D66 MEPs hesitant about Europol-MENA data exchange agreements for fighting crime and terrorism >
Sufficient resources for data protection authorities necessary for effective GDPR implementation >
In terms of “wake up call”, the revelations by the The Guardian and Observer on the massive use of personal data for influencing the US presidential elections, and possibly the Brexit referendum, in the so-called “Cambridge Analytica Files” are somewhat like the Big Ben sitting on your bedside table. If you haven’t woken up by now, you are probably dead.
The European Parliament has to investigate urgently what happened and in what way these methods are being applied today to influence elections in Europe (or indeed referenda). The UK Parliament already conducted hearings with Facebook and Cambridge Analytica about possible interference with the Brexit referendum. But this is clearly a matter of broader European interest. Europe is already alarmed by Russian interference with European politics, but Steve Bannon too clearly has now set his sights directly on Europe, cosying up to all sorts of nationalist and Christian-right wing movements (see some of his surprising European connections below).
The practices of Cambridge Analytica and Facebook must be assessed against European data protection laws, in particular the General Data Protection Regulation that will enter into force soon. The kind of data processing mentioned in the Cambridge Analytica Files, is labelled “market reasearch” and “academic research”. This means they could use a weak spot in the GDPR: the exemptions from strict data protection rules for research (this was a hot topic during the negotiations on the GDPR). National Data Protection Authorities must look into the situation without delay. It would appear that Facebook has grossly violated data protection laws by failing to report the unlawful use of its customer data by Cambridge Analytica.
The Commission now also needs to get serious about protecting our privacy and personal data outside Europe (including transatlantic and post-Brexit UK). Arrangements like Privacy Shield were never remotely adequate, and the case at hand underlines the urgency of adopting proper protections. Sharing personal data in the context of law enforcement and security may be necessary, but if there are no sufficient safeguards, they may also become a powerful political tool in the hands of parties outside Europe.
Currently Parliament and Council need to agree on the new e-Privacy Regulation. Member State governments as well as the EPP and ECR groups in Parliament are - as so often - pressing for weaker protection, in particular on tracking&tracing of people. That is totally irresponsible.
Clearly privacy and data protection laws are not enough to protect democracy. But they are an essential part of the protection against forces aiming to undermine democracy.
With several colleagues I have dedicated many years of my parliamentary life to privacy and data protection. Our efforts for privacy and data protection were at best considered a quaint left-wing hobby, at worst an obsession leading to unnecessary obstacles for both security and business. Privacy and data protection are not about left wing vs right wing. The right to privacy and data protection is not just an individual right. Protecting an individual person, is also essential for democracy, in many different ways. The Cambridge Analytica Files are the perfect demonstration of that. Europe has to wake up and protect its democracy.