The fight for the global standard in data protection law
PI has fought across the world for strong and effective legal rights.
What happened
Strong and effective data protection law is a necessary safeguard against industry and governments' quest to exploit our data. A once-in-a-generation moment arose to reform the global standard on data protection law when the European Union decided to create a new legal regime. PI had to fight to ensure it wasn't a moment where governments and industry would collude to reduce protections.
In January 2012, the European Commission published a proposal to comprehensively reform the European data protection legal regime. This consisted of a Regulation that covered general data processing (known as the GDPR - the General Data Protection Regulation), and a brand new Directive for the police and justice sector (known as the Law Enforcement Directive).
The GDPR became one of the most controversial pieces of legislation to have ever passed through the Brussels legislative process, with an unprecedented lobbying onslaught from businesses and interested organisations in all sectors, and the United States Government too. Some 5,000 amendments were tabled during its passage through the European Parliament, with countless more during the (much more secretive) negotiations between the EU member state governments, in the Council as well as the final, even less transparent, horse-trading during the so-called Trialogue between the European Commission (the civil service), the Parliament, and the Council (the 27 member state governments).
- PI fought a six year battle to ensure that the EU General Data Protection Regulation was stronger than the law it was replacing.
- We had to push back repeatedly against governments' and industry who wanted to water down protections.
- We also led work on the law protecting peoples' data when being used by law enforcement agencies.