EDRI-gram newsletter - Number 24, 18 December 2003
EDRI-gram newsletter
edrigram at edri.org
Thu Dec 18 17:30:13 CET 2003
==================================================================
EDRI-gram
bi-weekly newsletter about digital civil rights in Europe
Number 24, 18 December 2003
==================================================================
CONTENTS
==================================================================
1. Hustinx new EU data protection commissioner
2. PNR: EU Commission negotiates breach of law
3. WSIS report - the long way ahead
4. No criminal sanctions in IPR enforcement directive
5. Dutch Lower House accepts compulsory identification
6. EDRI wishes
7. Recommended reading
8. Agenda
9. About
==================================================================
1. HUSTINX NEW EU DATA PROTECTION COMMISSIONER
==================================================================
Peter Hustinx, the Dutch data protection commissioner, will be elected
today as the new EU data protection commissioner.
The Conference of Presidents, composed of the heads of the Political Groups
in the European Parliament, decided to back-down from their original idea
to give the position to the Spanish magistrate Joaquín Bayo Delgado. He
will now be appointed Assistant Commissioner. The decision will be made
public today, after the Council has approved.
Back in May Bayo Delgado, backed by an informal coalition of Spanish MEPs,
won a test vote in the European Parliament Interior Affairs committee.
Civil liberties organisations responded with surprise because he was the
only candidate on the list with no record of data protection or privacy
advocacy at all.
On the contrary Hustinx is well known, has many contacts with the
Commission in Brussels and is a regular visitor and contributor to any
events on EU Data Protection. By many Brussels insiders he was therefore
regarded as the 'natural candidate'.
(Contribution by Andreas Dietl, EDRI EU affairs director)
==================================================================
2. PNR: EU COMMISSION NEGOTIATES BREACH OF LAW
==================================================================
On 16 December the European Commission presented the long-awaited outcome
of its negotiations with the U.S. Department of Homeland Security on the
transfer of Passenger Name Record (PNR) data to the U.S. As expected, the
outcome is a foul compromise, creating a permanent breach of law.
According to European data protection principles, personal data can only be
transferred from Europe if the recipient has an adequate level of data
protection. In the case of PNR data, the Commission will always issue a
finding of adequacy in order to legitimise the transfer already taking
place. The outcome of the finding - quite a lengthy procedure - is thereby
already anticipated: it has to be positive, or the EU Commission and the
aviation industry would be in trouble.
The proposed solution for the problem is the development of 'push' system
for data to be actively transmitted to the USA, after filtering out the
unnecessary information. That future development is now also used to
justify current practices.
In order to make the agreement more acceptable for the EU, the U.S. have
reduced their demand from 60 data fields per passenger to 34, and promised
to retain the data for 'only' 42 months instead of 50 years, as they had
intended originally. In addition, they assure that the data will not be
shared with any other agencies outside the homeland department. There is no
way, however, to assure that any of this is going to happen.
The Commission says that Homeland's chief privacy officer "has agreed to
receive and handle in an expedited manner representations from Data
Protection Authorities in the EU on behalf of citizens who consider that
their complaints have not been satisfactorily resolved by the department".
But the chief privacy officer is not independent, she works under the
department's chief Tom Ridge.
The European parliament responded divided. The rapporteur on this subject,
Liberal MEP Johanna Boogerd-Quaak called on commissioner Bolkestein to
bring the matter to the European Court of Justice himself, instead of
waiting for parliament to do it.
Meanwhile, the European Union has a project of its own aiming at obliging
third countries to transfer flight passengers' personal data. The report,
going back to a Spanish initiative, is currently being dealt with in the
LIBE Committee. It is being justified by the presumed need 'to combat
illegal immigration effectively'. The big difference with the U.S. demands
is however that, presently at least, the data comprises only "the number of
the passport or travel documents used, nationality, first name and family
name(s) and the date and place of birth", and are to be deleted "after the
border checks on passengers have been completed". In the future the EU aims
at "the creation of a multilateral framework for PNR Data Transfer within
the International Civil Aviation Organisation (ICAO)". The intention is
clear: When PNR transfer is part of an international agreement under the
ICAO, a UN body, EU concerns with data protection will have to step back -
and the Commission can avoid more lengthy negotiations.
Communication from the Commission to the Council and the Parliament:
Transfer of Air Passenger Name Record (PNR) Data: A Global EU Approach
(16.12.2003)
http://europa.eu.int/comm/internal_market/privacy/docs/adequacy/apis-
communication/apis_en.pdf
Statewatch: EU: Commission "compromises" and agrees on handing over
passenger data to USA (18.12.2003)
http://www.statewatch.org/news/2003/dec/11euuspassengerdeal.htm
Initiative of the Kingdom of Spain with a view to adopting a Council
Directive on the obligation of carriers to communicate passenger data
(25.03.2003)
http://www.europarl.eu.int/meetdocs/committees/libe/20031216/0761en.pdf
Edward Hasbrouck's Practical Nomad blog
http://hasbrouck.org/blog/archives/000090.html
(Contribution by Andreas Dietl, EDRI EU affairs director)
==================================================================
3. WSIS REPORT - THE LONG WAY AHEAD
==================================================================
The first phase of the World Summit on Information Society (WSIS) ended in
Geneva last week, after more than 18 months of preparatory process. Its 2
outcomes are a Declaration of Principles and a Plan of Action, both
enthusiastically adopted by government representatives, though hardly
discussed until the last hour.
A major outcome is also the civil society (CS) alternative Declaration.
Entitled 'Shaping Information Societies for Human Needs', this document was
proposed by CS as part of the official outcomes of the Summit, after having
collectively decided that "[their] voices and the general interest [they]
collectively expressed are not adequately reflected in the Summit
documents." CS has previously provided 'Essential Benchmarks' against which
the outcomes of the WSIS process and the commitment of all stakeholders to
achieve its mandate will be assessed.
Many observers said that WSIS has been much ado about nothing. As a matter
of fact, the most contentious issues have been delayed by government
representatives to the second phase of WSIS, to be held in 2005. Among
these issues are internet governance and so-called digital solidarity. They
remain on top of the 'wait and see agenda', with non binding calls to the
United Nations Secretary-General to establish on the one hand a Working
Group 'in an open and inclusive process [...] to investigate and make
proposals for action, as appropriate, on the governance of Internet' and on
the other hand a Task Force to complete "a thorough review of [existing
financial mechanisms] adequacy in meeting the challenges of ICT for
development".
Even the declaration from the Civil Society is full of cautious - and
sometimes contradictory - statements, showing how diverse the CS groups are
that participated in WSIS, and how difficult it is to build a common vision
of the information society.
The official Declaration of principles and Plan of Action will be assessed
by many regional and thematic civil society groups. One group has already
done that, the WSIS CS Human Rights Caucus. Set up and coordinated by EDRI
members, this group has been very active since the early beginnings of the
WSIS process, in order to put human rights on the agenda. Now including
more than 45 organisations from all over the world, the caucus held a press
conference at the end of WSIS to express its relief that in the end, the
WSIS Declaration included many principles supported by the caucus, after
even the simplest references to the Universal Declaration on Human Rights
had been debated and contested right up until the last hour.
However, the WSIS CS human rights caucus deplores the absence of any
reference to the fundamental principle of non-discrimination as well as to
international labour standards. It further deplores the continuing emphasis
on the creation of a 'global culture of cyber-security' which aims at
enhancing trade instead of implementing human rights. The caucus remains
concerned that the rule of law and the regulatory framework are expected to
'reflect national realities' instead of being consistent with the
international human rights treaties. Moreover, the Plan of Action is devoid
of any mechanism to advance the human rights agenda, while the human rights
caucus had proposed the establishment of an Independent Commission on the
Information Society and Human Rights to monitor practices and policies on
human rights and the information society. This is particularly urgent given
the tendency in many countries - both North and South - to sacrifice human
rights in the name of 'security'.
However, beyond all these major problems, WSIS has been a true success in
showing the whole world - be it through contradictions and lack of concrete
outcome - that information society is not just about pipes, and that the
so-called digital divide simply reflects the social, economical, and
cultural divide among and within the nations. This success is the major
outcome of civil society participation to the first ever held UN Summit on
Information and Communication issues, but there is still a long way ahead
to realise CS aspirations of building information and communication
societies that are people-centred, inclusive and equitable and "where
development is framed by fundamental human rights and oriented towards
achieving a more equitable distribution of resources".
Finally, WSIS provided great opportunities for civil society networking.
Among the huge number of side events organised during WSIS, the World Forum
on Communication Rights attracted a large international audience of human
rights activists and grass-root organizations. The WSIS CS human rights
caucus, which co-organised this Forum, held a session on 'Communication and
Human Rights: No Development without Democracy, no Democracy without
Development'. In addition to Aminata Traoré's strong keynote speech, the
caucus provided a forum for voices that have been silenced by authoritarian
governments. Sharon Hom from Human Rights in China and Souhayr Belhassen
from the Tunisian Human Rights League were given the opportunity to
demonstrate that, while China and Tunisia are not the only countries with
serious human rights problems, they prove that infrastructure alone is not
enough.
WSIS official documents (English, soon available in all 5 UN languages)
http://www.itu.int/wsis/
WSIS CS documents (English, French, Spanish) and reports on WSIS (English,
German)
http://www.worldsummit2003.de/
WSIS CS Human Rights Caucus actions, communications and documents (English,
French)
http://www.iris.sgdg.org/actions/smsi/hr-wsis/
World Forum on Communication Rights (English, French, Spanish)
http://www.communicationrights.org/
(Contribution by Meryem Marzouki, IRIS and co-coordinator of the WSIS CS
Human Rights Caucus)
==================================================================
4. NO CRIMINAL SANCTIONS IN IPR ENFORCEMENT DIRECTIVE
==================================================================
There will be no criminal sanctions in the proposed European directive on
the enforcement of intellectual property rights after all. In the previous
edition of EDRI-gram there was a report about an amendment of MEP Mercedes
Echerer (Greens, Austria) on Article 20 that would re-introduce sanctions
in criminal law, even for private and relatively small-scale infringements.
As it turned out, Mrs. Echerer later withdrew this amendement and replaced
it with a much much milder one, deleting the criminal law sanctions and
calling merely for 'appropriate sanctions'. The secretariat of the Legal
Affairs Committee (JURI) of the European Parliament could not keep up with
the different amendments from the Austrian MEP, and put an old version on
the voting list. Unknowingly, most MEPs voted in favour of the mild regime.
It seems that even Mrs. Echerer herself was uncertain which of her
amendments had gotten adopted.
The amendment may, however, still be challenged in the Plenary where,
according to the present schedule, the report will be voted between 9 and
11 February. (There is also a small chance that it will appear on the
earlier agenda of 28 and 29 January.) If the milder version is not
accepted, the version contained in the Commission Draft - including
criminal sanctions - will get adopted.
If this should happen, the criminal sanctions might be deleted by the
Council, who may with some justification claim that criminal law is a
so-called Third Pillar issue that must not be decided in the co-decision
procedure. It seems that the Council and the Commission have already found
agreement to deal with the issue of criminal law sanctions in a way
foreseen by the EU rules of procedure, namely in the form of a Framework
Decision. Such a decision is currently in 'a very early stage of
preparation' in the Justice and Home Affairs Directorate General of the
Commission.
Consolidated version of the JURI vote (05.12.2003)
http://www.miu-ft.org/~sama/P5_A(2003)0468_EN.pdf
(Contribution by Andreas Dietl, EDRI EU affairs director)
==================================================================
5. DUTCH LOWER HOUSE ACCEPTS COMPULSORY IDENTIFICATION
==================================================================
On 16 December the Dutch Lower House accepted a legal proposal to introduce
compulsory identification for all persons from the age of fourteen. People
unable to immediately show a valid passport, drivers license or (cheaper)
identity-card risk a fine with a maximum of 2.250 Euro. Refusal will
constitute a criminal offence. Every police-officer including military
police, any extra-ordinary law enforcement agent and any police related
supervisor/watcher may ask for proof of identity. According to the
explanatory statement the police must have a reasonable cause related to
her task to ask for ID, but there is no need for an actual suspicion of an
offence.
In spite of criticism from the Dutch Data Protection Authority, the
Association for the Jurisdiction, the Council of State (an advisory body to
the government) and strong-worded last minute open letter from EDRI-member
Privacy International, the Minister of Justice found a large parliamentary
majority for his proposal, of conservatives, liberals, social democrats and
Christian democrats.
Though formally there is only an obligation to show ID when asked, in
practice carrying identification will be compulsory, given the examples of
minister Piet Hein Donner. He mentioned the need to be able to demand ID
from any (involuntary) witness to an accident, besides the need to be able
to identify people that cycle on the pavement or allow their dogs to
relieve themselves there.
Especially the 'eye-witness' argument offends a core principle of the rule
of law: that citizens should have notice of the circumstances in which the
State may conduct surveillance, so that they can regulate their behaviour
to avoid unwanted intrusions.
In its open letter to all Members of Parliament, Privacy International
announced that it would take legal steps and challenge this legislation in
court, for violating the European Convention on Human Rights and the UN
Declaration on the Rights of the Child.
Donner seems confident that the Senate will accept the proposal just as
hastily as the Lower House, planning to introduce the new law by the 1st of
January 2005.
Open letter Privacy International (06.12.2003)
http://www.bof.nl/docs/privacy_international_brief.pdf
===================================================
6. EDRI WISHES
===================================================
European Digital Rights wishes you pleasant holidays and a happy and
resourceful new year.
Thanks to a generous donation from the Open Society Institute Fund,
EDRI-gram will be continued in 2004. The next issue will appear on 14
January 2004.
Currently, EDRI-gram has 1811 subscribers, plus an unknown number of
readers of the translations in Russian, Ukrainian and Italian. If you have
colleagues or friends that might be interested in subscribing, please point
them to the archive at
http://www.edri.org/cgi-bin/index?funktion=edrigram
or directly to the subscription page at
http://www.edri.org/cgi-bin/mailman/listinfo/edri-news/
===================================================
7. RECOMMENDED READING
===================================================
Privacy on the Internet by Matej Kovacic is an interesting bi-lingual book
about all the different aspects of privacy in the information society
(English and Slovenian). The chapter about privacy of information and
privacy of communication in Slovenia provides welcome insight in the state
of affairs in this EU accession country.
Kovacic writes: "Although privacy of information is relatively well
regulated by existing legislation, the problem is a serious disorder in
practice, even though this field is subject to supervision by inspection
agencies." Privacy of information is guaranteed constitutionally (and
sanctioned in the Penal Code), by the Personal Data Protection Act and by
the Convention for the protection of individals with regard to automatic
processing of personal data. In its 2001 annual report, the Inspectorate
for Personal Data Protection notes an increase in the number of complaints
by individuals about privacy violations. These cases are about inadequate
protection of data, databases with information from video surveillance
without written consent, excessively long periods of personal data storage
or storage of an excessive amount of personal data.
The new European directive on privacy and electronic communications
(2002/58/EC) is having its devastating effects on data retention in
Slovenia as well. According to Kovacic "A measure that is currently under
preparation will oblige member states to legally bind telecommunications
providers to store traffic data from 12 to 24 months. These data are
already available to state authorities on the basis of court order."
ISBN 961-6455-09-5
http://www.mirovni-institut.si/eindex.htm
==================================================================
8. AGENDA
==================================================================
8-9 January 2004, Sheffield, UK - CCTV and Social Control
Conference organised by the Centre for Criminological Research, University
of Sheffield on the politics and practice of video surveillance, from a
European and global perspective.
http://www.sheffield.ac.uk/ccr/publicity/conference/index.html
15 January 2004 deadline 'Nothing to hide' cartoon-contest
The Berlin Humanistic Union invites everybody to join a cartoon-contest
about the theme 'I've got nothing to hide'. Submissions can be drawings,
paintings, photo's or computer generated images. The first price is
rewarded with 500 euro, the second with 400 and third price with 300 euro.
In German only:
http://www.humanistische-union.de/karikaturenwettbewerb/
23 January 2004, Brussels, Belgium - workshop on the Digital Divide
The European research project JANUS (Joint Analytical Network for Using
Socio-Economic Research) is organising the third in a series of workshops
on challenges for socio-economic research into the Information Society. The
workshop The Digital Divide: Opportunities and Threats at the Verge of EU
Enlargement aims to address the issue of a geographical digital divide
between members and new members of the European Union and derive policy
recommendations that help to bridge this divide. For more information,
please email <noester at sfconsulting.net>.
30-31 January 2004, Stockholm, Sweden - WHOLES
A Multiple View of Individual Privacy in a Networked World
An international workshop to explore interdisciplinary approaches to privacy.
http://www.sics.se/privacy/wholes2004/
==================================================================
9. ABOUT
==================================================================
EDRI-gram is a bi-weekly newsletter about digital rights in Europe.
Currently EDRI has 14 members from 11 European countries. EDRI takes an
active interest in developments in the EU accession countries and wants to
share knowledge and awareness through the EDRI-grams. All contributions,
suggestions for content or agenda-tips are most welcome.
Newsletter editor: Sjoera Nas <edrigram at edri.org>
Information about EDRI and its members:
http://www.edri.org/
- EDRI-gram subscription information
subscribe/unsubscribe web interface
http://www.edri.org/cgi-bin/mailman/listinfo/edri-news/
subscribe by e-mail
To: edri-news-request at edri.org
Subject: subscribe
You will receive an automated e-mail asking to confirm your request.
- EDRI-gram in Russian, Ukrainian and Italian
EDRI-gram is also available in Russian, Ukrainian and Italian, a few days
after the English edition. The contents are the same.
Translations are provided by Sergei Smirnov, Human Rights Network, Russia;
Privacy Ukraine and autistici.org, Switzerland
The EDRI-gram in Russian can be read on-line via
http://www.hro.org/editions/edri/
The EDRI-gram in Ukrainian can be read on-line via
http://www.internetrights.org.ua/index.php?page=edri-gram
The EDRI-gram in Italian can be read on-line via
http://www.autistici.org/edrigram/
- Newsletter archive
Back issues are available at:
http://www.edri.org/cgi-bin/index?funktion=edrigram
- Help
Please ask <info at edri.org> if you have any problems with subscribing or
unsubscribing.
==================================================================
Publication of this newsletter is made possible by a grant from
the Open Society Institute (OSI).
==================================================================
More information about the Syndicate
mailing list