Is the Council Selling Our Personal Data to Private Companies?

Posted on

Paris, 24 June 2015 — Ongoing for many months, a new stage of trialogue negotiations1Negotiations behind closed doors carried on by delegates of the European Parliament, the European Commission and the Council of the European Union on the future EU regulation regarding the protection of personal data is starting today. The document published last 8th June shows that the EU Council is trying to eradicate most of the dispositions protecting citizens from the final text. Even if it is still too weak, citizens’ representatives must stay firm and keep the position adopted by the European Parliament on 12 March 2014.

In the framework of negotiations regarding the future European regulation of the protection of personal data, the EU Council has proposed a text far too liberal and with very little protection for European citizens’ rights vis-à-vis private companies and third countries. Throughout this text, the EU Council wants to allow companies to collect and process data without prior notice of consent of the concerned person or for purposes other than the ones agreed on as long as the company can justify a “legitimate interest” (fr). This term, too vague to allow working, effective protection of personal data, will introduce a large breach in the European system.

The Council also seeks to widen the right to erase personal data. This right must not be widened where that infringes on freedom of speech. It is the role of Member States to reconcile the right to erase data with the right to freedom of speech. But the Council is reducing the right of freedom of speech to journalists and academic, artistic or literary activities.

Finally, no measures were agreed on on the anonymisation of data. Only the pseudonymisation is considered, which is totally insufficient to preserve the anonymity of a person. Pseudonymisation within the processing of personal data is not protection at all and is only another gift for private companies which will allow them to work, with complete impunity, on data whose the origin can be easily found. This gift is re-enforced by the will to authorise profiling person with their explicit agreement. Such an authorisation is necessary but insufficient if there is not a strict framework on the finalities of the profiling. The absence of a regulation of the issue of Safe Harbor in spite of the adoption of the Moraes 2014 report is making the breaches in the protection of personal data every time wider.

“The EU Council is trying once again to override the rights of citizens in favor of large companies that make a lucrative market of personal data. It is not acceptable to let States sell off EU citizens’ right to privacy. It is fundamental that the European Parliament and the European Commission remain firm and that they do not allow citizen’ liberties to shrink away when they are already threatened if France and other places, mostly regarding the reinforcement of intelligence services” says Philipe Aigrain, confounder of La Quadrature du Net

Synthesis of La Quadrature du Net on the text adopted by the Parliament, on 12 March 2014 (fr).


1 Negotiations behind closed doors carried on by delegates of the European Parliament, the European Commission and the Council of the European Union