Access has received new information about the unprecedented level of US lobbying against the EU Data Protection Regulation in response to Freedom of Information (FOI) requests filed on both sides of the Atlantic.
The FOIA requests were sent simultaneously to the US Department of Commerce, the US Department of Justice, and the US Department of State on February 20, 2013, and to the European Commission on February 5, 2013, requesting:
[A] copy of any and all records, including digital and non-digital records, concerning any and all correspondence; record of meetings (both informal and formal); meeting agendas and summaries; and related documentation between the U.S. and the European Commission (in particular Vice-President of the Commission Viviane Reding, and her cabinet and staff members) dealing with the European Data Protection Reform Package between September 2011 and February 19, 2013.
These requests came in response to an open secret in Brussels: that the US Government has been actively lobbying EU policy makers in the European Parliament, Commission, and in the individual Member States, with the intent of both preventing the passage of a strong Regulation and weakening existing privacy standards.
Since the European Commission first tabled the reform proposal in January 2012, Brussels has attracted an armada of lobbyists, proving that there is almost no current issue more contentious in the “Brussels Bubble” than the Data Protection Regulation.
As it’s currently written, the Regulation is intended to update and harmonise existing data protection standards in Europe, including giving users greater control over their personal data, encouraging greater accountability for the public and private sectors that handle personal data, and enabling regulatory enforcement “with teeth” to ensure compliance across the continent.
Beyond lobbying: US caught perpetuating myths about the Regulation
The debate on certain aspects of the Regulation–such as explicit consent, or the Right to be Forgotten–has been clouded by misinformed criticisms. However, documents from the European Commission reveal that the US Department of State has also contributed to some of this myth making that continues to obscure fact-based and sensible debates around the Regulation in the Parliament and the Council.
One of the two documents sent to Access on behalf of the Commission was a letter from the Vice-President of the Commission and Fundamental Rights Commissioner Viviane Reding to US Ambassador to the EU William Kennard in December 2012 (see the other document here).
Mr. Kennard, who has represented the United States administration in Brussels since 2009, has spent his career working to promote transatlantic trade and investment, and lower regulatory barriers to commerce. Prior to his appointment as US Ambassador, he had served as a chairperson of the US Federal Communications Commission (FCC), where he was described in the US media as a “consumer champion for the digital age.”
Yet, as the Regulation negotiations have progressed, Ambassador Kennard has been among the leading voices arguing that the proposal, and its pro-privacy approach to the digital economy, would economically and commercially isolate the EU. But the FOIA documents received by Access have revealed the extent to which the US administration is pushing against the Regulation, in this case making inaccurate statements about the DPR. It also sheds light on the European Commission’s behind-the-scenes efforts to fight back against US lobbying.
In his speech at a privacy conference in Brussels in December 2012, Mr. Kennard discussed the Regulation, and touched upon one of the more contentious elements subject to a great deal of criticism — that of “explicit” consent. The Ambassador claimed that consent would have to be explicit in every circumstance, when this is only one of the six grounds that can be used as a basis for processing personal data. This, and other perspectives articulated by Mr. Kennard incited a direct rebuke from Vice-President Vivanne Reding (Fundamental Rights Commissioner responsible for the DPR) included in the documents we received in response to our FOIA requests, explaining that he had misrepresented one of the fundamental pillars of the DPR. She writes,
Regarding those situations where consent is used, the reason that the European Commission wishes for consent to be “explicit” is because consent has to be real and meaningful for it to be a legitimate basis for processing: interpreting silence as implied consent is not fair on the data subject,” before concluding that, “I would be most grateful if such errors about the content of the proposals were avoided in the future.
Reding also reprimanded the Ambassador for criticising the proposals that empower the European Commission to lay down technical rules pertaining to the application of the Regulation. Reading between the lines, this comment can be understood in the big picture, and not just on the point of the Commission’s proposed delegated acts:
Furthermore, such comments on decision-making within the European Union are equivalent to the European Commission passing judgement on the scope of empowerments given by the US Congress to the US Executive including to its Regulatory Agencies. Such statements would not be welcomed.
The letter confirms the fact that the Ambassador, a USG representative, has joined the party line pushed by US companies against the Regulation, which begs the question of whether he’s working on behalf of powerful private interests at the expense of EU citizens’ fundamental rights.
Moreover, the recent revelations about the US National Security Agency’s (NSA) sweeping surveillance programs which specifically target non-US citizens, raises serious concerns for European citizens. The repeated claims that programs like PRISM are legal and overseen by all three branches of the US government in particular begs the question of how adequately US legislation like the Foreign Intelligence Surveillance Act and the Patriot Act actually protects the rights of EU citizens, indicating the need for strong protections in European law.
Documents from the Department of Commerce: Disappointing at best
Despite the insight provided by the emails between Vice President Reding and Ambassador Kennard we received in response to our FOIA request, it has otherwise proven challenging to access information regarding correspondence, meetings, and other documentation regarding the Data Protection Regulation from governments on either side of the Atlantic.
In the United States, the Department of Commerce (which launched a campaign against the Data Protection Regulation before the final text was even available) is the only agency to respond to Access’ request.
The Department of Commerce provided 26 documents (here, here and here), accompanied by a letter signed personally by DoC Chief Counsel Kathy Smith. These documents are heavily — and at times completely — redacted, with several pages omitted, citing correspondence with other agencies. Furthermore, the unredacted portions of the documents provided do not fall within Access’ request for correspondence and meetings between the two administrations. Rather, the emails provided are discussions between DoC staffers, mostly about public conferences attended and, rather oddly, referring to meetings with Commissioner Kroes (of whom we did not request any information, and who is not responsible for the dossier in question).
Despite the lack of substantive information in these disclosures, Chief Counsel Smith stated in her accompanying letter that this release is just the “first interim response,” with further rounds of docs “on a rolling basis” to be expected. To date, Access has yet to receive any further documents from the DoC, and both the Department of Justice and Department of State have yet to respond to the submitted requests.
The final vote on the DPR in the European Parliament’s Civil Liberties Committee is now set for sometime in July. As the vote approaches, it is critical that the debate remains based on facts. In the worst case scenario, the companies will convince policy makers in Brussels to weaken the Regulation, effectively undermining our privacy rights. A weak Regulation would be worse than a strong Directive.
Given that decisions about your privacy are happening right now, it’s time take action! To learn more about the Regulation visit our website, which includes Access’ opinion and Q&A on the DPR. You can also send an email to members of the LIBE committee here.
Additionally, a coalition of European digital rights groups, including Access, have launched a campaign called nakedcitizens.eu, designed to counter the influence of corporate and government lobbying at the European Parliament that threatens to strip citizens of their right to privacy. Go to nakedcitizens.eu to take direct action and contact Members of the European Parliament: demand that they protect your fundamental rights!
For more information about the results of the “LobbyPlag” that has descended upon Brussels, visit http://lobbyplag.eu/map to see which Members of the European Parliament are protecting (or undermining) your privacy rights.