The European Parliament’s liberal-centrist bloc has warned over changes being made by EU countries to incoming telecoms legislation, saying they will severely weaken efforts to introduce unified net neutrality rules and eliminate mobile roaming surcharges for people moving between member states.
The Council of the European Union, which represents member states, is expected to present its position on Wednesday regarding the Telecoms Single Market proposal – this follows the European Commission’s original proposal and changes made by the Parliament, and will trigger negotiations over the final text. The Alliance of Liberals and Democrats for Europe Group (ALDE) said Tuesday that the Council’s position is so watered down that it would undermine campaign pledges made by Commission president Jean-Claude Juncker and the Parliament that came in last year.
Meanwhile, digital rights groups have released leaked documents relating to the Council’s under-development position on a separate legislative package, the new General Data Protection Regulation. The version that left Parliament would introduce very tough new rules for companies and governments handling EU citizens’ personal data, but it appears member states have been agitating for these rules to be weakened.
The member states’ keenness to water down the net neutrality proposals is already well documented, with the countries apparently aiming for aspirational principles rather than tough new rules. However, the roaming aspect of the telecoms package is also contentious.
The Commission’s original proposal would have eliminated intra-EU roaming fees, allowing people to move around EU countries without having to pay more for mobile access than they would pay at home. This is integral to the European single market project – cross-border services won’t get anywhere if you can’t freely use them across borders.
However, the Council appears set to allow carriers to charge roaming surcharges for anything above a measly 5MB of data per day. The surcharges would be capped at the maximum wholesale rates charged between carriers, but they would still stymie the original intention of the legislation.
According to ALDE president Guy Verhofstadt:
This is a scandal. An end to roaming charges and the delivery of a genuine single market for telecoms was a campaign priority for all parties, many of whom are today responsible for blocking this measure…
To say this text lacks ambition is an understatement. Certainly our group will not accept this text, as the only winner from it is national telecoms operators themselves. Member States should hang their heads in shame.
As for the new data protection package, which is also intended to unify the disparate rules of the 28 EU member states, the rights groups EDRi, Access, Privacy International and the Panoptykon Foundation have warned that the package is “becoming an empty shell”.
On Tuesday the groups issued an analysis (PDF) of leaked documents about the Council’s position on the regulation. Here are the main points to worry about, according to EDRi et al:
- Consent: The proposals would allow the failure of browser users to opt out of being tracked to be read as a form of consent for tracking and profiling. They would also weaken the limitations on what that consent can allow. “Germany undermines transparency still further by proposing that consent should cover unknown future uses of the data for ‘scientific’ purposes,” the analysis read.
- Data subject rights: Gone is the article that would mandate “concise, transparent, clear and easily accessible policies” about data use. Governments would also be allowed to cite “national security, defence, public security and ‘other important objectives of general public interest'” as legitimate reasons for profiling people.
- Fines and remedies: The new rules were supposed to introduce fines of up to five percent of annual turnover for serious data protection infringements, as a deterrent to the likes of [company]Google[/company], who shrug off today’s fines. The new proposals would lower that amount. The possibility of class action lawsuits would also be nixed, and individuals suing over data protection will only be able to take it to local regulators, not courts.
- Data breach notifications: Companies would only have to tell people that their data has been stolen if the theft is “high risk”.
- Cross-border complaints: There’s supposed to be an EU “one stop shop” for data protection complaints, which makes sense as the whole point of this regulation is to create a unified EU framework. But no, the Council would want multiple national data protection regulators to be brought in first to try reach consensus, because member states don’t want to cede control.
The deadline on this one is a bit further out, with the Council expected to produce its position on the data protection regulation in the summer, before commencing negotiations with the other legislative branches of the EU.
According to EDRi: “Unless something is done urgently, the Council will simply complete its agreement, at which stage only an absolute majority of the European Parliament would be the only way of saving Europe’s data protection reform.”
I have asked the Latvian presidency of the Council (it’s a rotating presidency) for comment on the leaks, but haven’t received a reply at the time of writing.