The US government delegation that paid a visit to the European Parliament's Committee on Civil Liberties, Justice and Home Affairs last week didn't waste much time on pleasantries. After briefly invoking common trans-Atlantic values and declaring it a great honor to be visiting Brussels, the American representatives switched directly into attack mode.
The source of the representatives' displeasure lies in an EU plan to establish more effective and standardized data privacy laws across Europe. The officials from Washington criticized the plans laid out by the European Commission, deeming them unacceptable. Bruce Swartz, from the US Department of Justice, claimed the Commission's plan would make it more difficult to fight crime and pose a threat to security. Cameron Kerry, from the US Department of Commerce, warned that the regulations would hurt the economy and cost jobs.
Criticism has been pouring in ever since January, when EU Justice Commissioner Viviane Reding presented her plans for new, EU-wide data privacy standards. Meanwhile, the US government has been unabashed in supporting the interests of American Internet giants, such as Facebook and Google.
In the wake of recent data privacy scandals, Reding is looking to implement stricter laws and tough penalties for violations. The determined politician from Luxembourg promises, among other things, that EU citizens will have the "right to be forgotten" online. In the case of data they put online themselves, users would have the right to insist that the companies processing the data delete it. This proposal, sure to be popular among the general public, is just one among a long list of data privacy measures the EU wants to use to give Internet users more control over their own data.
Data privacy advocates very much approve of Reding's proposal, but there has also been massive opposition. The US government and the companies that would be affected by the proposed legislation are not the only ones up in arms over the approximately 100-page document. Even the German government, usually a trailblazer on issues of data privacy, has emerged as a major voice against Reding's plans in the form of Interior Minister Hans-Peter Friedrich, whose ministry oversees matters related to data protection. But Minister of Food, Agriculture and Consumer Protection Ilse Aigner, a fellow member of the center-right Christian Social Union (CSU), the Bavarian sister party of Chancellor Angela Merkel's Christian Democratic Union (CDU), has repeatedly criticized Facebook and Google, and supports Reding's plan.
Privacy or Censorship?
If the European Commission has its way, all EU member countries will ultimately have the same regulations. The Commission wants to pass a regulation rather than simply issue a directive, thereby eliminating lawmakers' ability tol make exceptions at the national level. The current patchwork of European data privacy laws presents many opportunities for corporations. Facebook, for example, operates its European business from Ireland, where data privacy standards are comparatively lax.
According to Reding, harmonizing these standards will benefit not only consumers, but also businesses, which will enjoy legal certainty and operate under the same market conditions. But that argument has fallen flat, especially with US-based Internet companies. The proposed plan had barely gone public before Peter Fleischer, Google's global privacy counsel, commented in a blog post that the "right to be forgotten" and the right to demand deletion of information reflect a current trend, namely, that data protection and personal rights are increasingly being used as justification for online censorship.
The companies that oppose the new plan have plenty of support, especially from the US Chamber of Commerce, which is exerting pressure in Brussels. A letter the lobbyists sent this September to the European Parliament official responsible for the matter can be seen as a general rejection of the proposal.
What particularly upsets these lobbyists is the plan to categorically ban all data processing by authorities or companies anywhere in Europe unless the citizens, clients or users in question have granted their explicit approval. The Commission wants to strengthen the obligation to use so-called opt-ins, by which the user actively grants consent with the click of a mouse. A fine-print note acknowledging the client's right to withhold approval would no longer suffice. Companies fear this would result in a considerable drop in many services' user numbers. It would also make personalized advertising, an area in which many providers expect to see the largest growth in sales, considerably more difficult.
"For the companies, it's not about freedom of speech, but about a brutal economic confrontation," says Jan Philipp Albrecht, a member of the European Parliament and the German Green Party's specialist there on data protection issues. "American companies' dominance of the Internet is especially at stake."
Going Too Far?
Companies aren't the only ones to criticize the proposed "right to be forgotten" and "right to delete." Data privacy advocates also believe that the two pages Reding's plan devotes to this issue don't go far enough.
Facebook, for example, would be required to honor a user's request to delete photographs he or she had previously uploaded to the site as well as to take "every reasonable step" to inform any third parties that had since obtained that photograph from Facebook's pages that the user had requested its deletion. However, contrary to the claims of some corporate lobbyists, the company would not be responsible for ensuring that these third parties comply with the deletion request. Indeed, the proposed legislation is riddled with such caveats and exceptions.
German Consumer Protection Minister Ilse Aigner brands the criticism expressed by corporations "horror scenarios." "The argument that more data protection would endanger growth and jobs strikes me as fear-mongering," she says. "We need reliable rules that companies located outside the EU are also required to follow. There should be no more loopholes for global players such as Apple, Google and Facebook, and no excuses." Reding's proposal offers an "important opportunity," Aigner adds, to harmonize data protection across Europe at a high level.
But German Interior Minister Friedrich sees things differently. Following a meeting with Facebook last fall, Friedrich declared his support for simply letting providers self-regulate, and he has complained to those closest to him that he thinks the European Commission is primarily interested in expanding its own power.
The German Interior Ministry doesn't want the proposed EU regulation to apply to data processing carried out by governmental agencies and authorities, and he believes the current German law offers an excellent model for this.
In Friedrich's opinion, the proposed EU regulations concerning the private sector also go too far, particularly the obligation to let users actively opt in. Interior Ministry State Secretary Cornelia Rogall-Grothe warned at a recent event of "the danger that we might end up overdoing it in our efforts to establish good data protection."
Some critics suspect the Interior Ministry could be using the discussion on EU-wide reforms as a chance to loosen data privacy regulations at the national level to the benefit of businesses. "Differentiating between public and private data processing poses the risk of backsliding in terms of what we require of companies," says Spiros Simitis, a well-known German legal expert on data privacy.
Last week in Brussels, the American delegation and the European Commission failed to make any progress toward reconciling their clashing viewpoints. This week, the debate will shift to Berlin, where Friedrich's Interior Ministry is hosting a conference entitled "Data Protection in the 21st Century." The two-day conference beginning Wednesday appears to be a home game for Reding's critics, as one of the event's hosts is the Berlin-based Alexander von Humboldt Institute for Internet and Society, an organization that Google helped co-found last year.