On Thursday, the Council of the EU, one of the three EU law making bodies consisting of national ministers of EU member states, is expected to agree on parts of the new data protection regulation. However, after leaked documents showed last week what the countries are planning to do, privacy organizations have expressed very serious concerns.

The Council’s proposals would for instance allow companies to collect personal data under a “legitimate interest” exception. This means that no consent is needed if the company feels that it has a legitimate reason to do so. Companies could also pass data to third parties which could process data for reasons that are not related to the original purpose...

...If this were to be allowed, it would be a clear violation of the European Charter of Fundamental Rights, said Alexander Sander, managing director of German digital rights group Digitale Gesellschaft in a blog post commenting on the leaked documents.

Article 8 of the charter stipulates that everybody has the right to the protection of their personal data and states that such data must be processed fairly for specified purposes and with consent of the person concerned or some other legitimate basis laid down by law.

Alles bij de bron; ITWorld [googliaansche vertaling]