By Cristina Gonzalez, Andrew Gray and Paul Dallison
Listen to the podcast on Spotify | Apple | Google | Simplecast | Stitcher | View in your browser
Welcome to EU Confidential, bringing you the latest from our podcast and a satirical look at the week’s news.
DEBATING …
Europe’s data protection rulebook
More than a billion people’s data has appeared on hacker forums in recent weeks — revealing contact details for some of the EU’s top politicians, including its own data protection chief, Didier Reynders.
But the tech platforms involved — Facebook, LinkedIn and Clubhouse — say they’ve done nothing wrong. They have played down alarm over the revelations by insisting the data wasn’t hacked or stolen, but rather taken from publicly available sources.
“It is important to understand that malicious actors obtained this data not through hacking our systems but by scraping it from our platform prior to September 2019,” Facebook wrote in a blog post on April 6, explaining that scraping was a common tactic used to lift “public information.”
LinkedIn and Clubhouse — an audio-only social media app — have made similar claims.
“It’s an interesting choice of words that Facebook has taken,” Ravi Naik, a director at data rights organization AWO, told POLITICO’s Vincent Manancourt.
Naik said there is widespread concern among digital privacy advocates “that individuals are not having proper information provided to them, as the regulations require” and also about what he termed “a misunderstanding of what constitutes a data breach.”
Welcome to the latest debate in data protection: What defines a “breach” of your data? And what should regulators do about it?
In Facebook’s case, the company seems to be adopting quite a liberal interpretation of what’s public. Phone numbers that appeared in its online databases, for instance, were in many cases not included on public profiles. Yet Facebook says the information was public because it could be discovered using software. (The company says it implemented measures to stop this kind of scraping in 2019.)
But Naik says that it’s not good enough to just say, “Well, it’s out there and there’s not much we can do.” Instead, “They should proactively be trying to get the data back down and secure people’s information.”
Facebook says it is working to get the data taken down. But at least some European regulators don’t seem convinced by the companies’ explanations. Ireland, Italy and Germany have all announced investigations in recent weeks. However, the fragmented response to the breaches has also highlighted divisions in an enforcement system that is yet to get to grips with data protection abuses. Ireland has announced an investigation in recent weeks but is having its authority tested by other EU regulators, who are getting restless over what they see as Dublin’s failure to rein in data protection abuses by the world’s most powerful tech companies.
“I think we’re still at the early days of [Europe’s General Data Protection Regulation],” said Naik, who predicts that quicker action may come from private lawsuits rather than government data regulators.
An Irish nonprofit has already launched a collective action lawsuit against Facebook in mid-April and similar suits in other countries are expected to follow.
WHAT WE’RE TALKING ABOUT THIS WEEK
Not-so-Super League: Politicians piled on the outrage over plans for a new Super League for Europe’s top football clubs, which soon unraveled. But could politicians really have done much to stop it?
Chancellor candidates: Germany’s two most popular parties chose their candidates to succeed Angela Merkel this week. After taking very different roads to secure their nominations, how will the Greens’ Annalena Baerbock and the CDU’s Armin Laschet fare on the campaign trail?
Data doubts: Data leaks involving social media platforms have some wondering whether Europe’s laws and regulators are up to protecting citizens’ privacy. Will the latest cases prompt any changes?
DECLASSIFIED
Football vs. Vaccines in the battle of the PR nightmares
Welcome to Declassified, a weekly column looking at the lighter side of politics.
The Football War between El Salvador and Honduras. The boat being stuck in the Suez Canal. The Mexican presidency of Pedro Lascuráin. That time I tried to make Anthony Bourdain’s recipe for cassoulet. All of these things lasted longer than the European Super League.
After launching as Sunday turned into Monday, by the time Tuesday turned into Wednesday it was all over after the self-professed Big Six English clubs announced they were pulling out (that’s five actual big clubs and Tottenham Hotspur, who have had less European success than POLITICO’s five-a-side team — fact!).
Even Boris Johnson, a man who knows as much about football as he does about fidelity and using a comb, was quick to denounce the plans, promising to “drop a legislative bomb” to stop it from happening.
He didn’t need to. In a statement, the Super League said: “Given the current circumstances, we shall reconsider the most appropriate steps to reshape the project.” Now we all know what that means: At some point when everyone’s celebrating the end of lockdown or on holiday or maybe even just drunk, an announcement will be made for the “Super European League” that will be exactly the same but with softer marketing, maybe a picture of a kitten or a smiling child or the Dalai Lama.
As unmitigated PR disasters go, it was almost admirable. Was the whole thing the brainchild of European Council President Charles “This seat? Don’t mind if I do” Michel?
However, spare a thought for those at the sharp end of the abuse heaped upon the Super League, such as Theresa May’s former Downing Street Director of Communications Katie Perrior and former broadcast journalist Jo Tanner, who, as London Playbook revealed, had signed up to do communications for the breakaway league. Rumors that they’re taking less toxic jobs such as PR for Bashar al-Assad were unconfirmed at the time of going to press.
Speaking of public relations nightmares, the EU’s vaccines rollout continues to resemble Bambi on ice. On Wednesday, French vaccine producer Valneva announced it was “deprioritizing” negotiations with the European Commission because they were going nowhere.
What a strange choice of word “deprioritizing” is for a drug company to use during a global pandemic; it’s like “deprioritizing” running away from a bear that’s chasing you down a mountain with a napkin tied around its neck, rubbing its belly and shouting, “Dinner time!”
CAPTION COMPETITION
“The rules are very simple: When the music stops, the one who sits in the chair first gets Cyprus.”
Can you do better? Email [email protected] or on Twitter @pdallisonesque
Last time we gave you this photo:
Thanks for all the entries. Here’s the best from our postbag (there’s no prize except for the gift of laughter, which I think we can all agree is far more valuable than cash or booze).
“At the Turkish equality ministry, the ‘so-fa, so good’ gag never grows old,” by Tom Morgan
Paul Dallison is POLITICO’s slot news editor.
SUBSCRIBE to the POLITICO newsletter family: Brussels Playbook | London Playbook | Playbook Paris | EU Confidential | Sunday Crunch | EU Influence | London Influence | AI: Decoded | Digital Bridge | China Direct | D.C. Playbook | All our POLITICO Pro policy morning newsletters