Further deliberations on the Data Protection Regulation may be held in secret

UK MEP Baroness Sarah Ludford currently ranks sixth in the LobbyPlag database of MEPs proposing amendments to the General Data Protection Regulation that will weaken rather than strengthen privacy in Europe (with 70 such proposals). On June 20, following the first Snowden revelations, she wrote, "EU law will not in itself prevent the application of FISA... Thus the EU must at last resolutely press the case to the Americans that it is unfair for their own citizens to be protected by American constitutional and data privacy protections that EU citizens are denied."

Privacy advocate Caspar Bowden doesn't want complaints of unfairness; he wants to see real changes in the law. Yesterday he published a riposte to Ludford, accusing her of 'serious misconceptions and gaps.' He talks about the "the unwavering resolution which will be necessary to win real changes in the law and policy of the US government, without which the general data protection regulation will do far more harm than good." Without mentioning it, Bowden is talking about article 42 of the GDPR.

However, Ludford would seem to have been instrumental in the EC quietly dropping article 42 from the GDPR proposals back in January. Article 42 was known within the EU as the 'anti-FISA' clause. It stated, "No judgment of a court or tribunal and no decision of an administrative authority of a third country requiring a controller or processor to disclose personal data shall be recognized or be enforceable in any manner..." In other words, it is an anti-PRISM clause before PRISM became public knowledge.

Ludford introduced three separate amendments to article 42 of the GDPR, all of which would have weakened its safeguards. But the Financial Times has revealed that "the safeguard was abandoned by commission officials in January 2012, despite the assertions of Viviane Reding, the EU’s top justice official, that the exemption would have stopped the kind of surveillance recently disclosed as part of the National Security Agency’s Prism programme." This followed intense US lobbying. "Janet Napolitano, the US secretary of homeland security, also personally lobbied Brussels officials, according to one EU official involved in deliberations."

Since the existence of PRISM has emerged, there are growing calls for article 42 to be reinstated. But it's complicated. Most EU commissioners oppose article 42 believing that it would be impossible to enforce and will only make EU-US trade negotiations more difficult.

Now Dr Monica Horten, a Visiting Fellow at the London School of Economics and Political Science has warned that the EU may be on the point of making further discussions on the GDPR secret. "The responsible committee," she writes in her IPtegrity blog, "may be planning to take a short cut route to getting it adopted – a short cut that consists of secret back-room negotiations." 

The 'short-cut' is to invoke the 'trilogue' route. "Trilogues," she explains, "are an option in the legislative process, and they may have a place for laws that are not controversial. But these trilogues are held in secret, behind closed doors, and the only people allowed in are the rapporteur and his shadows, the Commissioner, the Presidency, and selected advisers from each institution. The trilogue discussions are not made public."

The European difficulty in reconciling European data protection with the NSA's intelligence gathering operation – while keeping everyone happy – may now be completed in secret.

What’s hot on Infosecurity Magazine?