[ad_1]
The first episode of this Brussels column was about a Yeti. More precisely: A planned data protection law that has certain similarities with a somewhat creepy mythical creature. Nobody knows if he’ll ever see it, but as a precaution, business associations in particular tried to drive the monster away with loud noise.
Now, two years later, the Yeti has taken shape – in time for the last issue of this column. Of course, nobody has seen it completely, but a tuft of hair has been found: four years after the first legislative proposal by the EU Commission, the member states have agreed on their position on the so-called e-privacy reform. This is intended to translate the secrecy of letters into the digital world and thus specify the rules from the General Data Protection Regulation for the particularly sensitive area of electronic communication – from Facebook Messenger to Skype to WhatsApp messages. This is an important step in the legislative process: Negotiations can now begin with the EU Parliament, which has been waiting for years for the member states to come to Potte.
Accordingly, the reactions fluctuate between “great that you made it” and “it was about time”. In terms of content, however, the resolution is widely criticized. The EU countries had drilled so many holes in the original proposal for the law that it now looks “like a French Gruyère,” says expert Estelle Massé from the civil rights organization Access Now. The federal commissioner for data protection, Ulrich Kelber, speaks of a “heavy blow”, consumer advice center Klaus Müller even of a “scandal”.
What data and consumer advocates are so upset: In their view, the position of the EU countries does not bring more data protection, but new dangers for citizens. According to them, the capitals want to legally facilitate the tracking, with which the movements of users on the Internet are observed. And this, although at the same time a debate has broken out over the question of whether one should not completely ban personalized advertising on the Internet. Most recently, the European data protection officer or the social democrats in the EU Parliament have called for this.
The proposal of the member states now provides that electronic communication via WhatsApp or Facebook Messenger should in principle be comprehensively protected – but then contains many exceptions to this rule, both for the metadata of the communication (i.e. location, duration of the connection, etc. ) as well as for the exchanged content. In law, this leads to bizarre excesses. For example, recital 20 of the Commission proposal has been given the additions “20a”, “20aa”, “20aaa” and “20aaaa” (without, however, being followed by 20b, 20bb et cetera).
More important than questions of wording is the potential impact on internet users. If the Member States have their way, telecommunications providers should, for example, no longer only be able to process data for the purposes for which they originally collected the data, but also for other purposes that the users have not expressly consented to.
According to the draft, the extremely controversial data retention should also be given a new chance – courts have received earlier rules on this several times. In view of the tight judicial requirements, the EU Commission has not yet made any new proposal on the subject (which would then have to be dealt with in a presumably lengthy legislative process).
The negotiations are likely to be tough and protracted
And finally, a wish of many media companies is heard in the draft to be able to make access to their offers dependent on the user showing that he agrees to the use of his data. In practice, this means that users have to decide whether to accept a payment offer – or pay with their data. Data protectionists criticize such cookie walls: In these cases, the user has no real choice at all as to whether he wants to get involved in the tracking, although the General Data Protection Regulation prescribes consent of his own free will.
While some reject the draft, the economy insists on it. The European publishers’ associations EMMA and ENPA, for example, have been promoting vigorously over the past four years that they can continue to make up for part of the dwindling advertising revenues from the print era with personalized advertising. Now they are warning against weakening what has been agreed between the member states in the negotiations with the EU Parliament. From their point of view, this would primarily be of advantage to the large corporations, which allow their users to carry out extensive data processing by means of general terms of use. The negotiators must ensure “that publishers can also benefit from the consent of the users,” says Ilias Konteas, the head of EMMA and ENPA.
The concerns of the publishers are understandable – but so is the criticism of the data protectionists. This criticism is usually given more weight in Parliament. The negotiations that are now beginning are therefore likely to be tough – and probably also protracted.