Lobbies on dataprotection

From La Quadrature du Net
Revision as of 18:03, 15 February 2013 by Manu1400 (talk | contribs)
Jump to navigationJump to search

This page lists the different lobbies' s documents calling for an extensive definition of personal data, upon the adoption process of the European Commission's Proposal for a General Data Protection Regulation.


The indicated month is when the position has been sent to Members of the European Parliament.


Corporate associations

The Healthcare Coalition on Data protection gathers (CPME, CED, HOPE, FEAM, COCIR, EFPIA, GSMA, Continua Health Alliance), 29 January 2013

Press release of launch

  • CED: The Council of European Dentists (CED) is the representative organisation of the dental profession in the European Union, representing over 340,000 practicing dentists from 32 national dental associations and dental chambers in 30 European countries.
  • HOPE: the European Hospital and Healthcare Federation, is an international non-profit organisation
  • FEAM: The Federation of European Academies of Medicine (FEAM) represents national academies in 14 EU member states
  • COCIR: COCIR represents the Radiological, Electromedical and Healthcare IT industry in Europe.
  • EFPIA: The European Federation of Pharmaceutical Industries and Associations (EFPIA) represents the pharmaceutical industry operating in Europe.
  • Continua Health Alliance: Continua Health Alliance is a non-profit, open industry organization of healthcare and technology companies joining together in collaboration to improve the quality of personal healthcare
  • GSMA: The GSMA represents the interests of mobile operators worldwide.
  • CPME: The Standing Committee of European Doctors (CPME) represents national medical associations across Europe.

In this paper, the coalition asks to maintain special provisions for data processing for healthcare, research and patient safety, to clarify definitions for data concerning health and for consent given by a patient and to consider the potential unwanted consequences of the Right to be Forgotten in the healthcare context (erasing information on medical history, allergies, blood type...)

Future of Privacy Forum, January 2013

The Future of Privacy Forum is a Washington DC based think tank and advocacy group focusing on the topic of privacy. It is supported entirely by companies, including , Facebook, Google and Microsoft. The organization is run by Jules Polonetsky, the former chief privacy officer for AOL and Google Doubleclick and a member of the advisory board of the Center for Copyright Information, the industry-run organization in charge of the "6 strikes" graduated response system for copyright infringement in the US.

It published three papers in reaction to the proposed Regulation. The first one argues against the requirement of an explicit consent, pretending that such a consent would "burden individuals with difficult, complicated choices, which become a detriment to user interfaces and cause notice fatigue" and that "in many cases, consent that is implied from the context of a transaction or relationship is more meaningful than explicit consent.". The second one defends the dubious concept of "pseudonymous data" ; despite it recognizes the technical flaws of de-identification, it pretends privacy enhancing techniques have evolved enough to face these issues. The third paper focuses on the Regulation's territorial scope, criticizing the new "monitoring the behavior of EU data subjects" test (which replaces the previous "use of equipment within the EU" test").

International Chamber of Commerce, January 2013

The International Chamber of Commerce, based in Paris, has hundreds of thousands of member companies in over 130 countries. It published a paper in which it calls for lower administrative burdens, clarification on the definition of 'main establishment' and provisions in favor of international data flows.

AmCham, January 2013


Svenska resebyråföreningen, January 2012


European Envelope Manufacturers Association, January 2013


International confederation for printing and allied industries, January 2013

INTERGRAF urges to reject amendments 81 and 135, as it fears a law targeted at the digital world would impact the direct mail business, which also relies on collecting data and sending out mailings (albeit physical). Their claim is that no one is questioning the handling of personal data by postal direct mail operators.

European Small Business Alliance and Association for Competitive Technology, January 2013

1 2

First Data, December 2012

First Data

Eurofinas,December 2012

Eurofinas is the representing lobby for consumer credit providers in Europe. In this document, it's suggesting amendments to the ITRE draft opinion. Those amendments aim at reviewing the definition of personal data and date subjects in an extensive way, allowing the companies to process, use and disseminate personal data freely, without any obligation to inform its consumers.

Insurance Europe, December 2012

Insurance Europe is the representing lobby for Insurance Federations in Europe. In its comments and definitions on the ITRE draft proposal, it's pushing for a limitation of consumer's right to access their data, in the name of business and competition.

Leaseurope, December 2012

Leaseurope is the representing lobby for car rental companies. On the pretext of heavy administrative changes for its members and in the name of business, it's supporting the less protective amendments for citizens, denying them the right to control their data.

EuroISPA, December 2012


Association of Consumer Credit Information Suppliers (ACCIS), December 2012

Other : ACCIS Proposal for amendments to the proposed review of the EU’s Data Protection Legal Framework (April-May 2012) (44 pages)

EuroCat, December 2012


European Association of Search and Database Publishing, November 2012

EASDP is the representing lobby for directory publishers in Europe. In this paper, it asks to exclude the physical persons acting in their business capacity from the scope of the regulation and to make the publishers of personal data not responsible for the re-publishing of these data by third parties.

Insurance Europe, November 2012

1 2

Digital Europe, November 2012

Digital Europe is the representing lobby for European digital technology industry. Among its members stand Apple, Microsoft, Nokia... (see last page of their document). Among the 64 amendments proposed by the organisation, modifications are made to water down obligations concerning data breaches notifications to the data subject.

European Banking Federation, November 2012

The European Banking Federation is the representing lobby for European banks. As most of the other lobbies, its proposed amendments aim at softening obligations concerning data breaches 24h notification, limitation of profiling and procedure of consent. All of these amendments go against citizens fundamental freedoms.

European Magazine Media Association and European Newspapers Publisher’s Association, November 2012

1 2

Coordination Committee for the Medical Imaging, Electromedical Equipment and eHealth Industry, November 2012

1 2 3

Comité permanent des médecins européens (CPME), standing committee of european doctors, 30 Octobre 2012

CPME: "The Standing Committee of European Doctors (CPME) represents national medical associations across Europe."

European Association of Craft, Small and Medium-sized Enterprises, November 2012


The German Federal Bar, November 2012


Bitkom, October 2012

AmCham EU, October 2012

AmCham EU 2

BusinessEurope, October 2012


French Banking Federation, October 2012

GSMA/ETNO, October 2012


Confederation of Employers and Industries of Spain, October 2012


European Association of Search and Database Publishing, October 2012


Zentralverband der deutschen Werbewirtschaft, October 2012

Germany's advertising industry umbrella ogranisation (ZAW) makes several points which aim at weakening of some provisions. Some of these are:

  • Pseudonymized and anonymized data should be excluded from the scope of the Regulation.
  • More flexibility when it comes to sharing data with third parties.
  • Pseudonymised and anonymised advertising targeting must be an exception.
  • Leave room for self-regulation.

Handelsverband Deutschland, October 2012


Insurance Europe, September 2012


EuroCommerce, September 2012


Luxembourg Business Federation, July 2012


The German Federal Bar, June 2012

The Bundesrechtsanwaltskammer welcomes the new legislation but wants to make sure that it doesn't interfere in their work. Lawyers collect clients' data as a part of their everyday work. The secrecy obligation must be given precedence over any data protection regulations. The state must not have access or regulate the lawyer-client communication. The German Federal Bar proposes a few amendment changes which explicitly add lawyer-client scenarios to the exceptions where consent does not have to be confirmed, since the subject is very well aware of the data collection in such situations. It advocates that sectoral supervisory bodies should be allowed alongside or instead of territorial data protection control bodies. Lastly the Bunderechtsanwaltskammer want to add a sentence to Article 51: „The supervisory authority shall not be competent to supervise processing operations of courts acting in their judicial capacity” should according to the document be supplemented by „The same shall apply to the activities of lawyers”.

Digital Europe, March 2012

Digital Europe is the lobbying association of European technology producers. In their position paper (Note: see also their proposed amendments further above.) they claim to welcome strong water protection but advocate less paperwork and hence less regulation. Some of their main points include that privacy by design creates unnecessary bureaucratic costs, that the 24 hour data breach notification is similarly too costly to achieve and that administrative sanction create uncertainty and thus harm the industry. Further Digital Europe thinks that the proposed definition of personal data is too broad and that explicit consent is in many cases non-essential and even a big obstacle. The Commission and the DPA should not be granted any extra powers.


EU companies

Telefonica, December 2012

1 2 3

British Telecom, December 2012

British Telecom

Nokia, November 2012

1 2 3 4

US Companies

Microsoft, February 2012


Microsoft, ??? 20??


eBay, January 2013


eBay, December 2012


eBay, November 2012


Amazon, November 2012


Opower, October 2012

1 2 3

Facebook, March 2012

Facebook sent its recommendations for the IMCO draft opinion:

  • Introduction: “The new legislative framework should focus on encouraging best practice by companies like Facebook rather than on setting out detailed technical rules that will not stand the test of time and may be frustrating and costly for both service providers and users.” (page 1)
  • Facebook is opposing European cooperation of DPCs when it comes to enforcement of the law. They rather have only the Irish DPC to govern them. (page 3)
  • Data processors should be able to make limited decisions and not be seen as controller. (page 4)
  • Facebook opposes “privacy by default” settings. (page 4)
  • Facebook welcomes that users from the age of 13 can consent to data processing and wants to get rid of the definition of a ‘child’ being younger than 18. (page 5)
  • Facebook opposes the sections of the “right to be forgotten” that say that a provider has to inform other providers to delete information. Facebook also opposes that users can insist that information that others posted about them should be removed. (page 6)
  • Facebook opposed proposed legislation on a strict requirement for consent. (page 7)

“The highly prescriptive nature of the requirements for consent contained in Articles 4(8), 5(2) and recital 125 could potentially require more intrusive mechanisms to ask for consent for specific alternatives. This carries the risk of inundating users with thick boxes and warnings”.

  • Facebook opposed proposed legislation for “data breach notifications”. (page 8)

“...even the most minor breaches must be reported to the DPA. Facebook is concerned that this will not allow for effective prioritization of the most serious breaches.”

  • Facebook is pushing for easier data transfer out of the EU/EEA (page 9)
  • Facebook is strictly opposing heavy fines when data protection laws are breached and favors cooperative approach by the authorities.

“Facebook is concerned that the magnitude of potential fines will create I disincentive for innovation and associated job creation among internet service companies. This could be a major blow for the European Union given that the Internet sector is widely recognized as the major driver of job creation and growth in an otherwise moribund economic environment.” (page 10)
Facebook even argues that heavy fines will lead to less data protection and more cost for the state.

  • Facebook is opposing that the European Commission has granted itself too many possibilities for delegated acts.

Summary by Europe v. Facebook

Source: https://dataskydd.net/lobbydokument-i-parlamentet-om-dataskydd/ (Swedish)


Privacy International (PI), septembre 2012

Information Commissioner’s Office (ICO), UK, 12 February 2013

FRA, European Union Agency for fundamental rights, October 2012