What is in the EU draft legislation on data protection?
17 Dec 2013
Hello and welcome to People First, the EPP Group's monthly program on issues with impact on people like you. Joining us to answer some of your questions is Axel Voss. He's a member of the European Parliament's Committee on Civil Liberties, Justice and Home Affairs, and you're also a member of the EPP Group.
Mr. Voss, it must have been a real challenge, it's taken such a long time to get a data protection legislation through committee, even.
Yes, it is a very complex issue, so we have to take care for public administration affairs, for the private business models, for the public itself, for big companies, small companies, for online and offline business.
So much input from so many so-called stakeholders from all around, right?
And this is why it's so difficult. And of course all these different political opinions and all these different political groups also. Such a complex issue to bring this all together. But we find a way, and I hope it's also very good for the people also, that we strengthen their rights.
Well let's find out a little bit more about the legislation before we go to the viewer questions. Here we go.
How to fight the Big Brother image of the Internet with out killing the golden goose - the growth of an online economy creating millions of jobs? It's a dilemma European policymakers have long been wrestling with. The European Parliament's proposed legislation has recognised that the so-called "Right to be Forgotten," the right to have your data erased from all internet platforms – would be virtually impossible.
Instead of the right to be forgotten, the legislation provides the right to erase. A website has to allow you to delete your data, but cannot be expected to ensure that data has been deleted throughout cyberspace.
The Parliament's legislation would give you more control over your data – requiring your consent for advertisers to use it. You the consumer would have the right to obtain your data from any service-provider you've given it to.
There would be new protection for children. The legislation calls for parent permission for the use of online data involving children under the age of 13.
The US Prism spying scandal has intensified calls for stronger European enforcement of privacy rights. EU-US talks are under way to seek a solution. On the EU side, action is limited, as regulation of national intelligence agencies is up to the member states to decide. But the parliament has added an "anti-net-tapping" clause, in which a firm must inform a user if his or her data is to be relayed to another country, such as the US.
What about that anti-net-tapping clause? It's a bit controversial, isn't it? Do you think that will survive, will that stay in the legislation, when it's approved finally?
The deletion of everything is one of the main issues for the people, for the citizens. And finding something like the deletion of everything that's in the internet, of your data, that's critical, because of technical feasibilities. And therefore the companies are doing copies and backups, and storing so much in archives.
So much redundancy. How do you deal with that?
Yes, and this is a problem, deleting data everywhere you have stored. And therefore the deletion itself, with a company you have a contract with, or a relation with, this is the main issue that we have in mind.
Let's go to our first vox pop question, and this very basic one on what others do with your data.
I am from Brussels. And I would like to know in what way can we control the data that are in the hands of a lot of entities, to know what possibilities there are of controlling, of deleting, of adapting.
How far does this legislation go in giving you control over your data?
It's concentrating a little bit on the first hand on the rights of the citizens. So for deleting, for rectifications, for copying and all these things that you can do with your data. And even saying, oh, I don't want to spread my data somewhere else. And on the other hand, the technical possibilities you have not very well developed. So you have a kind of a contract or a relation with one company. And so you also have the possibility to say please delete my data. But is this is spread on another channel, then we will be in trouble because we don't have the legal obligation anymore for all these people.
Therein lies that question, right to be forgotten, and the right to delete. Here's a question on that.
Hi my name is Peter Cox, I'm from London, and I'd like to get some assurances of the protection of my data on my computer. Can you give me those assurances? For example, if I was to close my Facebook account, can I be sure that every bit of data is really eliminated?
Now, anecdotally, I have a friend who closed his Facebook account, and later started it up again, and all the information was there.
So the main point here for this citizen is more or less that other people can't see any data again of his own data. And therefore yes, we say yes, you have to delete this data or the Facebook company has to delete this data. But going through all the archives, probably, this is not what we were asking for.
So, as you said, this is a balance of interests here, between the public right, but also the right to do business.
Yes, and the technical feasibilities.
There you go, so here's a question from the business side.
My name is Jacob. I'm an IT entrepreneur and a consultant. I'd like to know how we can get the most out of the internal market in all of this. I'm a little bit worried that my internet startup would have to worry to much about rules and regulations and wouldn't actually have time to invest in business, when we have to hire all these lawyers to keep up with all the paperwork that you guys will require of us.
Yeah, that's a toughie isn't it?
So, all that we are asking is to respect the privacy of the citizens, and respect the laws and obligations we have introduced now. And therefore I think we strike the balance for the business model, or the business-owned companies, and also for strengthening the rights.
So you don't think this legislation is going to stifle online business?
It is more complicated regarding administrative burdens. So therefore, yes you have to spend a little bit more money probably.
But at least you earn the trust of the citizens, that you are dealing with the data in a very proper way.
That's also very important.
Yes, it is, for the whole business.
Another angle is the question of children. How do we protect children from abuses on the internet. Let's take a look at one question on that.
Hi my name is Sarah Suzniak and I'm from New York in the United States, and I was wondering how the European Parliament is going to protect the children from online predators.
Predators. Does this legislation have to do with that?
No, not really. So we are trying to find rules on how you're dealing legally with data, and how the data flows into the internal market. And all that's illegal, this is a question of criminal law, and of course if you're not doing right with the data, this is criminal law. And therefore I think to protect children more on the internet, therefore we have to come with more police on the internet, with more law enforcement issues. But this is not the question of the data protection regulation, what we have to decide on. The illegal issues are still illegal, and therefore we have to find better ways to get a better law enforcement.
Another question on children, from a concerned mother, who just had a child.
Hello my name is Spella, I'm from Slovenia. And I would like to know how do you envisage to protect young children from accessing to data information or pictures that could harm their vulnerable lives.
So this has to do not with dealing with the information with what they might put on the internet, but the access to information. That is also maybe something that your legislation does not exactly deal with or can it?
We are trying to do a little bit for the children and minors. But it's also getting very complicated. Because the first duty of parents is to protect their children and also to look after them, what they are doing on the internet.
There's a responsibility in the home, too.
Yes, and the second question is then, so we said if a child is giving his consent to something, then probably it's not valid. So we are relying that the consent is given by the parents.
Yes, for children 13 and under, or under 13.
Yes, under 13.
That clause is specifically stated in your legislation.
Right. So therefore we are trying to protect them, but or less a kind of question of consumer law. It's not really dealing at least with data protection issues. And even business doesn't not know who is at the end of the line or sitting in front of the computer, and typing there something. So this is getting more difficult to put this in legislation. We are trying to do a little bit to protect children more than other people. But also we also have to look for the consumer rights, also, in saying please make sure that you are protecting children until they are 18.
Thanks, Axel Voss, for joining us and answering some of these questions on what's really a very complex issue.
That's it for now on People First.
Find out more about the activities of the largest political force in parliament by checking eppgroup.eu.
Until next time, thanks for watching!
What is in the EU draft legislation on data protection?
Legislation making its way through the European Parliament would strengthen the rights of EU citizens but would also avoid hurting online businesses. EPP Group MEP Axel Voss says the legislation aims to strike the right balance between the two concerns. The legislation also requires parental consent for children under 13 who want to use the internet.
EU, Germany, Axel Voss, data protection, EPP group, European Parliament, Brussels
Ioannis ZografosEPP TV Managing ProducerBelgiumIoannis.firstname.lastname@example.org+32(0) 2 284 18 45