Tuesday, March 26, 2013

GUEST POST How Liberal Democrats can help fight for privacy rights in Europe

Peter Bradwell, policy director for the Open Rights Group, asks whether the Internet will continue to be a kind of 'surveillance state' or if people will instead be given the tools to seize control over their personal information and how it is used. 

In the past year Liberal Democrats have had a good stab of standing up for citizens' privacy rights. The Deputy Prime Minister Nick Clegg demanded that the Home Office's 'snoopers' charter' be subjected to the scrutiny of a Joint Committee. Julian Huppert MP was a key figure on the Committee and was integral in highlighting the faults with the proposals.

All of this was underpinned by an active membership who worked hard to emphasise the illiberal nature of the Home Office's plans. That fight continues.

But another equally important front has opened in the fight for our privacy. This time the debate is unfolding in the European Parliament. The same principles are at stake. And just like with the Communications Data Bill, Liberal Democrats could play a key role determining what sort of law we end up with.

The Data Protection Regulation was proposed by the European Commission last January. It is now being considered by MEPs in the Parliament, with a number of committees voting on what amendments they would like to see. To simplify the seemingly complicated European policy making process, these opinions will be important in the negotiations. A more final Regulation will come out the other end of those negotiations. I'll come back to the committees, and why the Liberal Democrats have an important role, later.

Privacy law is not a fertile pasture for humour, so excuse this rather weak joke. My new favourite answer to the question: "What do you think about privacy online?" is: "I think it would be a good idea."

I did say it was weak. But the point is that we have surrendered control over when we give personal information away and over how it is used. Bruce Schneier is a well known security expert. This week he said "The Internet is a surveillance state. Whether we admit it to ourselves or not, and whether we like it or not, we're being tracked all the time."

Information about us spills from our devices and the services and apps we use, sharing the sites we visit, the things we like or comment on, the prices we pay, the people we contact and the places we go. Too often we do not control how and by whom our personal information will be used. Too often the data is not secure enough, with abuses and mistakes going effectively unpunished.

The mass of personal data we leave behind is increasingly used by institutions and organisations to make many important decisions about us. These profiles affect everything from the marketing offers we receive through to the credit ratings and insurance decisions we are subject to. The information feeds those who wish to learn about our movements, personalities, histories, relationships.

We do not have to acquiesce to this state of affairs. We should have no truck with arguments that about genies being out of bottles. Weak laws and weak enforcement helped to create this environment. A new and powerful Data Protection Regulation will help fix it.

It could give people more control over their data and hold those that collect and use it to account.  It would give us, for example, a stronger definition of consent, stronger rights to have our data erased, and enable us to find out about and challenge profiling. For more on the key issues, you can read the short briefing on our website.

The European Commission's proposed Regulation looks very promising. But it is coming under intense lobbying pressure from US data monopolies, the US government and the ad industry. They are seeking amendments that would, for example, weaken the definition of consent, undermine the rights to erasure and 'portability' and create broad 'legitimate interest' carve outs.

Some of these businesses are built on the absence of meaningful privacy online. They are telling law makers that we should not have stronger privacy laws because it would harm their business. The tail is having a good go at wagging the dog.

If these lobbyists get their way, we believe privacy rights for EU citizens would be severely undermined. We would forego a unique opportunity to build a data economy based on a respect for people's privacy. The Regulation could set the rules for the next 20 or so years.

Putting people in control of their data gives them a meaningful stake in decisions that affect them. It is a principle should be an integral part of a liberal democratic digital economy. The Data Protection Regulation is Europeans' shot at getting this principle into law.

Some Liberal Democrat MEPs have very important positions in this policy making process. And we are concerned that they may support the more worrying positions taken by those lobbyists opposed to stronger privacy rights.

For example, on 10 March Baroness Ludford wrote to the Financial Times saying:
concerns have been put to me about aspects that are inflexible, bureaucratic or not user-friendly by European academic and medical researchers, business-to-business marketing companies, telecoms suppliers, insurance groups and banks, the CBI and Federation of Small Businesses well as – yes – American IT companies.
Baroness Ludford's position is extremely important. She sits on the LIBE Committee, which is the lead Committee in the European Parliament for the Regulation. They will vote on an opinion next month. Members are currently considering their position. (For more information on the process and the Committees involved, see the guide from European Digital Rights.)

We were concerned at her failure to mention the interests and rights of citizens. Last week Open Rights Group and Privacy International wrote to Baroness Ludford, urging her to support a strong Regulation that gives people more control over their personal information. You can read our letter on the ORG blog. We will be meeting Baroness Ludford to discuss our concerns soon.

Data protection law can seem like an arcane, complex beast. And it sort of is. But there are simple principles at stake. The outcome of this process will settle whether the Internet continues to be a kind of 'surveillance state'. Or if instead people are given the tools to seize back control over their personal information and how it is used.

This is how Liberal Democrats in the UK can help us get a better law. If you want to see a strong Regulation that gives people more control over their data, contacting Baroness Ludford as soon as possible to explain why would be extremely useful. You can contact her at her European Parliament email address.

Peter Bradwell tweets @peterbradwell.

No comments: