Steelie Neelie: EU biz can use YOUR private data WITHOUT PERMISSION Businesses should be allowed to process part-anonymised, or pseudonymised, data without the consent of individuals whose data it is in certain circumstances, a senior EU official has said. Neelie Kroes, the EU Commissioner responsible for the Digital Agenda, said that companies should be able to process pseudonymised data …
From the looks of things the commission will be giving big business more access to the legislative process if this article is anything to go by.
Scary stuff.
http://corporateeurope.org/pressreleases/2013/12/leaked-proposal-eu-us-trade-deal-increases-business-power-decision-making
Here's the contact form for Barroso if anybody wants to get in contact with him to complain:
http://ec.europa.eu/commission_2010-2014/president/contact/mail/index_en.htm
Mrs Kroes seems to casually glance over the fact that most data collectors spend most of their time joining partially anonymised data sets - that's their whole business model. They will gather data points of a single ID in a database, creating a chain of events. The moment that ID makes the mistake of logging in at a site with a tracker, that anon chain of events suddenly ends up having an owner.
But there is one problem: we're dealing with probabilities - not confirmed facts.
This is a key problem: if a data gatherer screws up that process of association, you end up with a chain of events associated with you that may have nothing to do with you, yet you will only ever find out when it negatively impacts your life (by, say, being stopped by the TSA and not being a US senator so you cannot get that corrected).
No, Neelie, no.
" However, where profiling has been based solely on the processing of pseudonymised data it would be presumed that individuals' interests, rights or freedoms are not significantly affected."
What happens if that "processing of pseudonymised data" were to include deanonymisation?
Can you stop calling her 'Steelie Neelie', as if she really has a backbone and uses her strength in our defence?
She is clearly sold on the idea that we can trust businesses to act with our best interests at heart, and further sold on the magic properties of pseudonyms.
Sure, I trust that a pseudonym will protect me from any potential ill effects of a business correlating facts about me. Just as far as I trust that I can say anything as JustaKOS and no-one will ever be able to link it to the real me.
Yeah, sure.
Can you stop calling her 'Steelie Neelie', as if she really has a backbone and uses her strength in our defence?
I completely agree with this one.
And I have yet to receive a response from the EU commission as to their views on NHS related legislation that effectively allows the NHS to share our personal information without our consent if they deem that asking for that consent is too expensive.
Personally I don't believe that our privacy should be at the government's discretion. We are talking about an industry that makes billions each year and the idea that they can't spare the cash to ask first really beggars belief.
I am sure Mrs Kroes is great, but I have little or no interest in the words of unelected EU commissioners. In this Digital Agenda role, to which she was appointed, not elected, Mrs Kroes has power to pass laws affecting hundreds of millions of people, but can never be voted out. If the EU comission ever wants to get more than a big raspberry blown in their faces, they need to get some democracy.
but can never be voted out
Not strictly true - the entire commission can be sacked by a vote in the EU parliament (as happened back in 1999 with the commission headed by Jacques 'whiter then white' Santer). Of course there is no option to sack just an individual member of the commission IIRC - it's all or nothing, which is in itself wrong.
Where passing laws is concerned I believe a lot of that power does actually lie with the parliament which is itself democratically elected. It's the commission that has the power to propose legislation but it's the parliament that decides whether it should be passed.
If you ever want to write to your representatives at the EU parliament then I would strongly recommend using the writetothem.com website. You don't have to know their names, just your own postcode - the site will find the rest.
As for representing our interests the EU commission on the whole probably has a bit of a better reputation at protecting our rights than our own government does. Just look at the protracted fight the UK government put up in their fight with the commission over RIPA and implied consent for one example.
"Under those plans, businesses would have the right to use data that they collect from individuals more freely, and in accordance with the data protection regime, if they pseudonymised the information."
Can they sell it to the NSA? Can they sell it to other parties including European intelligence agencies and then to the NSA? How many parties removed from the original data gatherer must a downstream consumer be before the purchasers and the data are free of all restrictions?
How are those restrictions enforced? Who monitors compliance with them - especially after they've gone to a second, third, or fourth party?
To what degree do jurisdictional and geographical circumstances modify the operation of the restrictions? If the original data gather (or anyone further down the line) sells the data to an entity in, for example, South America or Asia, does the EU admit that the matter is out of their hands? How, in that case, is compliance insured and monitored?
Not everything here is very clear to me.
""Companies would be able to process the data on grounds of legitimate interest, rather than consent. "
Whose interest, precisely? That of the companies?
This would seem to be complete sell-out of privacy to the interests of mega-conglomerates.
Add to that the pesuodonymisation can trivially be reversed and this will allow any company to perform ANY processing of personal data WITHOUT the individual's consent, if the company (unilaterally) decides that the processing is on the grounds of "legitimate interest".
I was at the event and sat right in the front row for Kroes' speech (which was given by proxy via Prince Constantijn van Oranje-Nassau - not by Neelie herself). It seems to me this article is using some rather selective quoting. I am no fan of Kroes (in fact I am one of her biggest critics) but this article is somewhat misleading.
There are limited uses for pseudonymous data use within the LIBE draft - these edits were made by LIBE not by Kroes and have already been passed by LIBE (so there is bugger all Kroes can do about it). It is not Kroes fault these were passed, it is the fault of your MEPs who voted for them.
Kroes has always been industry friendly - this is not news, it was her cabinet who ran the OBA roundtables on cookies and pretty much single handedly introduced the implied consent situation we are currently in (I was part of those roundtables and walked out very vocally in protest at the industry bias the chair was showing). She has always supported pseudonymous data use and opt-out vs opt-in - but the real focus here should be on the MEPs in LIBE who added and voted for this amendment - it was not present in the Commission draft.
It is interesting to hear that LIBE actually put this stuff in rather than, as the article has it, merely backed the proposals.
And you're right that blame ultimately rests with the MEPs that we have voted in (and indeed with the MPs that we've voted in over the years that have allowed this to go on).
But the problem with correctly apportioning blame is that the culprits amount to thousands of politicians, civil servants etc, and there is no practical way that we can call them to account.
NK, on the other hand, is "the EU Commissioner responsible for the Digital Agenda" and is the person in whose name the speech was given. I feel quite entitled to criticise her directly for what she is propagating and to which she is giving her backing.
But you didn't hear the entire speech, just selective quotes.
Outlaw is run by Pinsent Masons, a significantly large law firm which almost definitely has a number of clients in the mobile telecoms industry - an industry that desperately wants to see Kroes discredited due to her stance on roaming which is set to cost the industry billions in reduced profits.
You need to look at the whole picture and follow the whole story not just snippets. I have been engaged in this entire fiasco from the start and have seen the dodgy dealings and lobbying first hand. Kroes is absolutely industry friendly, I have called her out on this many many times - as I said, I am no fan. But she is NOT responsible for the LIBE draft and she has no control over the EU Parliament or their Committees. Being EU Commissioner responsible for Digital Agenda doesn't make her responsible for the actions of the European Parliament - the Commission and the Parliament are two completely separate entities with a chasm between them.
Should we criticise Kroes for her industry friendly views - yes. Should we criticise her for being too susceptible to lobbying - absolutely. Should she be removed from her position in the Commission because she is compromised - of course. Is she responsible for LIBE - absolutely not.
Law firms don't just deal with litigation and contracts any more - many of the big firms receive significant funds to run campaigns which are set to discredit individuals or companies - this happens all over the world and is well documented. So try to be a little more open when reading industry propaganda instead of just accepting the snippets as fact.
This is the second piece in a few weeks that has been slanted obviously in favour of Pinsent Masons' clients. It REALLY is time for El Reg to stop giving OUTLAW any page space, given that they are not fair and unbiased reporters of the legal scene. It is paid propaganda, masquerading as unbiased coverage.
El Reg - please stop carrying them, it only harms your own image...
As for who actually put the pseudonymous stuff in there, I think you will find it was Jan Albrecht MEP - it was his draft that LIBE voted on although it had been significantly edited since his original. If my memory serves me correctly the pseudonymous exemptions were in his original draft. I called him out on this in Brussels last January but didn't receive a satisfactory answer, rumour has it he had been subjected to heavy lobbying on this issue prior to the draft being published but one would have to check his diary to confirm such rumours.
Don't take what I said above as an attack on Jan, he has been working incredibly hard with his staff to produce a workable solution, he is a pro-privacy guy - but on this particular point I think he got it wrong, seriously wrong - and my concern is this pseudonymous exemption renders the entire premise of privacy for EU citizens, void.
This clause will be massively abused and will become the default argument for processing data in exactly the same way as it is today.
So someone needs to tell as many people as possible that, due to the business models involved (where just ONE trace is all it takes), anonymity has become black-and-white. Either data is untraceably anonymous or it's not anonymous at all: nothing in between.
Makes me think to the general polarization of society in general, to the point that I can't help but think the ultimate outcome will either be NO anonymity (resulting in a police state) or TOTAL anonymity (resulting in anarchy).
Because the tool that can hide you from the government can also be used to subvert and destroy it. That's always been the dilemma of governments that give some sort of liberties: those very liberties can be turned against the government, so the government is basically underpinned on trust. Which becomes more complicated in a country like the United States which was founded on DIStrust of government.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
