The new European privacy law was a feast for lobbyists, but how did the Dutch government deal with all that information? And is lobbying bad?
The new European data protection regulation is the most lobbied piece of legislation thus far because the subject is very important and touches upon almost every aspect of our daily lives. Therefore Bits of Freedom used the Dutch freedom of information act to ask the government to publicise all of the lobby documents they received on this new law. We published these documents with our analysis in English in a series of blogs for EDRi. This series of blogs has also been combined in one report. What parties lobby? What do they want? What does that mean for you?
In the previous blogs you’ve been able to read all kinds of things about the privacy lobby. What parties lobbied, what they lobbied about, and what kind of arguments they used.
What will the Netherlands do?
The question that quickly rises is: what will the Netherlands do? This is more difficult to tell. In the parliamentary papers are letters from the government in which the state secretary (first Teeven, later Dijkhoff) who periodically informed the Dutch parliament about any developments with regards to the negotiations (if you speak Dutch and want to find out for yourself, look for documents on the website of the Dutch parliament with order number 32761, they deal with data protection). In it, he describes in general terms what has been discussed in the negotiations and what the Dutch position more or less is. Apart from that, Statewatch occasionally leaks preliminary reports of meetings.
From a letter to the Dutch parliament in 2012 it’s for example clear that the Netherlands strongly supports a risk based approach (as seen in lobby-tomy 7). We already mentioned that this was the most lobbied on: in particular on the obligation to make an ‘impact assessment’ before processing data and that companies are required to have a data protection officer. About those obligations, the Dutch government says:
“Furthermore, article 22 in principle fully applies to all controllers, which includes small entrepreneurs and even in some circumstances to individual citizens. It will create a higher burden on supervisory authorities. A risk based approach would have been better.”
Apart from that, the Netherlands wants to make it easier to process health data, according to a letter to the Dutch parliament from 2014. They say this is important for research. On this too, many lobby letters were sent to the Dutch government, for example by medical research centers (lobby-tomy 6). Also, the Dutch government wants broader exceptions for the processing of health data by other organizations, like insurance companies. Many lobby letters were sent on this topic (in the case of anti-fraud, see lobby-tomy 8).
There are more similarities between the substance of the lobby letters and what the Dutch government proposes. Although the Netherlands claims to be a proponent of strong protections in the field of profiling, they do ask for the a certain degree of flexibility for other forms of automated decision making (this too was in many lobby letters – and check page 2 and 3 of this letter to the Dutch parliament from July 2014). Apart from that, the Netherlands argues in the same letter to the Dutch parliament that companies should more often have a legitimate interest in cases of “less significant measures” like direct marketing. That means that companies in those cases do not require consent to collect and use data. This too we’ve read before (for example in letters by media companies, see lobby-tomy 4 and 6).
How successful has the lobby been?
Although there are visible similarities between the lobby letters and the position of the Dutch government, it is difficult to produce evidence for the fact that representatives of the government have listened to lobbyists too much. We simply can’t know what’s been said in meetings between representatives of governments and what the Dutch government proposes in meetings like that. Apart from that, it’s difficult to prove a causal link: maybe policymakers had already agreed on a specific position before the lobby letters arrived.
So.. Is lobbying bad?
We can say something about lobbying in general. Looking at the amount of legislative texts circulating, being drafted and adapted back and forth, and looking at the amount of invitations for meetings and letters sent tot the ministries, it’s clear that lobbying plays a large role in our decision making process. Lobbying is important.
That’s why we do it as well, with or without our sister organizations in Europe, as you can quite often read on our blog. Lobbying can be very useful. It allows organizations to shed new light or to bring forward a unique problem that hasn’t been considered yet. Apart from that, it can be useful for policy itself: you can’t expect that everyone shares the same expertise. It can therefore be very important and useful to offer it.
Meanwhile, there are also worries. Looking at the letters, it’s clear that large companies are over represented. How can we know that there has been a proper weighing of all the different interests in society? Also, the letters at times contain bad arguments. We certainly hope the Dutch government doesn’t succumb to the argument “innovation” *end of argument* or to the argument “future business models.” Also, there are transparency issues: this is just the tip of the influence iceberg concerning a long and complicated legislative process. This can and should be better.
Overall, we hope that we have given you am insiders view of the lobby process concerning the new European privacy law.