The Prism amendment: British MEP tries to weaken EU data protection

A British MEP has been criticised by privacy groups for trying to water down EU rules which would protect citizens' data in the wake of the Prism controversy.

Liberal Democrat MEP Sarah Ludford has called for citizens to lose the right to know whether their data was being transferred to a third country or international organisation.

"Baroness Ludford needs to protect EU citizens from having their data shovelled into Prism-ready servers without even being notified," Jim Killock, executive director of the Open Rights Group, commented.

"These are real risks that people have a right to know about."

Ludford's Amendment 1210 to the European Union's data protection package addresses the type of international data collection which the US National Security Agency relied on to store data about non-American citizens around the world.

The amendment is part of a barrage of legislative attempts to water down data protection by the Lib Dem MEP.

Amendment 1220 – also by Ludford – tries to delete an obligation for citizens to be told if it is obligatory to provide the personal information businesses are requesting.

Amendment 1224 – again by Ludford – would delete an obligation on companies to provide information about where they obtained citizen's data. Without this rule, citizens will find it impossible to discover where companies are getting information about them from.

Ludford is not the only figure in Europe trying to water down the EU rules. There are 3,300 other amendments to the regulations, most of which would significantly water it down.

For instance, the internal market and consumer protection committee has recommended that restrictions on what companies can do with citizens' personal data be reduced.

According to the regulations, companies would only be able to award themselves the right to use the data without the customer's permission if it is in their "legitimate interests" – a wording many privacy campaigners might already consider overly vague.

But according to the committee and various MEPs, that should be expanded so companies the customer has never heard of are able to use the personal data for purposes other than that related to its collection.

Other amendments would remove the requirement for companies to say how long they will store people's data or for them to inform customers of the supervisory authority they can complain to if their data is misused.

Ludford's office was approached for comment and will respond in due course.