Ibland är det lätt att glömma att Sverige (regeringen) just nu förhandlar i rådet samtidigt som EP diskuterar GDPR. Men här är en läcka som lättar upp dimmorna en smula:
Nedan en googleöversättning av tyskarnas analys:
Exclusive: We publish negotiation status of the data protection reform in the Council of Ministers - Minister protect the market, but no data
By Benjamin Bergemann | Published: 27/05/2013 at 11:02 | Comment
The interior and justice ministers continue to shake the foundations of the Data Protection Act. Both the basics such as the definition of personal data as well as information requirements and stakeholder rights, ministers protect businesses to the detriment of citizens. This is clear from a document of the Irish Presidency, which we publish exclusively here.
Germany is not among the worst Verwässerern of reform. Interior Minister Friedrich's promise of "more stringent European data protection rules' you realize but not much.
Doubt as to the regulation, unity in business friendliness
The document dated 6 May 2013 is the status of negotiations in the Council on Chapters I-IV of the Commission proposal. These include inter alia the basic principles of Regulation (definitions, rules for data collection), the rights of individuals against the data processors and the duties last mentioned.
Sender is the Irish Presidency, which provides amendments to the regulation under discussion in the Council on the basis of the discussion item. Because of the disagreement in the Council abound in the paper of footnotes, which document caveats and modifications of the Member States.
The paper complements the leak from the Council of Ministers, which we have recently verbloggt. In this it was the few points where seemingly broad agreement between the States was.
We now present the document shows that agreement on the Commission's proposal in the Council of Ministers is the exception. Member States shall make reservations about reservations. Some, including the Regulation has always been hostile to United Kingdom, doubt still the instrument of regulation and would prefer a policy that would maintain the current enforcement deficit in the European Data Protection upright.
As the Austrian journalist Erich Moechel writes advised "Countries with relatively strong data protection laws such as Germany or Austria rather on the defensive" in the Council negotiations. However, this can not be an excuse. On the contrary, attacking Germany should occur in the Council for a strong data protection regulation. Thus we read in the Irish Presidency of the proposed new regulation for the introduction words nothing of a German title:
In order to ensure the functioning of the internal market, it is necessary that the free flow of personal data between Member States through the protection of individuals regarding the processing of personal data which is not restricted or prohibited.
What European internal market is meant here? Especially in view of the currently circulating numbers in industry-related studies, may give the impression that the direct marketing industry, scoring and tracking services networks are the solution to the economic problems of Europe or somehow relevant to the system.
Definitions and basic principles of data processing: Expertise ignored
In the definition of personal data, Member States continue to make worse the formulations of the Commission. Particularly in online environments, it just depends on not one whatsoever "identification" of the person. It is crucial that I am distinct from others in a group. The call for civil rights organizations just as the European data protection of the Article 29 Data Protection Working Party - and indeed since 2007.
With the expansion of the controversial "legitimate interest" that allows data processing without consent, the ministers want to extend this legal basis to third parties, or rather before they suggest the need to limit its quite safe. This supports - in a slightly different formulation - Germany. As a report of the civil rights organization Bits of Freedom shows the data processing on this basis is legally opaque. Victims are the "data subjects", so we.
And once again ignore the ministers privacy law expertise. For the purpose of the data collected, although they carry an a catalog of factors to estimate the earmarking, similarly as proposed, the Article 29 Working Party in its opinion. Unfortunately, they forgot to delete the article loophole-Article 6 (4), to be replaced by those factors catalog.
Rights and obligations of the persons concerned of the data processors: Just do not burden the industry
Controversial among the ministers are the information requirements of the data processors towards the citizens and the right to data portability, a Commission of the more innovative suggestions that could help to overcome the so-called lock-in effects. This would make it possible about to take its data from one provider to another, such as from Twitter to app.net. The ministers make both the information requirements and the right to data portability worry about the circumstances and costs that could be the cause for the company - even Germany. The right to data portability, many states generally do not consider as a matter of data protection legislation - a good excuse to quash it for now. And of course you are also concerned about trade secrets and intellectual property.
One of the most dangerous and absurd text suggestions: The so-called "notice to the person affected by a violation of the protection of their personal data", ie the communication of data leakage should not be necessary as long as the data processor has taken measures such as pseudonyms and encryption. The belief in technological progress and innovation, the minister probably leave just here. A data leakage is of course dangerous even with pseudonymous data. For encryption, the decryption is only a matter of time. But if the data flow that's good for the internal market.
The Council continues its pro-business line continued in data protection. The idea of a Europe-wide enforcement of strong data protection laws pleases most Member States little. Similar trends are emerging in parallel with the ongoing negotiations in the European Parliament. The ACTA is not, but just as important. Currently running actions that are aimed at Interior Minister Friedrich and the European Parliament. Experience has shown that the latter is easier to influence. So take a few minutes for your privacy and contact your elected officials / interior in Berlin and Brussels.