all, that’s precisely what happened with ACTA, which died on the day that MEPs voted against it (actually, it’s more of a zombie: not dead outside the EU, but not very alive either...) A lot depends on what happens in the next twelve months in terms of how NSA and GCHQ spying is reined in (if at all), and whether data protection is included in TTIP.

So, in the wake of those two good results, we move on to the next battle – our old friend Net neutrality, which has been rumbling through the European Parliament for ages. La Quadrature du Net has a good summary of the current situation:

The ITRE committee had been scheduled to finally adopt the Neelie Kroes' report on the European Single Market for Electronic Communications on 24 February. But because of the unavailability of the 22 linguistic versions of the amendments to be voted, the members of the ITRE committee decided to postpone the decision after one and a half hours of agitated discussion.

Before that date, the work in shadow meetings had been intense, as the chapter addressing the open Internet divided political groups. The proposal of Pilar del Castillo Vera (ES – EPP), the ITRE rapporteur on this dossier, distorts the principle of Net Neutrality to please the telecom lobby. Her compromise amendments (pdf commented by LQDN) bypass Net Neutrality by allowing telecom operators to make deals with Internet services providers (e.g. YouTube or Netflix) to grant them priorised delivery through so-called “specialised services”. Unfortunately her proposals are supported by her group, as a whole, even if EPP members in the “Civil Liberties” (LIBE) committee broadly supported the provisions defending Net Neutrality.

MEP Catherine Trautmann (FR – S&D), shadow rapporteur for her group, has now taken a firm position in defense of innovation and competition in the digital economy. Mrs Trautmann has proposed another version of the same compromise amendment but which now states clearly that “specialised services” cannot be used by big telecom operators in partnership with Internet giants to circumvent Net Neutrality and thus dominate the Internet and the wider digital economy (see a comparison table on the two amendments).

The key thing is therefore to urge all the MEPs on the ITRE committee to support Trautmann’s amendment. La Quadrature has also helpfully put together a full list of the ITRE committee; those from the UK are as follows:

Giles Chicester: [email protected]

Vicky Ford: [email protected]

Nick Griffin: [email protected]

Fiona Hall: [email protected]

Roger Helmer: [email protected]

Sajjad Karim: [email protected]

Peter Skinner: [email protected]

Alyn Smith: [email protected]

If you prefer, you can contact your own local MEP using WriteToThem. Here’s what I’m sending to my local MEPs and members of the ITRE committee:

This is just a quick note to urge you and your ITRE colleagues to support real Net neutrality in the vote on Tuesday. Specifically, I hope that you will vote for Catherine Trautmann’s amendment, which contains the following key section:

"(15) “specialised service” means an electronic communications service optimised for specific content, applications or services, or a combination thereof, provided over logically distinct capacity and relying on strict admission control from end to end. It is not marketed or usable as a substitute for internet access service; its application layer is not functionally identical to services and applications available over the public internet access service;"

Thank you for your help in preserving the open Internet.

Follow me @glynmoody on Twitter or, and glynmoody on Google

"Recommended For You"

[Update] Big Votes in European Parliament - Passed European Parliament delays vote on sharing passenger data with US authorities