Big Data is watching you

The industry lobby battle against ePrivacy

This week, MEPs on the Civil Rights Committee will vote on the ePrivacy regulation, which will determine how secure our data is when we are online. For the past 16 months, industry lobbies, including all those who collect or use citizens’ personal online data for advertising purposes, have been vigorously opposing new proposals on ePrivacy. On the other side of the debate, digital rights campaigners demand that citizens should enjoy optimum data privacy when online.

Industry has used tried and tested techniques straight out of the lobbyists’ playbook to influence the outcome of ePrivacy deliberations in the Commission and the Parliament. These tactics have included one-to-one lobby meetings, coordinating industry sign-up letters, mobilising corporate members, commissioning research to support industry positions, and holding or sponsoring elite events. A pro-privacy version of the Commission’s proposal which was leaked in December 2016 pumped further adrenalin into the corporate campaign, concerned about how its bottom line would be affected. Evidence indicates that member states in the Council such as Germany could be promoting industry positions.

Key to some industry lobbyists’ strategy has been the attempt to reframe the debate so that it is not about privacy but instead about media plurality, combatting fake news, and even the future of the internet, and they have regularly woven key EU buzzwords and policy mantras such as “better regulation” and “innovation” into their appeals to policy-makers.

Overall, one Parliamentary insider has characterised ePrivacy as

“one of the worst lobby campaigns I have ever seen”.

What is ePrivacy?

“We’ve lost control of our personal data,” said Tim Berners-Lee, inventor of the web on its 28th anniversary earlier this year.

Everytime you are online, via a laptop, computer, or smartphone, you are under commercial surveillance. Your digital data including the content of your emails, the websites you browse, and the purchases you have made, together with metadata (data which includes to whom, when, and where your communications are sent) is monitored and collected, including via tracking cookies and other mechanisms. This sensitive information is then sold on and used to target commercial advertising or political messaging at you, and can be used by governments too. EPrivacy must therefore ensure the confidentiality of your online communications. This can be done, for example, by banning interference in your communications (calls, chats, texts, Skype calls…); by making sure that settings on new equipment and software are designed and set at the highest privacy level ‘by default’; and that consumers who refuse to be tracked cannot be banned from visiting particular websites.

ePrivacy regulation

It was always clear that the topic of ePrivacy would be the focus of serious lobbying. Part of the Digital Single Market initiative, and closely related to the General Data Protection Regulation (GDPR) which was updated in 2016 after a long lobby battle (you can read Corporate Europe Observatory’s analysis of aspects of corporate influence on the GDPR here), the new ePrivacy regulation updates existing provisions (dating from 2002 and 2009) to take account of new and emerging technologies and platforms, and to harmonise it with the GDPR.

On ePrivacy, industry does not always speak with one voice. Telecoms companies are already subject to the current ePrivacy rules but newer platforms which enable you to communicate online such as Facebook, Google, WhatsApp, and Skype are not. Telecoms companies, already unhappy about the ePrivacy laws they must adhere to, would like them to be scarpped. Failing that, they at least want to level the playing field so that newer providers have to follow the same rules. The newer platforms would obviously prefer to keep things much as they currently are, and for ePrivacy rules not to apply to them.

Meanwhile the companies that provide online advertising fear that ePrivacy changes will undercut their current business model. This model relies on tracking users’ web-browsing, analysing metadata and content in communications, and monitoring the use of TVs and other devices, so that advertising can be targetted. The online advertising and marketing lobbies have closely collaborated on the ePrivacy dossier with newspaper and magazine publishers who are increasingly reliant on online advertising revenue derived in this way. Facebook and Google, to name just two, are also heavily reliant on surveillance-based advertising revenue, earned by monitoring users’ electronic communications.

On the other side of the debate, the European Data Protection Supervisor (the EU's independent data protection authority), digital rights campaigners and consumer advocates point to the fundamental rights laid out in the EU treaties, especially on data privacy and the right to a private life. BEUC points out that “consumers should have the possibility to use online services without being under constant commercial surveillance”. Public opinion appears to back this approach. In the Commission’s consultation on ePrivacy, 81 per cent of the individual citizens who responded demanded ‘privacy by default’ settings to be activated on all new IT equipment. According to a Eurobarometer survey, 89 per cent of its respondents agreed with that suggestion. By contrast, a majority of industry respondents to the Commission’s consultation favoured self- or co-regulation instead.

Industry lobbyists on ePrivacy

(All data from LobbyFacts as of 6 October 2017)

Lobby organisation

Members include...

Annual (self-declared) lobby spend

Number of lobbyists (as full-time equivalents)

Number of Commission meetings (on all topics, with top officials) since December 2014

Computer and Communications Industry Association (CCIA)

Amazon, Facebook, Google, Intel, Mozilla, Uber...

€300,000 - €399,999

(2015)

2.75

39

DigitalEurope

Apple, Google, HP, IBM, Microsoft, Sony...

€1,900,000

(2016)

9.75

107

European Association of Communications Agencies (EACA)

DB Europe, McCann Erickson, Saatchi & Saatchi, Ogilvy...

Less than €9,999

(2015)

1.75

4

European Digital Media Association (EDiMA)

Apple, Ebay, Facebook, Google, LinkedIn, Microsoft, Twitter...

€100,000 - €199,999

(2015-16)

3

20

The European Interactive Digital Advertising Alliance (EDAA)

EACA, EMMA, ENPA, FEDMA, IAB Europe...

Less than €9,999

(2015)

0.25

3

European Magazine Media Association (EMMA)

National associations + Axel Springer, Hubert Burda Media, Roularta Media Group...

€400,000 - €499,999

(2016)

5.25

46

European Newspaper Publishers’ Association (ENPA)

Not available

€340,000

(2016)

4

35

European Telecommunications Network Operators’ Association (ETNO)

BT, Deutsche Telekom, Orange, Proximus, Telefónica...

€1,000,000 - €1,249,999

(2016)

3

51

Federation of European Direct and Interactive Marketing (FEDMA)

National associations + eGENTIC, Havas, Merkle...

€50,000 - €99,999

(2016)

1.5

9

GSMA Europe

Deutsche Telekom, Orange, Telecom Italia, Vodafone...

€1,000,000 - €1,249,999

(2016-17)

6.75

33

Interactive Advertising Bureau (IAB) Europe

IAB national associations + Atlas by Facebook, Google, Microsoft, United Internet Media...

€300,000 - €399,999

(2016)

2.75

9

Industry lobbyists warm up

In the run up to the publication of the Commission's ePrivacy regulation in January 2017 there were a host of industry lobby initiatives following on from the Commission’s consultation process. And while some individual companies held behind-the-scenes lobby meetings with senior Commission officials during 2016 (Deutsche Telekom had five meetings; Facebook, two; Google, three; and Microsoft, five), many left it to their respective trade associations to lead the public charge.

Large parts of the tech and telecoms industries have been opposed to the whole concept of a revised ePrivacy law. Trade associations representing app developers, publishers, telecoms companies, advertisers, and other digital service providers publicly united to demand that the ePrivacy Directive was simply repealed. A statement issued in July 2016 included 12 trade associations who argued that because the new proposal would overlap with the GDPR, the existing ePrivacy directive (which industry often refers to as the “cookie law” to undermine its privacy value) could be simply scrapped rather than updated. This was an ironic argument for industry to make, considering that many of them had lobbied hard (albeit mostly unsuccessfully) to gut the GDPR. The lobby groups were careful to reference REFIT, part of the Commission’s controversial deregulation drive, and another EU buzz word “innovation”, in their argumentation as to why a new ePrivacy law is not needed.

Telecoms trade body ETNO (European Telecommunications Network Operators' Association) followed up in early September with a study conducted on its behalf by law firm DLA Piper which (surprise, surprise) backed ETNO’s view that “the ePrivacy Directive is outdated and no longer needed.… Most of its provisions, if not all, should therefore be repealed.” Commissioning studies from think tanks or law firms which end up supporting your case is a familiar lobby tactic in Brussels.

Another familiar tactic is organising high-profile conferences. The invitation-only ETNO conference in September 2016 saw Digital Single Market Commissioner Andrus Ansip and (then) Digital Economy Commissioner Günther Oettinger, together with Roberto Viola (Director-General of the lead department for ePrivacy, DG Connect) speaking to the telecoms industry. Just a couple of months later, a further telecoms industry conference, this time organised by ECTA (European Competitive Telecommunications Association), brought together Ansip, Viola, and many of the key industry lobbyists again. Yet another conference in December 2016 specifically on data protection and ePrivacy, sponsored by Microsoft and Deutsche Telekom among others, brought together lobbyists, DG Connect officials, and Věra Jourová, another EU Commissioner with oversight of this topic, thanks to her consumer protection portfolio.

But not all interactions took place in these large fora. An evening meeting between Oettinger, the board of the magazine publishers association EMMA, and a delegation of European publishers sounds rather more intimate, and was then followed by a Q&A with EMMA members. Other invitation-only events, and private lobby meetings all provided ample opportunities for industry to ensure that the Commission knew its positions on ePrivacy during the proposal drafting phase.

In 2016 there were at least 41 lobby meetings held with Commissioners Ansip or Oettinger, their cabinet members, or Director-General Roberto Viola, which clearly included discussions on ePrivacy. Of these 41 meetings, 36 (88 per cent) were with corporate interests and only 5 were with civil society, indicating a high degree of corporate bias. This very much fits with the pattern of corporate privileged access previously exposed by ALTER-EU which showed that Oettinger and Ansip, responsible for ePrivacy in 2016, were the Commissioners with the second and fourth highest proportions of corporate meetings, with 83 per cent and 78 per cent respectively. In fact, as Politico has pointed out, Oettinger, who “won the gratitude of some of Europe’s telecom giants and big media publishers”, continued to meet with lobbyists from the tech world in 2017 despite being appointed to an entirely different portfolio (the EU budget) in January.

However, the figure of 41 meetings is likely to be an under-estimate. Commission-organised stakeholder roundtables do not seem to be included in this list, while many other private lobby meetings may well have touched upon these issues (on data protection or the Digital Single Market, for example), but did not include ePrivacy on the reported agenda. This number also excludes the meetings held by officials not subject to the Commission’s proactive transparency rules, namely the entirety of DG Connect, aside from its Director-General.

On 23 November 2016, Ansip met with a group of seven industry lobby groups - interactive advertising (IAB Europe), publishers (EPC), magazine publishers (EMMA), newspaper publishers (ENPA), communications agencies (EACA), direct and interactive marketing (FEDMA), and interactive digital advertising (EDAA) - specifically on ePrivacy. This meeting followed a joint letter to Ansip and Oettinger from IAB Europe and EMMA, with the support of over 90 European publishers, which typifies the attempts of the industry to reframe the political debate on ePrivacy. The advocates of the letter argue: “Media plurality, and ultimately functioning democracies, depend on media having diverse revenue streams. These must include advertising.” The letter invokes moral arguments to defend what is, in fact, simply a current business model based on tracking, and implies that it is the only viable form of online advertising. (A recent blog by digital rights campaign EDRi dissects the key arguments of proponents of the tracking-based advertising model and discusses alternatives.) The industry letter, once again, cites the Commission’s Better Regulation (deregulatory) agenda, a key EU mantra, and argues for voluntary rather than legally-binding regulation.

Leaked proposal provokes lobby flurry

By December 2016, the ePrivacy debate was really hotting up, and then a leaked version of the Commission’s proposed regulation (complete with spelling mistakes, a sure indication it was not the final version) appeared on the Politico website around 12 December 2016. While digital rights activists mostly welcomed the proposals, there was another flurry of furious lobbying when industry discovered the leaked draft contained several proposals which were anathema to it. (For an overview of the leaked proposal, The International Association of Privacy Professionals and The Data Protection Network published analyses at the time.)

IAB Europe led industry reaction to the leak, telling the Financial Times, without any sense of hyperbole, that the leaked Commission proposal was “putting at risk the entire internet as we know it”, a reference to the proposal in the leaked version that users should give prior permission to receive targetted advertising.

Days after the leak, the consumer rights umbrella group BEUC wrote to Ansip and Oettinger and President Juncker on ePrivacy. Without referencing the leaked proposal directly, BEUC expressed support for some of its key elements and held a meeting with Oettinger on 20 December which included discussions on ePrivacy. But BEUC was seriously out-gunned by the numbers of corporate lobbyists accessing decision-makers around this time.

On 19 December 2016, an informal coalition of at least 14 heavyweight industry trade associations met with Commissioner Ansip directly. This meeting was fortuitously scheduled, coming only a few days after the leak which had been causing such a stir. While the meeting was ostensibly about the implementation of the GDPR, it would have been a good opportunity to raise the leaked proposal. Attendees included the European Round Table of Industrialists (ERT), telecoms trade body ETNO, BusinessEurope, DigitalEurope, IAB Europe, CCIA, FEDMA, and others.

In fact industry lobbied all the way up to Christmas 2016 to push its agenda. On 20 December, ETNO and GSMA publicly wrote to Commissioners Timmermans, Ansip, Oettinger, and Jourová criticising what they called the “restrictive and conservative policy approach” in the leaked regulation, including “the reliance on consent on consent”.

On 22 December, DigitalEurope issued a public statement to criticise the leaked proposal as “undermining the balance of the digital ecosystem… disproportionate and… likely to be ineffective”. The statement made 11 separate criticisms of the leaked draft, including on ‘privacy by design’ and cookies. It was signed by 12 trade associations including AmCham EU, EACA, EDiMA, FEDMA, and IAB Europe.

On the same day, a separate but overlapping group of trade associations, this time of European publishers, the digital advertising industry, and direct marketers, and which included EMMA, ENPA, EACA, FEDMA, and IAB Europe, wrote to Ansip and Oettinger to express their concerns especially about “the proposals on browser settings, third party cookies and privacy by design”. The letter repeated the demand that they would just prefer to see the whole ePrivacy rules binned, “as the first, best option”.

A freedom of information request to the Commission to request minutes of industry lobby meetings on ePrivacy has remained (at the time of writing) unanswered, four months after it was tabled, so we do not know the detail of what was discussed in any of the meetings detailed above. But it is safe to assume that by the time ePrivacy officials and Commissioners left for their 2016 Christmas break, they would all have been exceedingly clear about industry’s demands.

Commission’s final proposal

On 10 January 2017 the Commission published its final proposal and some key things had changed since the leaked draft. Absent were proposals to ensure default ePrivacy settings on computer equipment, and to allow the equivalent of US-style class actions to make mass privacy complaints. Included was a weaker definition of metadata.

La Quadrature du Net, an NGO defending digital rights, said at the time: “This regulation proposal does have some interesting elements but it doesn't challenge the economic model of the digital industry based on the exploitation of personal data. So, last minute concessions given to advertisers and telecoms are already too big considering there are still months left of negotiations where lobbies of the industry will have all the time to undermine the text. At this time, the proposal doesn't address the concern of EU citizens on the protection of their electronic communications.”

EDRi took a similar line, stating that the text “seems to have [been] watered down considerably… the official draft proposal released in January 2017 falls far short of that earlier text in certain key areas” but also noted that the “European Commission has resisted the most extreme demands from certain parts of industry”.

It is impossible to say exactly what impact all the heavy corporate lobbying had on the final Commission proposal. It seems that the changes between the leaked and final versions were instigated at the Cabinet (rather than DG Connect) level and that the advertising lobby had been especially influential. Certainly lobby groups promoting the tracking-based advertising model were very active during this period, and a comparison of the leaked and final proposals makes it clear that the Commission did change the text in ways with which industry lobbies would have approved. The leak occurred during the intra-Commission consultation on the proposal and it seems a plausible, although unproved, theory that the leak came from pro-industry forces within the Commission who were keen to generate sufficient outrage from industry so as to extinguish proposals seen as being too pro-privacy. The final proposal indicates that industry lobbyists won the day on some important issues.

Nonetheless, advertising lobby group IAB Europe maintained its hard-line stance in its post-release public statement which continued to demand the “repealing [of the] outdated and unnecessary cookie law”. Similarly EMMA and ENPA (representing magazine and newspaper publishers respectively) seemed angry that their lobbying, which they referred to as “a significant number of meetings and exchanges with the European Commission”, had not delivered what they wanted.

Industry lobby switches focus to MEPs

The industry lobby bandwagon now headed to the European Parliament where Estonia’s Marju Lauristin MEP (Social Democrat) became Rapporteur on the dossier for the Civil Liberties, Justice and Home Affairs (LIBE) committee. As a previous Shadow Rapporteur on the GDPR, Lauristin was already well versed in the arguments on both sides of the debate and was likely to steer through a pro-privacy approach. With Lauristin returning to national Estonian politics by the end of the year, completing the report rapidly became an urgent task.

Throughout 2017 industry has maintained its lobby pressure via a series of one-to-one lobby meetings, sponsored events, industry sign-up letters, cocktail debates, and roundtable discussions with MEPs. MEPs on the relevant committees were being bombarded with demands from industry to read briefings, hold lobby meetings, and table draft amendments. If the lengthy GDPR debate was the biggest ever EU lobby battle on tech issues, the ePrivacy dossier has run it a close second and the lobbying has been intense. Rapporteur Lauristin and her staff have held over 140 meetings with lobbyists on all sides of the debate and in total, over 800 amendments have been tabled. La Quadrature du Net analysed the amendments and highlighted a cluster of MEPs from the EPP and ECR groups (centre right/ right wing) who adopted a pro-industry, anti-privacy perspective.

In early summer 2017 MEP Rapporteurs and lobbyists packed into a small room in the Parliament for one of a series of roundtables to try to move the ePrivacy debate forward. Every seat was taken and as the temperatures in the cramped room rose, so did tempers. Some industry lobbyists’ behaviour at that meeting was subsequently described as “rude”, “impolite”, and even “aggressive”, especially when they interrupted other speakers, or made dismissive comments about others’ interventions.

The Digital Assembly 2017 was held in Valletta in June. Organised by the Commission and the Maltese Presidency of the Council of the EU, it provided a lobby opportunity for those working on various aspects of the Digital Single Market. Packed with Commission officials, member state and permanent representation staff, and key MEPs on the ePrivacy dossier (including Lauristin and Shadow Rapporteur Michał Boni), the tech industry lobby was out in full force. While NGOs represented a handful of delegates, DigitalEurope sent six; Google, seven; Microsoft, four; Vodafone, five; Telefónica, four; and Apple, three; while a number of lobby firms including APCO, Cabinet DN, Cambre, Edelman, FTI Consulting, Hanover, and Kreab, were also among the delegates.

Also in June, the Developers Alliance and IAB Europe held a round-table discussion in the European Parliament on “The impact of the proposed ePrivacy Regulation on the data-driven ecosystem”, with MEPs Michał Boni and Daniel Dalton. The event was framed as how the draft ePrivacy regulation would impact upon “innovative companies”, innovation being a key EU policy mantra which is often used to mean that nothing must get in the way of business doing business.

In a blog to review the event IAB Europe’s Chief Executive slammed Lauristin’s draft LIBE committee report as taking an “extreme approach”, and asked whether the new ePrivacy rules, especially in the light of the MEP’s report, would “kill the online advertising business model” or “just handicap it”.

In fact, by criticising the “environment of hysteria over tracking that currently grips Brussels” in a different blog, it seemed as if IAB Europe was not afraid to have a pop at anyone with opposing views. This seems to include the European Data Protection Supervisor, the EU's independent data protection authority. It has supported tougher privacy protections throughout this process and has recently taken on the arguments used by supporters of surveillance-based advertising.

By September 2017, pro-privacy MEPs’ frustration with industry lobbies publicly surfaced at a debate on “How the new privacy rules might impact a free and independent press”, organised by EMMA (magazine media) and EDAA (interactive digital advertising). According to IAPP’s report on the event, LIBE Rapporteur Lauristin told industry:

“It is important to have a dialogue, but I am sorry to say it feels like we are listening to you, trying to take into account what you say, and yet we see no change in your responses.”

Liberal MEP Sophie in 't Veld challenged industry’s attempt to reframe ePrivacy in its own interests, saying

“Privacy is a fundamental right. It is on a par with other fundamental rights, it’s not a political position. So whatever business models you develop you will have to respect that right. It is not negotiable. Full stop.… Every time we pass a piece of legislation, I hear the same cries of alarm saying it is going to kill this or that industry. If that was true every time, there would not be a single business left in Europe, so let’s not dramatise.”

Even Martin Selmayr, President Juncker’s Chief of Staff, has warned industry that lobbying around exaggerated claims would not work, according to a report in Politico. “I’ve seen this ‘end-of-the-world scenario’ before… I’d advise not to go into another five years of lobbying”, in a reference to the GDPR, he apparently told tech lobbyists.

All in all, the approach of some industry lobbyists has really alienated some MEPs. A parliamentary source speaking to Corporate Europe Observatory anonymously characterised overall industry lobbying on ePrivacy – especially by the online advertising and media lobbies – as “always aggressive” and as “one of the worse I have ever seen”.

While the civil liberties (LIBE) committee has lead responsibility for ePrivacy, several other committees have now finalised their opinions. EDRi and La Quadrature du Net criticised the final opinion of the Internal Market and Consumer Affairs Committee (IMCO) for supporting the bypassing of users’ consent. EDRi criticised the “avalanche of broadly pro-Google lobbying” focussed on IMCO which led to its final opinion reducing the scope of the ePrivacy regulation and weakening the safeguards for citizens’.

The Industry, Research and Energy (ITRE) Committee has “proposed a mix of positive and negative changes to the text”, according to EDRi, while La Quadrature du Net called it “pretty much the same calamity” as the IMCO report.

A third committee, Legal Affairs (JURI), has also produced an opinion. The Rapporteur, centre-right MEP Axel Voss, produced a draft opinion which was packed full of pro-industry amendments and argued that the ePrivacy proposal should “refrain from focusing on consent”. In the end, Voss’ report was so heavily amended by pro-privacy MEPs that he asked to have his name removed from it.

Member states get ready for ePrivacy Council debate

As is usually the case in EU decision-making, the situation in the Council is more opaque than in the Parliament. Member states are handling this dossier slowly and delegations are still checking legal issues, including how the ePrivacy regulation fits with the GDPR. A final Council position is not expected until the end of the year. But there are some worrying signs, including that this dossier is being handled by telecoms officials from member states (via the Telecommunications Working Party) which could imply that positions are more likely to be pro-industry. By contrast, the GDPR was handled by data protection officials.

The Council debate on privacy issues has been underway for some time. A May 2017 progress report from the (Maltese) Council Presidency stated that “A number of delegations would welcome more thorough analysis of the impact... on specific market players, in particular on online advertising companies and/or on business models using third-party cookies.” A discussion was due to be held on 10 July to specifically discuss overlaps with the GDPR and cookies; the Council has said that minutes of this and other meetings of the Telecommunications Working Party do not exist.

Over the summer of 2017 delegations shared their emerging positions with other member states. According to papers passed to Corporate Europe Observatory, a group of countries (Greece, Portugal, Latvia) have made proposals to toughen up the Commission’s privacy proposals.

However Germany is already mooting a possible dilution. A position paper on ePrivacy drafted by the German Government which was dated August 2017 and circulated to member state delegations, stated that provisions on tracking cookies and consent needed to be “carefully reviewed and be discussed in much more detail”. It continued: “These are provisions are highly significant for both companies and private individuals alike. These provisions need to protect the right to informational self determination. At the same time, they must not preclude the development and use of legitimate business models; this notably applies to business models that ensure access to information that is influential on user’s opinion. The relevant provisions ought to be practical and reflect the interests of users and service providers alike.” [Emphasis added.]

This will be a red flag to digital rights activists, but will perhaps not come as any great surprise. Corporate Europe Observatory has previously written about the lobby influence of the German publishers’ lobby, the power of the Spanish telecoms sector, and the willingness of these member states to absorb industry positions as their own. The BDI (the Federation of German Industries) has recently lobbied MEPs on the LIBE committee about what it called the “disproportionate provisions” on ePrivacy currently being discussed.

The most recent draft of the (Estonian) Council Presidency’s proposal on ePrivacy, dated September 2017, does not make substantial proposals for change to the privacy provisions, although proposing to extend the period of time for which users might be reminded to check their privacy settings from 6 to 12 months, is perhaps a worrying sign.

Furthermore, there is some suggestion that member states will insert new security provisions to require companies to retain consumers’ data, which will be controversial with both MEPs and citizens. However, overall the jury remains out in terms of how Council will finally position itself on ePrivacy.

Next steps

MEPs on the LIBE committee will vote on 19 October 2017 on MEP Lauristin’s report, whose pro-privacy approach is expected to remain intact despite the industry lobbies’ overwhelming effort to undermine it.

Parliamentary insiders say that even at this late stage lobbyists are continuing to contact MEPs, some on a daily basis. Just days before the LIBE vote, industry lobbyists (in the form of the Industry Coalition for Data Protection which includes AmCham EU, DigitalEurope, IAB Europe, EACA, EDiMA, FEDMA, and others) circulated yet another open letter which warns MEPs that they should “carefully consider the practical implications both for businesses and consumers of the proposed ePrivacy Regulation text before a vote”. On Twitter, pro-privacy MEPs such as Rapporteur Lauristin and Green group Shadow Rapporteur Jan Philipp Albrecht have had to fend off angry industry lobbyists.

Meanwhile IAB Europe, EMMA, ENPA, EACA, FEDMA and others have now produced a series of short videos likening the ePrivacy proposal to a “bad movie” and depicting a future world where ePrivacy has undermined the fight against ‘fake news’, and citizens have been left feeling “exhausted” and “confused” because they have had to consent to privacy settings.

Luckily EU decision-makers, so far, have not caved into industry’s scaremongering. While the Commission acquiesced to some corporate lobby demands in its final draft of January 2017, it did enough to ensure that industry’s demands to firstly jettison the whole dossier and then to render it toothless were not implemented. MEPs, under the leadership of Lauristin, have fought back against the corporate lobbyists. But there remains an open question as to how the Council will handle ePrivacy. This is likely to depend upon how successful national corporate lobbyists will be in bending the ear of sympathetic member state officials.

Looking forward to the trilogue phase of this dossier, it will be vital that all EU decision-makers – MEPs, member state officials, the Commission – remain alert to the claims of corporate lobbyists, and take a particularly sceptical approach towards those who insist that online privacy and a flourishing internet cannot co-exist.

Update 19 October 2017

Today, MEPs on the Civil Liberties, Justice and Home Affairs (LIBE) committee voted to accept the report of rapporteur Marju Lauristin MEP on ePrivacy, with 31 votes in favour compared to 24 against. A series of compromise amendments had been reached between key political groups in recent days, but the centre-right EPP had refused to endorse both these and the entire report.

Digital rights activists have broadly welcomed the results which include privacy-by-default settings in new software, and an end to “cookie walls” which companies can use to deny access to their website or service if a consumer does not consent to being tracked.

EDRi said: “Despite a huge lobbying effort to water down the proposal, the Committee voted for clear, privacy-friendly rules. We welcome this approach, as it will not just protect citizens, but promote competition and innovation as well”. Consumer rights organisation BEUC said: “It's alarming that the online companies who claim to be the trendsetters and the engine of the digital economy cling to an advertising business model based on snooping on people. It is a great step that the European Parliament today has put consumers in the driving seat again.”

However La Quadrature du Net pointed to weaknesses in the report, including allowing websites to track users without their consent for “web audience measuring” and allowing companies to track devices in the streets without our consent.

Industry responded in expected ways. IAB Europe defended the EPP minority which tried to block the report, and said it was “mystifying” that a majority of MEPs did not support a “vibrant, independent media that can hold power to account”, once again trying to reframe the debate away from ePrivacy. ETNO tried to reframe the issue around “innovation and consumer choice” saying it regretted today’s vote.

With the Council next in line to agree its position, before the trilogue can start, we can be sure that the industry lobbying will only intensify.

Update 24 October 2017

"By November, our communications secrecy could be dead all across the EU..."

Today, centre-right MEPs have secured the votes needed to send MEP Lauristin's report to the Strasbourg plenary on Thursday (26th) for a full vote. If a majority vote to re-open the dossier, new amendments can then be tabled. Those following the dossier inside and outside the Parliament have confirmed to CEO that "lobby efforts are going through the roof right now" and that corporate lobby "campaigning started immediately after the LIBE vote" last week. 

Update 30 October 2017

Last week MEPs in plenary voted to support the LIBE mandate to enter into trilogue with the other institutions on ePrivacy. As rapporteur Marju Lauristin MEP said:

"Today’s vote is a victory for citizen’s rights over the lobbying efforts of big business."

Lauristin is now due to return to Estonian national politics and she will be replaced as rapporteur by Birgit Sippel who said:

"There have been many myths circulating about this report spread by industrial lobbyists who are engaged in a misleading campaign. We are pleased that the majority of the Parliament has seen sense and allowed us to move forward with these important new rules."

This article continues after the banner

Subscribe to our newsletter