[Advocacy Advisors] EU Data Protection Reform / "Right to be forgotten" softened
Amgine
amgine at wikimedians.ca
Fri Jan 11 20:21:53 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 11/01/13 11:38 AM, Jan Engelmann wrote:
> Hi James and Amgine,
>
> nobody denies that Wikimedia already applies privacy by design and
> by default, as intended by the Commission. But we should read the
> draft through European lenses and that means: the intention to
> apply a new gold standard of privacy matters to all data
> controllers. For us as consumers this is very good news. Regarding
> the necessities of an open platform, we should accurately analyze
> if there are any requirements we can't comply with.
>
> You will find the Art. 17.2 proposed by the EU commission on page
> 96 (left column)
>
> http://www.europarl.europa.eu/meetdocs/2009_2014/documents/libe/pr/922/922387/922387en.pdf
>
>
>
>
It says:
>
> "Where the controller ... has made the personal data public, it
> shall take all reasonable steps, including technical measures, in
> relation to data for the publication of which the controller is
> responsible, to inform third parties which are processing such
> data, that a data subject requests them to erase any links to, or
> copy or replication of that personal data. Where the controller has
> authorised a third party publication of personal data, the
> controller shall be considered responsible for that publication."
>
> Many law experts (IANAL) went nuts when they read this particular
> paragraph. The new Art. 2a (same page, right column) proposed by
> the rapporteur brings freedom of expression into play. So this was
> the basic message I wanted to give: the proposal is getting
> better, but still has to go through several stages of the drafting
> process. The Parliament is bound to find a common position until
> end of february.
>
> Regards, Jan
I believe the concern the law experts may have expressed is the
somewhat deliberate removal of the so-called 'safe-harbour' phrasing
which might otherwise protect WMF from infractions on specific projects.
However, if I understand the proposed article 6 paragraph 1a (new)
correctly[1], it would potentially cover any legitimate business
purpose which would, of course, allow the current datamining to
continue unabated so long as the individuals were in some way informed
that personal data was being collected for a legitimate business
purpose (such as serving more relevant advertising.) So the new
amendment at 17.2 and at 6.1a would, imo, severely weaken the privacy
protections.
I am happy to learn more about this important effort, but also
wondering if the Foundation is being asked to lobby as regards this
proposal or the Rapporteur's suggestions. (by the way, amendment 104
is *awesome*, in my opinion.)
Amgine
[1] 1a. If none of the legal grounds for the
processing of personal data referred to in
paragraph 1 apply, processing of personal
data shall be lawful if and to the extent
that it is necessary for the purposes of the
legitimate interests pursued by the
controller, except where such interests are
overridden by the interests or
fundamental rights and freedoms of the
data subject which require the protection
of personal data. The data controller shall
in that case inform the data subject about
the data processing explicitly and
separately. The controller shall also
publish the reasons for believing that its
interests override the interests or
fundamental rights and freedoms of the
data subject. This paragraph shall not
apply to processing carried out by public
authorities in the performance of their
tasks.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBAgAGBQJQ8HRhAAoJECWEXpXQfyMw88wH/Av7S5SVJuFoKdF3bjcyTmg8
5gydDHULWyt7aMoIsaYuUpIT8ALlCNBy3+BGkbMrI5JsNBOlYqTCXEM7v9jMN5n4
E4//1iP/HpZqDpGLXVhUPkVxDsNcPQsaFlh2Q1QVrL8BzqIndsfUAMhKUn93hGEl
Mv/k4iTy0c68McvQdme2VzpjC4sNs1gDjJ970CNyX16r5vyFFgyzeJ5Ke5HEnAjX
OlIR1LkLqnL3/zO5W31g4MnxCRztGNzzrcErFsVdeXOM+mW9qNKl3/W/00aqNLCt
MO0QWqZdfiHOVACyQhWxst5UOIY0ussgNPql/L12bIZ9FfuvNCXvh188Wg/NmcU=
=2FFy
-----END PGP SIGNATURE-----
More information about the Advocacy_Advisors
mailing list