This post is also available in: German

The European Data Protection Regulation has been fought over in Brussels for years. Now over 10,000 pages of internal records were received by the LobbyPlag team. They document in great detail how the ambitious data protection project has been undermined from the very beginning. In the forefront was the one nation that hardly anyone would have suspected.

We did the litmus test two years ago: With the aid of a database containing texts from lobbying groups we could prove that numerous drafts for directives and national legislation were not written by parliamentarians, but by industry and lobbying groups. Our honorable representatives merrily copied and pasted by the paragraph and then used these texts in the legislative process (Media Coverage part 1 & part 2).

After the EU Commission (in 2012) and the European Parliament (in 2014) had presented their drafts, it is now the Council’s turn to present its requests for changes. That wish list is enough to make your hair stand on end: 10,000 pages of internal reports have allowed LobbyPlag to reconstruct the efforts made by individual member states to sacrifice their citizens’ privacy to the interests of American IT companies and data dealers.

By analyzing all changes in the (most crucial) first three Chapters of the Regulation, LobbyPlag.eu has found that 132 of 151 (87%) changes by the Council were lowering privacy protections, 40 of them (26%) were even likely to lower protection below the current standard from 1995. Only 19 (13%) were leading towards more protection.

“We have to make sure that the quality of our standards remains undiluted, and that a high-quality common (…) data protection standard will be developed in the EU. That would be of the highest value for us.”

Angela Merkel

One country’s name in particular pops up time and again when lowering data protection standards is called for: Germany. Contrary to public lip service for a strong data protection “made in Germany” (we invented the term after all, as early as 1982) it is the German government whose input causes bewilderment among consumer advocates in Brussels.

Here’s the unequivocal message from 500 pages worth of confidential German cables:

Germany wants to get rid of the principle of purpose, for instance, that allows “personal data [only to] be collected and processed for specified and explicit purposes”, and “their subsequent use … only [to] be authorised in accordance with very strict conditions”. Likewise our government calls for unimpeded storage and “further transmission” of our data. When it comes to our most fundamental human rights, our government even finds it sufficient if the data gatherers make their own rules. This is diametrically opposed to the mantra we have heard in our media from the Chancellor and her cabinet.

“Our citizens’ rights and participation are at the very heart of our policies. As the digital age is upon us we will ensure data security and data protection.” 

From the coalition contract between the German ruling parties (CDU, CSU, SPD)

This hypocrisy is only made possible by the fact that the so-called “DAPIX” group only convenes in secret. Official delegates from 31 countries (EU and EER) are working on our civil rights without any public oversight.

We at LobbyPlag want to help make the process transparent, identify the salient change requests and point out which countries and which government officials they came from.  Time is of the essence, because the most important decisions of the EU council are coming up in the next few weeks, and so we have concentrated our analysis on the most important chapters (I to III) of the bill.

The reform of the EU data protection directive is one of the largest legislative projects of the alliance. It concerns the data of 500 million citizens, and it is about to define the rules for the digital future of our society. This is not just about consumer rights, but it is about our civil rights vis-à-vis our governments, because “further processing” is also done by the state and its agencies, and the data protection directive codifies that as well.

“The Internet is meant to allow free personal development and so enjoys our particular protection. (…) In the digital age privacy is more important than ever.”

Thomas de Maizière, Federal Minister of the Interior

That is why it is so important not to leave this to the politicians and lobbyists in far-away Brussels, but to have a public debate about it across society.

We hope that we have contributed to this debate with our data protection leaks.