News Stream Books Videos Web Conferences Subscriptions Advertise About IAPP Publications
Daily Dashboard Daily Dashboard

The day’s top stories from around the world

 AI Governance Dashboard – New AI Governance Dashboard – New

Stay on top of the latest AI governance news and developments of the profession.

 The Privacy Advisor The Privacy Advisor

Original reporting and feature articles on the latest privacy developments

 Privacy Perspectives Privacy Perspectives

Where the real conversations in privacy happen

 Privacy Tech Privacy Tech

Exploring the technology of privacy

 Canada Dashboard Digest Canada Dashboard Digest

A roundup of the top Canadian privacy news

 Europe Data Protection Digest Europe Data Protection Digest

A roundup of the top European data protection news

 Asia-Pacific Dashboard Digest Asia-Pacific Dashboard Digest

A roundup of the top privacy news from the Asia-Pacific region

 Latin America Dashboard Digest Latin America Dashboard Digest

A roundup of the top privacy news from Latin America

 U.S. Privacy Digest U.S. Privacy Digest

A roundup of US privacy news
Overview KnowledgeNet Chapters Sections Affinity Groups Volunteer Annual Awards Career Central
Find a KnowledgeNet Chapter Near You

Talk privacy and network with local members at IAPP KnowledgeNet Chapter meetings, taking place worldwide.

 IAPP Job Board

Looking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.

 IAPP Calendar

Review a filterable list of conferences, KnowledgeNets, LinkedIn Live broadcasts, networking events, web conferences and more.
Overview Online Training Live Online Training In-Person Training Books Practice Exams Train Your Staff Official Training Partners Web Conferences
Artificial Intelligence Governance Professional Artificial Intelligence Governance Professional

Learn how to surround AI with policies and procedures that make the most of its potential by reducing its risks.

 European Data Protection (CIPP/E)

Understand Europe’s framework of laws, regulations and policies, most significantly the GDPR.

 U.S. Private-Sector Privacy (CIPP/US)

Steer a course through the interconnected web of federal and state laws governing U.S. data privacy.

 Canadian Privacy (CIPP/C)

Learn the intricacies of Canada’s distinctive federal/provincial/territorial data privacy governance systems.

 Privacy Program Management (CIPM)

Develop the skills to design, build and operate a comprehensive data protection program.

Privacy in Technology (CIPT)

Add to your tech knowledge with deep training in privacy-enhancing technologies and how to deploy them.

 Foundations of Privacy and Data Protection

Introductory training that builds organizations of professionals with working privacy knowledge.

 Privacy Law Specialist Training (PLS)

Meet the stringent requirements to earn this American Bar Association-certified designation.
Overview Certification Programs Get Certified How to Prepare Continuing Privacy Education (CPE) Fees Certify Your Staff Verify a Certification
CIPP Certification CIPP Certification

The global standard for the go-to person for privacy laws, regulations and frameworks

 CIPM Certification CIPM Certification

The first and only privacy certification for professionals who manage day-to-day operations

 CIPT Certification CIPT Certification

As technology professionals take on greater privacy responsibilities, our updated certification is keeping pace with 50% new content covering the latest developments.

 FIP Designation FIP Designation

Recognizing the advanced knowledge and issue-spotting skills a privacy pro must attain in today’s complex world of data privacy.

 Privacy Law Specialist Privacy Law Specialist

The first title to verify you meet stringent requirements for knowledge, skill, proficiency and ethics in privacy law, and one of the ABA’s newest accredited specialties.

 AIGP Certification AIGP Certification

Ensures individuals responsible for AI systems can reduce the risks associated with this technology.

 Certificação CDPO/BR Certificação CDPO/BR

Mostre seus conhecimentos na gestão do programa de privacidade e na legislação brasileira sobre privacidade.

 Certification CDPO/FR Certification CDPO/FR

Certification des compétences du DPO fondée sur la législation et règlementation française et européenne, agréée par la CNIL.
Tools and Trackers Research Glossary Global Privacy Directory Enforcement Database Westin Research Center Web Conferences Jobs Privacy Vendor Marketplace
Reports and Surveys

Access all reports and surveys published by the IAPP.
Resource Articles

The IAPP publishes longform, web-based resource articles to provide in-depth analysis on relevant topics in the privacy space.
White Papers

Access all white papers published by the IAPP.
Infographics

Access all infographics published by the IAPP.
Podcasts

The Privacy Advisor Podcast provides interviews with the privacy world's most interesting voices.
Videos

The IAPP's video library provides insights, reactions and opinions on a range of topics, including regulatory developments, areas of privacy operations management and more.
Artificial Intelligence

On this topic page, you can find the IAPP’s collection of coverage, analysis and resources covering AI connections to the privacy space.
Privacy 101

On this page, you’ll find articles and tools to help you get a basic understanding of the job of the privacy pro and data protection laws and practices around the globe.
Data Protection Intensive: UK Data Protection Intensive: UK

Explore the full range of U.K. data protection issues, from global policy to daily operational details.

Global Privacy Summit Global Privacy Summit

Expand your network and expertise at the world’s top privacy event featuring A-list keynotes and high-profile experts.

AI Governance Global AI Governance Global

A new event in Brussels for business leaders, tech and privacy pros who work with AI to learn about practical AI governance, accountability, the EU AI Act and more.

 Canada Privacy Symposium Canada Privacy Symposium

Leaders from across the Canadian privacy field deliver insights, discuss trends, offer predictions and share best practices.

Asia Privacy Forum Asia Privacy Forum

Hear top experts discuss global privacy issues and regulations affecting business across Asia.

 Privacy. Security. Risk. (P.S.R.) Privacy. Security. Risk. (P.S.R.)

P.S.R. focuses on the intersection of privacy and technology. The call for proposals to speak at the 2024 event is open. Submit your ideas today.

 Europe Data Protection Congress Europe Data Protection Congress

Europe’s top experts offer pragmatic insights into the evolving landscape and share knowledge on best practices for your data protection operation.

 ANZ Summit ANZ Summit

Gain exclusive insights about how privacy affects business in Australia and Aotearoa New Zealand.

 Speak at an IAPP Event

View our open calls and submission instructions.

 Sponsor an Event

Increase visibility for your organization — check out sponsorship opportunities today.

Individual Membership Corporate Membership Group Membership Student Membership
Become a Member

Start taking advantage of the many IAPP member benefits today

 Corporate Members

See our list of high-profile corporate members—and find out why you should become one, too

 Renew Your Membership

Don’t miss out for a minute—continue accessing your benefits
{[product.name]} {[ product.name ]}
clear
mode_editEdit
remove_circle_outline {[ getCartItemQuantity(product.id) ]} add_circle_outline
{[ product.price | currencyFilter ]}
TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

The Privacy Advisor | Draft motion calls for action ahead of European elections and following Facebook revelations Related reading: CBI seeks information regarding Facebook-Analytica incident

rss_feed

""

""

Following its investigation into the Facebook-Cambridge Analytica scandal, and just eight months ahead of the European Parliament elections, MEPs worried about malicious interference via Facebook plan to issue a series of recommendations.

The motion is likely to be debated and presented in LIBE, the Parliament’s civil liberties committee, on Sept. 27, with a deadline for amendments the following day and a vote in LIBE on Oct. 10.

A leaked draft of the suggestions from the committee includes the recommendation that “all online platforms distinguish political uses of their online advertising products from their commercial uses.”

The draft motion's text says that “profiling for political and electoral purposes ... should be prohibited,” and social media platforms should monitor and actively inform authorities if such behavior occurs. The text continues that the Digital Age requires an update of electoral laws and suggests national authorities introduce an “obligatory system of electronic fingerprinting for electronic campaigning and advertising.

“Any form of political advertising should include easily accessible and understandable information on the publishing organization and who is legally responsible for spending, so that it is clear who sponsored campaigns, similar to existing requirements for printed campaign materials currently in place in various member states,” continues the proposal.

It also recommends that after a referendum or election, third-party audits should be carried out to ensure “personal data held by the campaign is deleted, or if it has been shared, that the appropriate consent has been obtained.”

European Data Protection Supervisor Giovanni Buttarelli told The Privacy Advisor that the motion, alongside last week's "election package" proposed by the European Commission, "demonstrates that unaccountable data practices like tracking and profiling on a massive scale have become a threat not just to fairness in the commercial space, but also a threat to core EU values of dignity and democracy.

“It highlights the need for DPAs with other bodies, like election monitors, audiovisual media regulators and others, including antitrust and consumer agencies, to cooperate and ensure they are joined up to prevent malpractice not only during the 2019 European Parliament elections, but also the parliamentary or presidential elections in 12 of the EU’s member states,” he continued, adding that the EDPS will organize a workshop on the issue, bringing together different regulators in early 2019.

Privacy International's head of advocacy and policy team, Tomaso Falchetta, said it, too, approves of the motion.

“In the U.K., the adoption of the U.K. Data Protection Act, which aims to operationalize the GDPR, fails to address the risks of profiling by political parties. In fact the law introduces exemptions for processing personal data by political parties," Falchetta said. 

He added, "Profiling can result in being able to infer sensitive data about people from non-sensitive data, such as political opinions or philosophical beliefs. This can impact significantly on citizens being able to exercise of their right to vote, a position recently reflected in the guidance by the European Commission. PI therefore supports the recommendation in the resolution that such activities should be prohibited, at least until stricter regulation and monitoring are in place."

The draft of the motion also calls on data protection authorities to undertake a thorough investigation of Facebook and urges Facebook, Twitter, Google, LinkedIn and similar platforms to allow ENISA and the European Data Protection Board to carry out a full and independent audit of its platform investigating data protection and security of user personal data.

MEPs also take the view “that data protection authorities should have the same, if not more technical expert knowledge as those organisations under scrutiny,” and suggested this could be funded by introducing a levy on the sector concerned.

The data obtained by Cambridge Analytica from Facebook was allegedly for research purposes. But the draft motion's text stressed that “the research argument exemption in data protection law can never be used as a loophole for data misuse.”

The U.S. Federal Trade Commission is currently investigating whether Facebook failed to honor its privacy promises in compliance with Privacy Shield. But given that such a major breach occurred despite registration to the framework, the Parliament text “considers that the revelations clearly show that the Privacy Shield mechanism does not provide adequate protection of the right to data protection.”

In response, Lukasz Olejnik, cybersecurity and privacy researcher and advisor, said: “Calling the U.S. to act within the well intended meaning of Privacy Shield is potentially explosive. On this level and in this respect, does the European Parliament intend to suggest a possible interference via a U.S. company in European elections? That would be a paradox.”

But S&D group leader, MEP Udo Bullmann disagrees with that sentiment. “It is now almost six months since the revelation that 50 million Facebook profiles had been harvested by Cambridge Analytica to be used for political purposes. Despite Mark Zuckerberg’s promises that Facebook is doing everything in its power to ensure this can never happen again, we still have not seen enough real action to protect our citizens and our democracies,” he said.

“We urge Facebook to outline how exactly they are going to act to ensure that there is no attempt to manipulate the European elections next year and how they are acting to stop the spread of fake accounts,” he continued.

But with figures from the Electoral Commission of the U.K. showing that British political parties in spent £3.2 million on direct Facebook advertising during the 2017 general election, he's asking them to walk away from a lot of money.

“National governments must adopt the ePrivacy regulation as soon as possible,” continued Bullmann. “The right to privacy of communication is a fundamental right, and our current laws are not adequate for the way we communicate in the digital age. The European Parliament backed strong new proposals earlier this year, and we now urge national governments to do the same. We have only eight months until the European elections. If we are going to ensure that they can truly be called free and fair then we need to take action now.”

The Buttarelli, the EDPS, also wants to see ePrivacy signed as soon as possible: “Perhaps the biggest gesture from the EU to safeguard democracy in the digital era is to complete the reform of the privacy and data protection framework and finalize the reform of ePrivacy rules, essential for giving people more control over their private online communications,” he said.

However “both ePrivacy and the GDPR contain provisions exempting political activity,” explained Olejnik. “Furthermore, in many countries, national or presidential elections aren’t even bound by data protection rules at all. To be effective, such regulations would need to apply to all election types. But it is unclear whether countries would be open on harmonizing this sphere in the name of protection from foreign interference or unethical domestic activity.

“Keep in mind that the Bulgarian Council presidency tabled a provision exempting political activity in the ePrivacy [Regulation] at the very beginning of the Cambridge Analytica scandal, which was an impressive timing indeed. In this light, the justified and right call to renew the work on ePrivacy looks bleak,” he added.

MEPs were disappointed with Facebook for not sending the requested speakers to a series of hearings over the summer on June 4, 25  and July 2, and this is mentioned more than once in the draft text. The hearings were a follow up to the May 22 meeting between Facebook Founder and CEO Mark Zuckerberg, Parliament President Antonio Tajani, political group leaders and the chair of the LIBE Committee, Claude Moraes.

“The information provided by Facebook representatives during the hearings lacked precision on the concrete and specific measures taken to ensure full compliance with EU data protection law and was rather of general nature,” complains the text.

photo credit: facebook via Thought Catalog

Author
Headshot Jennifer Baker Nonmember Contributor
Tags
Europe
U.S.
Big Data
Personal Privacy
Privacy Law
Social Networking
Surveillance
Transborder Data Flow
2 Comments

If you want to comment on this post, you need to login.

  • comment Eric Shields • Sep 25, 2018 
    Regardless of intention, a bit of an oxymoron to have the privacy industry citing a "leaked" document.
  • comment Edwin van der Kaden • Sep 30, 2018 
    Subject here is the negative influence of the facebooks of this world on democracy. “Funny” to see how Lukasz Olejnik is trying to change the subject.
There will be an explosive situation if we fail to protect our democracy. In that regard the GDPR and the e-Privacy regulation are very important. 
And yes, I do think that a US company can interfere in European elections.
Related Stories

Related Stories
Tags
Europe
U.S.
Big Data
Personal Privacy
Privacy Law
Social Networking
Surveillance
Transborder Data Flow
Recent Comments