[Descrier] New EU data protection proposal is stronger, but still has major loopholes

One of the most important pieces of legislation wending its way through the European Parliament concerns data protection. Because of its potential impact on major US companies like Google and Facebook, this has become one of the most fought-over proposals in the history of the EU, with lobbyists apparently writing large chunks of suggested amendments more favorable to online services. And all of that was before Snowden’s revelations about NSA spying in the EU made data protection an even more politically-sensitive area. [...]

Perhaps the biggest loophole concerns the concept of ” legitimate interest” (pdf), which allows a company to use personal data provided it meets “the reasonable expectations of the data subject based on his or her relationship with the [company]“. Of course, that is so vague as to be utterly useless — what does “reasonable expectations” mean in this context? As the draft legislation stands, companies are essentially being given a free pass to do pretty much whatever like with the personal data they gather, despite all the other supposed safeguards. And there’s another serious issue, as noted by La Quadrature du Net:

The Members of the LIBE Committee also made the very disturbing choice of accept the secret tripartite negotiations requested by the rapporteur Jan Philipp Albrecht. The text will now be modified behind closed doors, between the European Commission, the European Parliament and the Council (ministers from the Member States). The latter could use untransparent negotiations to annihilate all the positive provisions of this Regulation, leading to a weak and dangerous final version of this legislation. [...]