Three-way EU Big Data privacy wrestling match kicks off

Euro Parl, Commish, EU countries slip on singlets

The EU will take a big step towards finalising measures to protect its citizens' privacy today, as negotiators from member states, the European Commission, and the European Parliament will come together for the first time to thrash out an agreement on the EU’s planned data protection law.

The Parliament agreed its position on the draft law more than a year ago, but the council of national ministers fought bitterly over a common position, only reaching a grudging agreement earlier this month.

Many European countries are still concerned about aspects of the text, but felt it best to reach a compromise in order to move forward.

Cyprus, Italy, Belgium and Poland all have reservations and Austria said it wouldn't support any law that lowered data protection below the existing law.

Article 6(4) is one of the big sticking points. It allows companies to change how and what they do with citizens' data if they can show “legitimate interest”. However, some countries are concerned that “legitimate interest” is too vague and would leave the door open for companies to abuse personal information.

In terms of redress for citizens, the Council draft of the law removes the possibility of class-action for breaches of data protection and requires NGOs to complain to regulators, not challenge via the courts. The famous one-stop-shop that was supposed to simplify citizens’ right to redress if their privacy had been breached has also been mangled by the council.

Parliament removed the possibility of profiling citizens, but the council of ministers has put it back in, if governments can claim national security, defence, public security and or “other important objectives of general public interest”.

All these issues will be discussed in the so-called trilogue meetings, where the council’s shaky consensus could give the Parliament more bargaining power.

William Long, a partner at Sidley Austin, said the regulation would have “a very significant impact on businesses in the EU and those internationally, including in the US, that do business in the EU.

This regulation has a raft of new requirements, such as appointing data protection officers, and new rights, including a right of erasure, as well as fines for non-compliance of up to 5 per cent of annual worldwide turnover (gross revenue)”.

With such a big potential impact on business, it is no surprise that lobbying has not slackened off. Both ETNO (the European Telecommunications Network Operators association) and GSMA (which represents the interests of mobile operators) have called on legislators to repeal the ePrivacy Directive through the mechanisms provided in the draft GDPR.

This is possible by amending the proposed GDPR and to incorporate all relevant legal provisions on data protection into the new law.

ETNO chairman, Steven Tas, added that “the current definition of electronic communication services, for example, should be reinterpreted and applied to all actors providing similar services. This is an important topic, because it is not only about the competitiveness of traditional industries, but also about consistency with respect to consumers”.

With a big push on to get a final deal agreed by the end of the year, the Article 29 Working Party (WP29) — made up of all Europe’s national data protection authorities — has also weighed in.

“WP29 would like to stress first that it is important that the new regulatory framework should not lower the current level of protection and not undermine the core principles and rights currently provided in the Directive 95/46,” said WP29 chairwoman, Isabelle Falque-Pierrotin.

In a letter to the leader of the negotiations for the council, Falque-Pierrotin said compliance details should be left out of the new law and should instead come in the form of guidance by the European Data Protection Board and by Data Protection Authorities.

She also raised the issue of when people can be “singled out on the basis of identifiers or other information and could subsequently be treated differently” and to “what extent IP addresses and other online identifiers could be considered personal data”? ®

Narrower topics

Other stories you might like

  • Cheers ransomware hits VMware ESXi systems
    Now we can say extortionware has jumped the shark

    Another ransomware strain is targeting VMware ESXi servers, which have been the focus of extortionists and other miscreants in recent months.

    ESXi, a bare-metal hypervisor used by a broad range of organizations throughout the world, has become the target of such ransomware families as LockBit, Hive, and RansomEXX. The ubiquitous use of the technology, and the size of some companies that use it has made it an efficient way for crooks to infect large numbers of virtualized systems and connected devices and equipment, according to researchers with Trend Micro.

    "ESXi is widely used in enterprise settings for server virtualization," Trend Micro noted in a write-up this week. "It is therefore a popular target for ransomware attacks … Compromising ESXi servers has been a scheme used by some notorious cybercriminal groups because it is a means to swiftly spread the ransomware to many devices."

    Continue reading
  • Twitter founder Dorsey beats hasty retweet from the board
    As shareholders sue the social network amid Elon Musk's takeover scramble

    Twitter has officially entered the post-Dorsey age: its founder and two-time CEO's board term expired Wednesday, marking the first time the social media company hasn't had him around in some capacity.

    Jack Dorsey announced his resignation as Twitter chief exec in November 2021, and passed the baton to Parag Agrawal while remaining on the board. Now that board term has ended, and Dorsey has stepped down as expected. Agrawal has taken Dorsey's board seat; Salesforce co-CEO Bret Taylor has assumed the role of Twitter's board chair. 

    In his resignation announcement, Dorsey – who co-founded and is CEO of Block (formerly Square) – said having founders leading the companies they created can be severely limiting for an organization and can serve as a single point of failure. "I believe it's critical a company can stand on its own, free of its founder's influence or direction," Dorsey said. He didn't respond to a request for further comment today. 

    Continue reading
  • Snowflake stock drops as some top customers cut usage
    You might say its valuation is melting away

    IPO darling Snowflake's share price took a beating in an already bearish market for tech stocks after filing weaker than expected financial guidance amid a slowdown in orders from some of its largest customers.

    For its first quarter of fiscal 2023, ended April 30, Snowflake's revenue grew 85 percent year-on-year to $422.4 million. The company made an operating loss of $188.8 million, albeit down from $205.6 million a year ago.

    Although surpassing revenue expectations, the cloud-based data warehousing business saw its valuation tumble 16 percent in extended trading on Wednesday. Its stock price dived from $133 apiece to $117 in after-hours trading, and today is cruising back at $127. That stumble arrived amid a general tech stock sell-off some observers said was overdue.

    Continue reading
  • Amazon investors nuke proposed ethics overhaul and say yes to $212m CEO pay
    Workplace safety, labor organizing, sustainability and, um, wage 'fairness' all struck down in vote

    Amazon CEO Andy Jassy's first shareholder meeting was a rousing success for Amazon leadership and Jassy's bank account. But for activist investors intent on making Amazon more open and transparent, it was nothing short of a disaster.

    While actual voting results haven't been released yet, Amazon general counsel David Zapolsky told Reuters that stock owners voted down fifteen shareholder resolutions addressing topics including workplace safety, labor organizing, sustainability, and pay fairness. Amazon's board recommended voting no on all of the proposals.

    Jassy and the board scored additional victories in the form of shareholder approval for board appointments, executive compensation and a 20-for-1 stock split. Jassy's executive compensation package, which is tied to Amazon stock price and mostly delivered as stock awards over a multi-year period, was $212 million in 2021. 

    Continue reading
  • Confirmed: Broadcom, VMware agree to $61b merger
    Unless anyone out there can make a better offer. Oh, Elon?

    Broadcom has confirmed it intends to acquire VMware in a deal that looks set to be worth $61 billion, if it goes ahead: the agreement provides for a “go-shop” provision under which the virtualization giant may solicit alternative offers.

    Rumors of the proposed merger emerged earlier this week, amid much speculation, but neither of the companies was prepared to comment on the deal before today, when it was disclosed that the boards of directors of both organizations have unanimously approved the agreement.

    Michael Dell and Silver Lake investors, which own just over half of the outstanding shares in VMware between both, have apparently signed support agreements to vote in favor of the transaction, so long as the VMware board continues to recommend the proposed transaction with chip designer Broadcom.

    Continue reading

Biting the hand that feeds IT © 1998–2022