European privacy regulation advances fueled by surveillance revelations

After a summer of revelations about U.S. surveillance, the European Union Parliament is moving ahead with privacy regulation that would restrict how Internet companies share user data with third parties, including government entities.

After a year and a half of discussion and lobbying, the European Parliament’s Civil Liberties Committee approved the regulation and a corresponding directive Monday.

The affirmative vote “is a breakthrough for data protection rules in Europe, ensuring that they are up to the challenges of the digital age,” the regulation’s manager Jan Phillip Albrecht said in a statement

Albrecht is a member of the European Parliament from Germany representing The Greens/European Free Alliance.

Under the regulation, an Internet company has to get authorization from national data protection authority and inform the affected users when they receive a request from a third party for user data – including from a government entity.

“This proposal is a response to the mass surveillance activities unveiled by the media in June 2013,” according to a Parliament release.

Companies that violate the regulation could face fines up to 100 million Euros or five percent “of annual worldwide turnover, whichever is greater.”

Companies should face “severe sanctions” if they violate the regulation, even if its at the behest of U.S. surveillance agencies, Albrecht said in a release on his German site.

The U.S. tech lobby had successfully lobbied against the regulation at first, but it saw a surge in support after this year’s revelations about U.S. surveillance, Jeff Chester, executive director of the Center for Digital Democracy said.

“Ironically, the law's most effective lobbyist was Edward Snowden,” the NSA contractor who leaked documents about the agency’s surveillance of telephone data and electronic communications, Chester said. 

“His revelations transformed what had been at death's door to a winning bill supported across the political spectrum in the EU.”

Chester said American tech companies “placed the interests of the American data collection industry before the civil rights of Europeans,” and “did weaken the proposal on consumer privacy.”

“There's a fight ahead as it is finalized,” he said. 

The Parliament will now negotiate with EU member countries’ governments, and if no agreements to adopt the regulation are reached by the EU Parliament elections in May, the full Parliament will vote on the regulation.

Some think the regulation doesn't go far enough. Privacy advocacy group European Digital Rights applauded the Parliament but said it was “shocked and disappointed that Parliamentarians voted to introduce massive loopholes that undermine the whole proposal.”

The group pointed to three successful amendments, which it says will create more opportunities for companies to process user data with user consent.

These amendments will create “an 'open season' for online companies to quietly collect our data, create profiles and sell our personalities to the highest bidder” said the group’s Executive Director Joe McNamee in a statement.

“Despite almost daily stories of data being lost, mislaid, breached and trafficked to and by foreign governments, our elected representatives adopted a text saying that corporate tracking and profiling of individuals should not be understood as significantly affecting our rights and our freedoms,” the group wrote.