Data Protection Regulation: La Quadrature's Voting Recommendations to LIBE

Paris, 21 October 2013 — Today, and probably Thursday1 in Strasbourg, the “Civil Liberties” (LIBE) committee of the European Parliament will vote on the future of the European Data Protection Regulation. Regarding this important issue, La Quadrature du Net just sent a letter to the members of the LIBE committee urging them to refuse the secrete tripartite negotiations, and giving its voting recommendations. Until the vote, La Quadrature du Net invites all citizens to make their voice heard, and to also contact their representatives.

The “Civil Liberties” (LIBE) committee vote on the European Data Protection Regulation is planned today at 18.30, and could continue Thursday at 12.00. This vote is a very important stage of the legislative procedure as it could be the last public one before the vote of the whole European Parliament in plenary sitting.

The Lack of Transparency of the Procedure

It is now certain that the rapporteur Jan Phillipp Albrecht will request a negotiation mandate for a 1st reading agreement2 to the members of the LIBE committee. As a matter of fact, if members of the LIBE committee consent to instruct Mr. Albrecht and his negotiating team3 for the trilogue, the European Commission, the European Parliament and the Council will continue their discussions behind closed doors, cutting short any chance of public debate.

If such a mandate is given, European citizens and NGOs would not be able to participate in an open debate on the decisions taken by a restrict group of MEPs on the future of data protection. An open debate is highly necessary because the main decisions on this dossier have been taken – under the pressure of tremendous lobbying operations – before Snowden's disclosures on worldwide mass surveillance.

LQDN's Compromise Amendments Voting Recommendations

Beyond the transparency of the procedure issue, some of the “compromise amendments”4, if they were adopted, would introduce legal loopholes on the Regulation, allowing companies to process without limits your data. As a consequence, La Quadrature du Net calls the LIBE members to:

A lot of other compromise amendments reached by members of the different political groups in LIBE are actually good. For instance those providing that consent must be explicit, that data must be fairly processed or that citizens must keep them under their control; but these good compromise amendments could be almost useless if the compromise amendments made on Article 6 and 20 are adopted.

Letter to LIBE committee

Once again, La Quadrature du Net invites all citizens to make their voices heard, and to contact the members of the LIBE committee. The citizen association recommends the use of the PiPhone, which permits to call MEPs easily and for free. However, other ways are described on its wiki, and the contact details of the LIBE MEPs are available here or on the Political Memory, allowing everybody to act in the way that best suits him. Here is the letter that La Quadrature just sent to the members of the LIBE committee:

Dear member of the LIBE committee,

Today, you will hold a vote on rapporteur Jan Philipp Albrecht's draft report regarding the future European Data Protection Regulation. In addition to the content of this legislation, you will be required to decide to allow Mr Albrecht to enter into negotiations with the Council in order to agree on a final text behind closed-doors.

In the context of the recent disclosures made by the whistleblower Edward Snowden about the scale of the surveillance program put in place by government authorities and secret services, the preparation of this Regulation provides you a unique opportunity to put in place legislation to defend European citizens’ rights to privacy and data protection.

You have the chance to develop a strong legal framework, inspiring good practices by business, guided by clear, predictable legal principles and enforcement, in an environment of trust, for many years. That legal framework – geared to protect the fundamental right to privacy of the European citizens – deserves an open and transparent debate that is equal to the challenge represented by these issues.

As a consequence, we call on you to refuse the secret tripartite negotiations and urge for transparency and a proper, in-depth public debate.

In any case, we urge you to reject compromise amendments made on articles 6 and 20.

COMP Article 6 may turn the “legitimate interest” exception into the main legal basis for processing, depriving citizens of any prior control (such as explicit consent) over the processing of their personal data. Instead, adopting AMs 99 to 102 would let control in the citizens' hands.

COMP Article 20 would void any protection against profiling based on “pseudonymous” data. But “pseudonymous” data may still be very easily attributed to the real identity of the given data subjects. Thus, any profiling based on such data must stay under data subjects' control. Instead, adopting amendments 158 to 165 & 1593 would provide strong protection for citizens against unfair measures based on profiling.

A few months before the European elections, we trust that through your vote, you will honour your obligations as an elected representative and relay the many concerns from citizens, academics, NGOs and regulatory bodies, on the fundamental right to privacy.

La Quadrature du Net

Act now !

  • 1. If the votes are not finished on Monday, 21st October at 22:30 hours, the meeting might be suspended and resumption of works is scheduled for Thursday, 24 October 2013 from 10.00 to 12.00 hours.
  • 2. The rapporteur will ask the members of the LIBE committee – on the basis of Rule 70 of the Rules of Procedure of the European Parliament – for a mandate to enter in interinstitutional negotiations, which will take the form of tripartite closed-doors meetings between the European Commission, the Council (ministers from the Member States) and the European Parliament (the goal of the negotiations generally being the adoption the legislative act at an early stage of the procedure.
  • 3. Jan Philipp ALBRECHT (Greens/EFA), Sarah LUDFORD (ALDE), Axel VOSS (EPP), Dimitrios DROUTSAS (S&D), Alexander ALVARO (ALDE), Timothy KIRKHOPE (ECR), Cornelia ERNST (GUE/NGL)
  • 4. "Compromise amendments" stand for a package of amendments negotiated between political groups, before the official vote of the draft report in the committee responsible. The aim is to cover and replace the amendments tabled at the given stage of the procedure, in order to compromise on a common text geared to resolve the existing conflicts. If the negotiating team reaches an agreement, MEPs – sitting in the responsible committee – vote only on the compromise amendments, avoiding a long review of those amendments originally tabled. However if variances between political groups cannot be completely smoothened, MEPs can decide, at eleventh hours, not to vote on compromise amendments, but on the original ones.
  • 5. "1. Processing of personal data shall be lawful only if and to the extent that at least one of the following applies:
    (f) processing is necessary for the purposes of the legitimate interests pursued by the a controller or in case of disclosure, by the third party to whom the data is disclosed, and which meet the reasonable expectations of the data subject based on his or her relationship with the controller, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. This shall not apply to processing carried out by public authorities in the performance of their tasks."

    This amendment may turn the “legitimate interest” exception into the main legal basis for processing, depriving citizens of any prior control (such as explicit consent) over how their personal data are processed.

  • 6. "(58a) Profiling based solely on the processing of pseudonymous data should be presumed not to significantly affect the interests, rights or freedoms of the data subject. Where profiling, whether based on a single source of pseudonymous data or on the aggregation of pseudonymous data from different sources, permits the controller to attribute pseudonymous data to a specific data subject, the processed data should no longer be considered to be pseudonymous."
    This recital would void any protection against profiling based on “pseudonymous” data. But “pseudonymous” data may still be easily attached to data subjects through further processing. Thus, any profiling based on such data must stay under data subjects' control.