Jan Philipp Albrecht is a member of the European Parliament for the Greens/EFA group and LIBE committee rapporteur on the data protection rules. He is member of the German party Bündnis 90/Die Grünen. He spoke to EurActiv's Jeremy Fleming.
The Parliament’s data protection paper already has a huge number of amendments attached to it. What are the main sticking points concerning this regulation?
Well, the most important goal of this reform isn’t to completely reinvent what data protection means, but to create a single framework on data rules for European member states. If we create such common rules, everybody – individuals, authorities – will know what their rights are and what obligations they have.
Especially when it comes to the online environment, it’s very important to clarify when people are dealing with personal data, or when they’re just handling information not linked to persons.
How can you create this distinction between “your own data” and data that’s open for use by industry?
There are distinctions to be made on private use of data. If I hand out my private contact details to you personally, it is clearly not for commercial use. On the other hand, if I give my personal data to a company – let’s say a social network – I should have a set of rights [that protects me].
These rights need to be respected by all who’s handling the data; for example if the data is passed on to advertisers.
In June, the story broke that NSA was spying on EU institutions, now known as the PRISM scandal. How did this impact the way that Parliament approached this paper?
[The scandal] has an impact. But MEPs are aware that we’re also discussing the broader issue: fundamental rights and privacy in general, especially when it concerns the issue of [governmental] intelligence. There is also a security debate behind it.
Another important impact on the debate is that all MEPs, politicians but also individuals now see the importance of having a common European legal framework. This protects our personal rights, also in the internet environment.
Information flow is cross-border by nature. Our data crosses the Atlantic or Pacific in milliseconds. And it falls under different jurisdictions.
We, the European Parliament, will need to deliver on this issue so people can trust the protection of their fundamental rights and their personal interests.
While these NSA revelations continue, the EU is in the throes of negotiating the TTIP trade agreement with the US. Commissioner Reding has said that data protection won’t make the agenda. Is it possible at all to negotiate this trade deal without touching on data protection?
No, I think the commissioner is right.
We need to make sure that we create common standards on data protection and online protection. But this doesn’t mean we can’t negotiate trade issues. It would make sense to do both at the same time and to set some conditions before furthering interoperability and integrating markets.
I also think Europeans need to insist that certain standards have to be respected by the US, before we move forward in other fields.
What aspect of the revelations have you found most disturbing?
Most of all, that there is a technical arrangement to analyse and weigh all our communication: our emails, the websites we visit, our online behaviour, etc. That is outrageous – a devastating situation.
We are now in the 15th week since these revelations came up and there’s no government standing up to stop this. While EU citizens expect a government to preserve the rights to privacy and to secrecy of communication.
Also, does it makes sense that one national intelligence agency is spying on citizens of another European member states. It is cold war experience and we should rethink that.
Isn’t it somewhat naïve to dismissing this as a cold war phenomenon? It has always gone on. Should we simply acknowledge that intelligence agencies check data, apart from the rule of law?
I agree that there are certain situations where intelligence is needed, for example to protect soldiers. But this is about what happens inside the EU. Information on what citizens do in their daily life: do we need this monitored constantly, and in blanket manner? I think that question isn’t answered properly at the moment.
Your plan is to reach an agreement in committee at the October plenary that starts on 7 October. How confident are you that you can make this deadline?
According to the planning, we will vote on the mandate in the LIBE committee then. We’d then move on to negotiations with the Council. Hopefully they’ll have their general position out by that time.
The final paper is set for the end of the year. We have a chance to finish it before the May elections. I feel people expect the MEPs to delivered solutions on this. We can’t wait; we need to give answers to these mass surveillance questions right now.
Critics would argue the MEPs are hooking on because it is a populist issue – good to run a campaign on – and that rushing it doesn’t deliver proper results.
I don’t see it as a populist issue. Have a look at how many years we’ve worked on this issue: we started to talk about reforming data protection laws at the start of our mandate [in 2009]. I think that everybody agrees we need this reform.
And this is not only in favour of citizens and voters, but also of European business. They expect the single market in Europe to be completed; they expect legal certainty across the EU.
What’s more, European businesses expect to be treated in the same way as foreign companies. At this point, we have such a lack of enforcement of the data protection rules, which leads to a benefit for certain companies that don’t comply with the rules. This needs to change.
On the other hand, the US is making the running in digital economy such as cloud computing or big data. There is a perception that Europe is simply putting up economic barriers. Is there any truth to that?
No, I don’t think that we’re protectionist in our approach. Our point is a simple one: having companies that come to Europe respect the rules of the common market. The different rules in member states – different interpretations even – should disappear with this package.
Of course, we need to discuss how to balance the rights of citizens and the concerns of business and authorities. In the end, it will be a win-win situation, benefiting companies coming to Europe to offer goods and services.
Even though the Commission has denied it, EU institutions are currently exempted from the rules. To the public and private sector, this doesn’t feel right: why should the institutions not be covered by the very rules they’re introducing?
You’re absolutely right and it is not entirely clear why they should be excluded. Currently, there are specific data protection rules on the EU’s supervisor, on EU diplomats and so on, which makes it unclear how all these new rules will be included in the regulation.
This has been a practical problem for the Commission and we’d expected they would have been able to solve this by now. We’re including a clear demand [in our report] to adapt the old rules to the new regulation.
You’re going to tighten the wording, then?
Exactly. It would be a wrong signal to send out if EU institutions were not bound to this.