Wobbing.eu

Freedom of Information in Europe

How the EU Data Rules Became a Copy-Paste War

Politicians tabled amendments drafted by industry as if they were their own suggestions, and defenders of new data rules used the same copy-paste technique. In the process, the interests of privacy, profit and democracy collided. This is how, and why.

The copy-paste disclosure

Arguments for and against new EU-wide data-protection rules grew heated after disclosures by a German website, LobbyPlag.eu, which compared amendments suggested by IT companies and business associations with amendments tabled by members of the European Parliament. The comparison showed that lobbyists secured a high return on their effort: the companies' proposals had, to a large degree, been copy-pasted by politicians without any indication of where, or from whom, the ideas had come. The pattern suggested that US-based companies such as Amazon, eBay, Facebook and Google had not only the ear of European parliamentarians but direct access to their printers.

A campaign on both sides

Europe-versus-Facebook, an activist group that worked with the LobbyPlag site, said IT giants were trying to lobby away the fundamental right to privacy and were proving quite successful at it. But the site showed that the copy-paste technique was used by opponents and defenders of the proposed regulation alike. Malcolm Harbour, a Conservative British MEP, had copy-pasted 14 of his 55 amendments — a quarter — from sources including eBay and the American Chamber of Commerce. A fierce opponent of his, Amelia Andersdotter of the Swedish Pirate Party, was not far behind: of her 284 amendments, 65 (23 per cent) were copy-pasted, most from the non-governmental organisation EDRi, European Digital Rights. The pattern suggested that politicians across the spectrum depended on input from outside the Parliament to form their positions.

Threats dismissed as myths

The proposed data regulation had already been described as a threat to freedom of expression and to access to documents held by public authorities. A third concern came from medical scientists and pharmaceutical companies, who feared the legislation would jeopardise research based on personal data from patient registers used to follow identified individuals over time. These worries had so far played little part in media coverage of the copy-paste dispute. Amelia Andersdotter of the Pirate Party said she did not regard the threats as real, seeing instead a chance to harmonise data protection, and considered the critics tied to the interests of the IT companies.

Privacy as property

For the defenders of the proposed legislation, privacy was a fundamental right of equal weight to freedom of expression, including the right to know. Privacy was understood as a form of property — a name, an address, identification numbers — so that, as the owner of their data, an individual should have control over how it was used. That understanding led to several demands:

  • Citizens should have the right to control their personal data effectively, including a right to be forgotten, also described as the "right to erasure".
  • Personal data should be used only with the explicit consent of the owner.
  • Data should not be used for the secret profiling of a person.

Privacy versus profit

These demands collided directly with the interests of companies that collect data for commercial use — the very companies that had lobbied hardest for amendments. Privacy advocates therefore saw the central conflict as a battle between privacy and profit. Questions of surveillance and the threat of a "Big Brother" society also featured, though these were more relevant to legislation on data retention, CCTV surveillance and "smart border" controls. Business, by contrast, saw a familiar contest between regulators and the market. Defenders of freedom of expression, of access to information and of register-based research found themselves partly allied with business and partly left standing as bystanders.

A clash of legal cultures

The dispute was often described as a search for the right balance of interests, but it was more than that — a clash between two cultures of law-making. Freedom-of-information law rests on a presumption of accessibility, with exceptions that must be justified; the same holds for freedom of expression, where freedom is the general rule and restrictions must be defined. Privacy law is built the other way round, on a presumption that data may be used only in limited and specific ways, with some form of consent, and that any other use must be approved — so that one fundamental right, freedom of expression, is treated as an exception to another, the right to privacy. Peter Hustinx, the European Data Protection Supervisor at the EDPS, used the word "reconciliation" in trying to square the circle, writing in his opinion on the draft that "when reconciling the two fundamental rights the essence of both rights should not be impaired".

The colour of the windows

To achieve that reconciliation, Hustinx suggested deleting references to journalists, artists and authors in the draft's Article 80 on freedom of expression, arguing that the right was fundamental for everyone and that citizen bloggers also acted as public watchdogs. He further recommended that a substantive provision on public access be written into the regulation, since the draft mentioned access to documents only in its recitals, as a matter "to be taken into account". Joe McNamee, executive director of the privacy NGO EDRi, said he agreed with Hustinx "almost by default" but regarded such concerns as of minor importance: "Industry lobbying is trying to destroy the data protection fabric in Europe. You are asking about the colour of the windows when the house is being knocked down." A related account of the supervisor's warnings appears in the report on threats to access rights.

Frequently asked questions

What did LobbyPlag.eu reveal?

That many amendments to the EU's draft data-protection regulation had been copied, word for word, from proposals by IT companies and business associations, and tabled by MEPs without disclosing the source.

Was the copying confined to one side?

No. It appeared among both opponents and defenders of the regulation — a Conservative MEP drew a quarter of his amendments from industry, while a Pirate Party MEP drew a similar share from a digital-rights NGO.

Why did access-to-information advocates worry about the rules?

Because privacy law starts from a presumption of restricted data use, it can treat freedom of expression and public access as exceptions, potentially limiting the disclosure of documents held by public authorities.