Moreover, countries would be given the right to profile citizens for national security, defence and public security reasons as well as for "other important objectives of general public interest." That part of the original text drafted by the Commission was deleted by the Parliament but reintroduced by the Council.
"This is basically providing a blank cheque to governments which, under various excuses, may start to profile people based on their online political activities and prepare, for example, blacklists who do not fit with the profile of 'normal' citizens," the groups said.
Other issues with the proposals include a plan to let a company determine whether a data breach is of sufficiently high risk to warrant notifying its customers. This would undermine people's privacy and greatly reduce incentives for companies to improve data security, according to the groups.
Meanwhile, they say, the Council is also still trying to undermine the creation of a one-stop data protection shop that could make it simpler to resolve transnational disputes involving big companies in the EU. The ministers have been backpedaling on that proposal for a while though and have not changed their minds, the leaked docs showed.
They still want to involve national data protection authorities in every transnational dispute that would have to reach consensus, adding more bureaucracy and a time consuming step to a process that is meant to streamline current fragmentation, the groups said.
"Unless something is done urgently, the Council will simply complete its agreement," EDRi warned, adding that if the Council has agreed, only the Parliament could save the EU's data protection reform.
Justice ministers will meet on March 13 to discuss the data protection regulation. Documents that will be discussed by the ministers will be available on the Council's website as soon as the preparatory work for the meeting has finished, an official said.
Sign up for CIO Asia eNewsletters.