Lobbying by Brave Software International

Brave Software International

Brave is a privacy web browser.

Links

ID: 187566333677-33

Lobbying Activity

Response to Report on the application of the General Data Protection Regulation

28 Apr 2020

I represent Brave, a rapidly growing privacy-focussed Internet browser with offices in San Francisco and London, and employees across the EU. Brave’s CEO, Brendan Eich, is the inventor of JavaScript, and co-founded Mozilla/Firefox. I write to draw two matters related to cooperation between supervisory to your attention. 1. INCONSISTENCIES IN MEMBER STATE DATA PROTECTION AUTHORITIES’ GUIDANCE AND DECISIONS. Several supervisory authorities’ guidance and decisions on consent on consent differ in important aspects from that endorsed by the EDPB. CNIL (France), for example, at https://www.cnil.fr/fr/cookies-comment-mettre-mon-site-web-en-conformite, presents the following guidance: “...la poursuite de sa navigation vaut accord au dépôt de Cookies sur son terminal”. This is inconsistent with the EDPB Guidelines on Consent, p. 17 of which say: “...merely continuing the ordinary use of a website is not conduct from which one can infer an indication of wishes by the data subject to signify his or her agreement to a proposed processing operation.” EDPB Guidelines emphasise that continued navigation must not be regarded as an indication of consent, and reinforce the point by providing a practical example of this (“example 16”). AEPD (Spain) says in p. 6 of https://www.aepd.es/media/guias/guia-rgpd-para-responsables-de-tratamiento.pdf that "El consentimiento puede ser inequívoco y otorgarse de forma implícita cuando se deduzca de una acción del interesado (por ejemplo, cuando el interesado continúa navegando por una web y acepta así el que se utilicen cookies para monitorizar su navegación)". The EDPB advises the opposite. I enclose my correspondence with Jelinek of the EDPB, and Micol of Unit C3 DG Justice in 2018 urging action on these issues. Two years later, they remain unresolved. To ensure consistent and homogenous application of the Regulation throughout the Union, this must be urgently corrected. 2. MEMBER STATES FAILURE TO ADEQUATELY IMPLEMENT ARTICLE 52(4), WHICH PREVENTS SUPERVISORY AUTHORITIES FROM ADEQUATELY COOPERATING TO ADDRESS LARGE TECH FIRMS. Brave has examined two factors in supervisory authorities’ performance and cooperation: i) the number of specialist tech investigators working in supervisory authorities on tech investigations; and ii) the budgets at their disposal to defend their decisions against legal appeals by large tech firms. The report is available at https://brave.com/dpa-report-2020/. Supervisory authorities have too few specialist tech investigators. They also can not afford the cost of legally defending their decisions against ‘Big Tech’ legal firepower. Fault lies with national governments, rather than supervisory authorities. Article 52(4) of the GPDR requires that national governments give supervisory authorities the human and financial resources necessary to perform their tasks. Almost no governments have done so. It is essential that the European Commission intervene. We recommend three actions: 1. The Commission should communicate to the Member States the need to expand supervisory authorities’ tech specialist teams, and should initiate an infringement procedure where necessary. 2. The Commission should communicate to the Member States the need to fund supervisory authorities to fight big tech in court whenever necessary to defend their enforcement decisions. 3. The Commission should develop of an EU tech investigative unit, which could be based within the secretariat of the EDPB. (EDPB secretariat is provided by the EDPS. The unit requires a substantial permanent staff.) The rotation of temporary staff from national supervisory authorities would further improve interoperability and cooperation among supervisory authorities. encl. Brave to Jelinek, 16 August 2018, 4 October 2018, and 1 November 2018. Brave to Micol, 4 October 2018 and 1 November 2018. Brave complaint to the Commission regarding Member States’ infringement of EU law.

Read full response