Data Protection Regulation: Key amendments in the JURI Committee
The Legal Affairs (JURI) Committee in the European Parliament will vote on amendments to the proposed Data Protection Regulation on March 18th-19th. Their opinion will influence the final report from “LIBE“, which is the lead Committee. So what happens in the JURI vote is an important factor in what the final law will look like.
The JURI Committee will be voting on some specific amendments to the proposed Regulation. Below we detail the top amendments that we think MEPs should support or reject. This is based on a full analysis of the JURI amendments by EDRi, which is available on the campaign site www.privacycampaign.eu
We have produced a briefing on the Data Protection Regulation, which provides more detail on what the issues are.
If you live in the North West of England or in Yorkshire and the Humber, your MEPs are involved in this vote. Please write to your MEP and ask them to support a strong Data Protection Regulation. We have some guidance on how on the blog. If you want to go into more detail, here are the top amendments that MEPs will be voting on.
JURI Committee key amendments
1. On the definition of personal data
The definition of personal data should be broad enough to include data that can ‘single out’ an individual, not just identify them. It is becoming increasingly possible to identify a person using less and less data, or to “re-identify” someone from data previously considered anonymous.
With these concerns about definitions and anonymised data in mind, amendment 22 should be rejected. Amendment 107 should be supported, because it emphasises that being able to “single out” a person is enough for the data to be considered personal data.
2. On consent
Consent must be explicit, informed and freely given. Amendments that undermine this significantly weaken the Regulation and undermine the principle that people should be given more control over what happens to their personal information. Amendment 114, proposed by your MEP Sajjad Karim, should be rejected because it seriously weakens the definition of consent.
3. Regarding ‘legitimate interests’
The ‘legitimate interest’ provision means businesses can get away with all sorts of processing without people’s consent, offering a convenient loophole for abusive or excessive processing. We would like to see amendments that restrict this to exceptional circumstances.
Amendments that extend this further, for instance to third parties, would be particularly damaging and should be rejected – amendment 24 should be rejected for this reason. But amendment 135 should be supported because it removes ‘legitimate interests’ as a ground for processing.
4. On ‘data portability’
Data portability gives people meaningful control over their data, helps them avoid ‘lock in’ to particular services and drives competition. The UK Government are actively promoting the MiData initiative in the UK, which would help people get their transaction data from companies – it makes no sense to reject this in the EU. Citizens’ right to choose the best company and not be locked-in to services must be supported.
Amendment 36 should be rejected, because it deletes this right. Amendment 211 should be supported, however, because it strengthens the right to data portability.
5. On ‘profiling’
We need stronger controls over profiling. People’s profiles, based on their personal information, are evaluated, analysed and used to predict behaviour or target services. That influences how they are treated. People need the right to know about and object to this profiling. That is especially important for sensitive information such as health data. Amendment 227 should be rejected because it removes the protections against profiling and undermines people’s ability to not be subject to it. Amendment 221 & 223, 224 & 225 should be supported – 221 clarifies that profiling should be tightly regulated, both on- and offline. And amendments 223-225 improve the Commission proposal by providing better safeguards around profiling.