European Union considering desperately needed new privacy law

Madison Ruppert, Contributing Writer
Activist Post

First off, if it was not painfully clear to my readers by now (which I find highly unlikely) I must point out that I am not big a fan of the European Union, a sentiment which I share with regular contributor and former Member of European Parliament, Richard Cottrell.

The destruction of national sovereignty and democracy is a deadly plague upon humanity which is aptly embodied by the European Union.

I wouldn’t consider myself a nationalist, but I do believe that every person should be able to live in a place where they can actually have a say in the laws of the land.

In the case of the EU, much of the legislation is decided by unaccountable individuals and the people who are affected by such legislation have little to no say in the matter.

However, the EU is now considering a massive new law that would require Internet companies like Amazon and Facebook (and hopefully Google, although that is not mentioned by the New York Times) to not only obtain explicit permission from consumers when it comes to the use of their personal data, but also force the companies to permanently delete the data at the customer’s request and face fines for failing to comply.

I hold the contention that any and all personal data should be owned by that person, and that person alone, and thus I have a strong opposition to any and all Big Brother technology and legislation along with the increasing use of centralized databases, especially when it comes to biometric information.

Any and all use of such data should be explicitly approved by the person and said person should be not only be able to demand all information be permanently removed from any and all databases, but also demand that all information be delivered to said person in whole.

Of course my view is essentially a pipe dream at this stage, given that there are very few restrictions on what companies can do with your data; and even with these lax rules, there is even less oversight into how exactly they handle your data.

Only when there is an egregious breach of privacy legislation do we hear about it, or when a massive corporation like Google makes a public change to their privacy policy.

“Companies must be transparent about what they are doing,” said the European Commission’s vice president for justice, Viviane Reding.

This new regulation being considered by the European Commission would force websites to inform their users of why exactly their data is being collected, and then only retain it for as long as necessary.

It is unclear what would dictate necessity, as Google would likely argue that it is necessary for them to store everything forever in order to serve more targeted search results and advertisements to their users.

If this personal data is stolen, sites would be forced to notify regulators within 24 hours, a stipulation which will likely be extremely unpopular and highly opposed by the companies affected.

I believe this to be the case, because it would not only be a major embarrassment for the company who had their data stolen, but also because in some cases a breach might not be detected within 24 hours, leading to possible fines or other retribution.

Of course, they will likely object to much of the rest of the legislation as well, although this is one point where I think their objections might be justified in part.

The new legislation would also protect the user’s right to remove and transport data from one service to another.

However, this would require some massive overhauls of privacy policies, especially for companies like Facebook which own all of your data forever, even if you “deactivate” your account.

“I am absolutely persuaded the new law is necessary to have, on the one hand, better protection of the constitutional rights of our citizens and more flexibility for companies to utilize our Continent,” Reding said.

The legislation is scheduled to be introduced tomorrow in Brussels, after which the European Parliament will deliberate on the proposal in upcoming months.

However, if the law is approved, it would not go into effect until 2014, leaving plenty of time for companies to change their privacy policies and services to comply.

Hopefully, such a large span of time between passing and it actually becoming effective would give enough time for Americans to push for similar legislation as well.

Yet since the lobbying power of corporations like Google and Facebook is so massive, it would likely require a staggeringly massive grassroots movement to give such legislation an actual fighting chance.
The government of the United States would also likely oppose legislation like this because it would diminish the amount of information they can obtain by ordering a company like Google to hand over all of the user information.

Such a large-scale intelligence gathering tool is unrivaled and I seriously doubt the Western intelligence community would be happy to see such a tool be restricted by pesky legislation.

The New York Times seems to be already joining the opposition to such important legislation by citing an anonymous European diplomat who claims that the proposed penalties could be as large as 2% of a company’s annual global revenue while also claiming that “many of the provisions are likely to be costly or cumbersome.”

Francoise Gilbert, a Palo Alto, California-based lawyer who represents technology companies who do business in Europe, summed up why companies will likely oppose this legislation in saying, “There is very little that’s good for the companies other than a reduction of administrative headaches.”

However, the failure here is to see that companies are supposed to be serving the customer, and as the old adage goes, “the customer is always right.”

That is, of course, until the customer wants his or her data to be protected and stored in a transparent way in which they have control over its use.

In that case, it appears that these corporations and those that represent them couldn’t care less about the customer and instead devolve to the tired, “if you don’t like it use something else” logic which Google is now forcing upon users with their no opt-out policy.

The New York Times points out that American corporations “have pushed for a system of self-regulation and regard European-style regulations as a hindrance to innovation.”

This is largely due to the tight-knit relationship between the corporate world and our legislators, which defines the American political system. This is not to say that the EU isn’t rife with corruption as well.

The Chief Operating Officer for European affairs at Microsoft, Ronald Zink, complains that it will be too hard for companies to obtain explicit consent.

He cited Microsoft’s Kinect system for the Xbox which records all of the body measurements of individuals who use it in order to easily visually recognize players who use it repeatedly.

Zink claims that this proposed legislation would disrupt player experiences. because it would require that players consent every time they played a game, even if the information collected was only stored locally on their console.

Zink says that this would require more time and effort on the player’s part, even though it would require no more than a single button click as confirmation from the user.

“We have designed the product to be private,” Zink claims. “We put a lot of thought into how this controls our work in terms of privacy by design.”

If this is true, it should be easy for them to simply integrate a prompt which requires confirmation from the player.

Also, if it is only stored locally and never leaves the device, I don’t see why it would be required for a user to give explicit consent every time the same data is collected and used.

While the legislation is not public yet, one can logically assume that it would require companies to make users aware of how their data is being used and get explicit permission to use it in this manner a single time unless new data is being collected or is being used in a way in which it was not previously.

Requiring confirmation every single time an individual uses a service would be ludicrous, as it would require Google to explain what they collect, how they collect it, what they use it for, and why, every single time you conduct a search.

I don’t think anyone expects them to do this. I think it would be much more reasonable for them to have to do it once per account; just like Microsoft would have to do just once per player, not every time the player uses the device.

Then again, as I previously pointed out, even if they did require it to be done every time, it would not be nearly as hard to do as they make it out to be.

It seems that the most contentious provision in the proposed European legislation is something called the “right to be forgotten.”

This means that users have a right to demand that their data collected by a site or service be permanently erased.

In an interview Reding said, “When a citizen has asked to get it back, then the data has to be given back. When an individual no longer wants his data to be processed, it will be deleted.”

Those who would like to see such legislation crushed claim that it is not as simple as hitting a delete key.

They say that data does not always remain in one location and cannot be easily withdrawn if transferred to another company.

However, this is operating on the assumption that companies should be able to do whatever they please with our data, moving it from place to place and company to company, selling it and trading it however they see fit.

I do not think that companies should have this right, thus such concerns on the part of these corporations should not even be entertained.

For instance, the New York Times give the example of a company licensing data to to a third party who would then use it to analyze social trends or market sentiments. However, once again they fail to point out that it is our personal data they are trading, not something that they have created.

The New York Times also attempts to make the point that it is less reasonable to expect someone’s credit history or employment record to be erased compared to shopping history on an online retailer like Amazon.

There are many technical problems with this analogy. So many that it is almost laughable to even try to make such a connection.

A credit history is required to get any line of credit. If someone requested that their credit history be erased, it would be nearly impossible (if not entirely impossible) to obtain any credit whatsoever.

Similarly, if someone wanted their employment records erased, potential employers would likely look at such a blank record which had obviously been erased and be highly suspicious and likely pass over the candidate.

Drawing this fallacious connection is somewhat like comparing erasing one’s family history to erasing your browser history. They’re really not comparable in any way.

It appears that corporations are so strongly objecting to this provision that they are already declaring that it simply will not happen.

“You’re not going to get a unilateral right for someone to say I want you to destroy all the information you have about me,” David Hoffman, the global privacy offer for Intel, said.

“It would be preferable for people to be able to post something and then realize they made a mistake and have it taken down. However, if you were going to do that by law, it’s not going to apply in all contexts, because of situations where it is perfectly reasonable to expect an organization to be able to keep the data,” he added.

Hoffman seems to be assuming the nonsensical position that states that our personal data is not in fact our personal data, but is instead a commodity which can be owned, traded and manipulated by corporations.

This is completely nonsensical and somewhat reminds me of the similar logic that is used in order to justify what is known as “exotic financial instruments;” the best known being derivatives (which are clearly explained in this video), and other instruments like credit default swaps, futures, and options.

It is similar in that in both cases someone is creating a product out of nothing, something which has no intrinsic value and something which in fact does not exist in a physical sense.

In one case they are monetizing our habits and activities on the Internet; in the other they are monetizing possibilities and obligations which have no intrinsic value whatsoever.

Instead of producing something people really need and use, these companies are profiting off of exploitation and deriving profits from the obligations and work of others.

Reding seems to have a much more reasonable grasp of what the right to be forgotten means than what the individual representing Intel seemed to get out of it.

“It is clear that the right to be forgotten cannot amount to a right of the total erasure of history,” Reding said. “Neither must the right to be forgotten take precedence over freedom of expression or freedom of the media.”

This means that you cannot attempt to leverage the right to be forgotten to get unfavorable blog postings or other information about you removed from the Internet when it is posted by other people.

Facebook will likely be one of the most formidable opponents to this legislation given that they have already gone toe-to-toe with European regulators over data retention.

Last year Facebook said in comments submitted to the European Commission, “There is a risk that an excessively litigious environment would impede the development of innovative services that can bring real benefit to European citizens.”

This is the typical – and in my opinion quite worn out – justification used by these companies.

The logic goes something like, “Don’t worry about us recording everything you do, storing the information and then doing whatever we please with it because we’re giving you cool products!”

It reminds me somewhat of the typical logic used to have people accept having their liberties stripped in the name of security. In this case the logic goes something like, “Don’t worry about being under surveillance, being groped by TSA, or illegally searched, we’re keeping you safe!”

European legislators hopefully will be able to see past the nonsensical logic leveraged by these corporations in an attempt to keep their stranglehold on our personal information.

It is only understandable that they would do such a thing, seeing as it is such a massive cash cow and an industry which only seems to be growing.

Maybe if the EU can get past the lobbying power of these industry giants and the easily corrupted nature of the modern political process in order to get this legislation passed it will put some pressure on lawmakers here in the United States to consider something similar — at least we can hope for as much.

I will be keeping tabs on this legislation as it becomes publicly available and it is debated. I especially encourage all of my European readers to put this on their radar and keep track of it as well.

If you have any comments, tips or corrections please do not hesitate to contact me directly at [email protected].

This article first appeared at EndtheLie.com

Madison Ruppert is the Editor and Owner-Operator of the alternative news and analysis database End The Lie and has no affiliation with any NGO, political party, economic school, or other organization/cause. He is available for podcast and radio interviews. Madison also now has his own radio show on Orion Talk Radio from 8 pm — 10 pm Pacific, which you can find HERE.  If you have questions, comments, or corrections feel free to contact him at [email protected]

var linkwithin_site_id = 557381;

linkwithin_text=’Related Articles:’


Activist Post Daily Newsletter

Subscription is FREE and CONFIDENTIAL
Free Report: How To Survive The Job Automation Apocalypse with subscription

Be the first to comment on "European Union considering desperately needed new privacy law"

Leave a comment