EDRI-gram newsletter - Number 12, 2 July 2003
anna balint
epistolaris at freemail.hu
Thu Jul 3 14:43:35 CEST 2003
==================================================================
EDRI-gram
bi-weekly newsletter about digital civil rights in Europe
Number 12, 2 July 2003
==================================================================
CONTENTS
==================================================================
1. Data protection recommendations on PNR
2. Biometrics in EU passports
3. Analysis: Privacy in the EU draft constitution
4. German chancellor demands take-down of satirical website
5. Turmoil about voting date for EU Patent directive
6. Finnish plans to lower privacy protection employees
7. 2 million DNA-profiles in UK police database
8. Dutch court orders ban on foreign gambling websites
9. Foundation of Turkish digital civil rights group
10. Recommended reading
11. Agenda
12. About
==================================================================
1. DATA PROTECTION RECOMMENDATIONS ON PNR
==================================================================
The European Data Protection Authorities, convened in the European Working
Party (Article 29 Data Protection Working Party), have published an opinion
on the transfer of EU airline passenger data to the US. The Working Party
also published a US Customs document dated 22 May 2003 that refines the US
wishes and demands towards PNR data transfer and which the Working Party'
opinion is commenting on.
Since 5 March U.S. authorities have access to most European airlines?
passenger data bases after an agreement between the European Commission and
US Customs. The transfer of the so-called Passenger Name Record (PNR) data
has outraged the European Parliament, Data Commissioners and privacy
groups. The scope of the original agreement between the European Commission
and US Customs is wide. The agreement states that data can be stored as
long as necessary and that the use of the data is not limited to combating
terrorism but any "legitimate law enforcement purposes". Ongoing talks
between the EU and the US need to result in a final agreement that gives
the transfer a legal basis which it currently lacks.
The new 22 May list of US Customs defines more than 40 data fields that
European airlines should transfer to the US such as all forms of payment
information, billing address, email address, complete home address and home
phone number of the passenger. The documents also state that data can be
kept by the US for a 7 year period. PNR data that have not been manually
accessed during that period of time, will be destroyed. PNR data that has
been manually accessed during the initial seven year period will be
transferred to a 'deleted record file', where they will remain for a period
of eight years before it is destroyed.
The Working Party proposes a much shorter list of data fields than the one
envisaged by the US Authorities, excluding unnecessary information and, in
any case, sensitive data. The Woking Party also wants a much shorter
retention period that should not exceed some weeks or even months following
the entry to the US.
Regarding the method of transfer the Working Party favours the 'push'
method ? whereby the data are selected and transferred by airline companies
to US authorities ? rather than the 'pull' one ? whereby US authorities
have direct online access to airline and reservation systems databases.
The use of the PNR data by the US should be limited to fighting acts of
terrorism without expanding their scope to other unspecified 'serious
criminal offences'. The Working Party also wants effective enforcement of
data subjects? rights and independent third-party supervision.
Opinion 4/2003 of the Art. 29 Working Party (13.06.2003)
http://europa.eu.int/comm/internal_market/privacy/docs/wpdocs/2003/wp78_en.pdf
Annex: Undertakings of the United States Bureau of Customs and Border
Protection and the United States Transportation Security Administration
(22.05.2003)
http://europa.eu.int/comm/internal_market/privacy/docs/wpdocs/2003/wp78-pnrf-
annex_en.pdf
European Commission / US Customs talk on Passenger Name Record (PNR)
transmission (05.03.2003)
http://europa.eu.int/comm/external_relations/us/intro/pnr.htm
==================================================================
2. BIOMETRICS IN EU PASSPORTS
==================================================================
In a remarkably high-speed procedure, the EU Council plans to oblige all
Member States of the Union to introduce chips containing biometric data on
their passports within little less than a year. Allegedly, this step is
taken to meet a U.S. deadline set on 26 October 2004. After that date,
according to a law passed eight months after the 11 September attacks, the
U.S will demand visas from all travellers entering the U.S. who don't have
DNA code, fingerprints, or iris scans embedded in their travel documents.
It is an open secret however, that the filing of biometric features and
their inclusion on personal documents have for a long time been on the
wishlist of EU law enforcement officials, in particular those associated
with the Schengen Information System (SIS). The EU itself plans to
introduce biometric data on visas and residence permits for third country
nationals, as part of its fight against illegal immigrants. These data will
be stored in the SIS, apparently along with biometric data of EU citizens
who have come into conflict with the law.
During the Thessaloniki meeting last month, the EU Heads of State also
decided to allocate a further 140 million Euro to the development of these
databases, which are already the biggest and most extended in Europe.
Already they contain data on more than 800.000 persons, 98 percent of whom
have merely been denied entrance at EU external borders.
No decision has been made so far as to which kind of data - DNA,
fingerprints or iris scans, or any combination thereof - will be used in
the EU passports, and how it will be stored - directly legible or on a
chip, encrypted or not. On an earlier occasion, the UK finance minister
Gordon Brown, a strong supporter of the plan, spoke out for a chip that
might also contain any kind of other data. The Frankfurter Allgemeine
Zeitung quotes a German Government spokesman, Daniel Höltgen, as saying "It
basically depends on the United States and on which feature they require."
And: "The interior minister is not worried about data protection at all.
It's just a matter of believing in the German legal system."
Presidency Conclusions of the Thessaloniki European Council (19/20.06.2003)
http://ue.eu.int/pressData/en/ec/76279.pdf
EU Observer: EU to tighten visa and passport security
http://www.euobserver.com/index.phtml?sid=9&aid=11837
Translation of Frankfurter Allgemeine Article on biometrics in Germany
http://www.statewatch.org/news/2003/jun/27data.htm
(Contribution by Andreas Dietl, consultant on EU privacy issues)
==================================================================
3. ANALYSIS: PRIVACY IN THE EU DRAFT CONSTITUTION
==================================================================
The draft European Constitution was presented in May 2003. The proposed
treaty contains a section on Fundamental Rights and Citizenship of the
Union. The European Charter of Fundamental rights, which was adopted at the
Nice summit, in 2000, will be an integral part of the treaty (section II,
article 5, paragraph 1).
The right of every individual to the protection of his or her personal data
will be stated twice in the treaty. In Article 36a, it says: "Everyone has
the right to the protection of personal data concerning him or her", a
phrase which is literally adopted from the European Charter of Fundamental
Rights. Article 8 of the Charter adds: "Such data must be processed fairly
for specified purposes and on the basis of the consent of the person
concerned or some other legitimate basis laid down by law. Everyone has the
right of access to data which has been collected concerning him or her, and
the right to have it rectified. Compliance with these rules shall be
subject to control by an independent authority."
To those provisions, Article 36a of the Treaty adds an item stressing the
EU Council and Parliament?s obligation to pass the according legislation.
It is worth mentioning, however, that current legislation allowing data
protection to be lifted for a multitude of purposes, mainly in connection
with so-called security issues, is not challenged by these provisions.
As the charter is specifically drafted to bind European Institutions,
article 8 section 3 implies the need for a European Data Commissioner. The
charter does not limit the protection offered by the European Convention
for the Protection of Human Rights and Fundamental Freedoms. as article 52
sec. 3 specifies that any rights that correspond to those already
articulated by the Human Rights Convention shall have the same meaning and
scope. Article 5 paragraph 3 of the treaty states that the European Union
may accede to the European Rights Convention. This is a new development as
the European Court of Justice had earlier advised against accession.
The charter differs from the Human Rights Convention in that it separately
protects data privacy from general privacy. As all EU members are party to
the Human Rights Convention, the draft constitution does not present a
radical change for the protection of privacy. However, the inclusion of a
section on data protection, the possible accession to the Human Rights
Convention, the explicit protection of data and the obligation on
Commission and Parliament to adopt rules relating data protection could be
an improvement for privacy protection as a whole.
Draft Constitutional Treaty for the European Union
http://www.europarl.eu.int/comparl/conv/documents/traite_en.pdf
(Contribution by Lodewijk Asscher, Dutch legal expert)
==================================================================
4. GERMAN PRESIDENT DEMANDS TAKE-DOWN OF SATIRICAL WEBSITE
==================================================================
A German comedian was ordered to take down his parody website about the
German Federal Chancellor (Bundeskanzler). The comedian, Joseph Pohl,
operated the website for almost 5 years. Two weeks ago, he received an
email from the Chancellors press office, accusing him of infringing on
their trademark. Even though the site is as clear a parody as parodies
come, with pictures of the comedian on his travels and software solutions
for job unemployment, the Chancellors entourage is definitely not amused.
They warn Pohl in this email not to undermine the dignity of the office
with cheap sarcasm.
Pohls email with a request for mercy was answered by a fax threatening him
with a court case. "The legal grounds are quite clear", according to this
fax, since the Press Office also won an earlier court case, 3 years ago,
about the domain name deutschland.de.
Parody website
http://www.bundes-kanzler.de/
German press agency article about the case (16.06.2003)
http://rhein-zeitung.de/on/03/06/16/topnews/kanzler-web.html?a
==================================================================
5. TURMOIL ABOUT VOTING DATE FOR EU PATENT DIRECTIVE
==================================================================
A proposal to hasten the plenary vote about the EU Software Patent
directive was stopped just in time. The voting date now remains set at the
1st of September. The extra time seems extra important now that the public
debate about the implications of this directive has only just taken of.
Last Monday, the French Social Democrat Michel Rocard, president of the EP
Culture Committee and former prime minister of France, showed himself an
avid opponent of the directive in an interview with the French Daily
Liberation. In the interview, Rocard refers to the 'Petition for a Free
Europe without Software Patents', signed by more 150.000 people, among
which 2.000 IT company owners and chief executives and 25.000 developers
and engineers from all sectors of the European information and
telecommunication industries.
The rapporteur of the Directive, fellow Social Democrat Arlene McCarthy (UK
Labour MEP) tried to rush the vote to June 30th, a mere twelve days after
publication of the highly controversial report and ten days after the
unexpected change of schedule.
Members of Parliament from all parties had complained that it was
impossible to react adequately within a time frame of 10 days. Until
Wednesday 25 June however, leaders of the two largest blocks, the
socialists (PSE) and conservatives (PPE), seemed determined to follow the
recommendations of their patent experts and go ahead with the vote quickly.
They explained that there was no reason to wait, because all possible
amendment proposals had already been submitted to the committees and
translated to all languages, and there was no need for new amendments. This
view however became increasingly difficult to uphold, as more and more MEPs
in all parties became aware of the schedule change and pointed out that
they wanted to prepare new amendments. Within the socialist group, a large
opposition group, possibly the majority, gathered around Michel Rocard
(FR), Luis Berenguer (ES), Evelyn Gebhardt (DE), Olga Zrihen (BE) and other
MEPs who had played a prominent role in resisting software patentability.
On 25 June, the climate change became apparent. More and more MEPs rumored
that the schedule would not be upheld. Even Arlene McCarthy was quoted as
saying that it might be too tight. A spokesman from the General Directorate
for the Internal Market of the European Commission, that had been pushing
for the directive together with Arlene McCarthy and other allies in the
Parliament's Committee for Legal Affairs and the Internal Market (JURI),
meanwhile told journalists: "Arlene McCarthy has tried hard to have the
vote conducted on June 30th, but as things now stand, this looks rather
unlikely." On 26 June the postponement became final, setting the vote back
to the original date of the 1st of September. Parliament will be closed
from 11 July until 25 August.
Petition for a Free Europe without Software Patents
http://swpat.ffii.org/news/03/epet0622/index.en.html
Interview with Michel Rocard (Liberation, 20.06.2003)
http://www.libe.fr/page.php?Article=121303
English translation
http://www.aful.org/wws/arc/patents/2003-06/msg00221.html
Final draft report by Arlene McCarthy
http://www.europarl.eu.int/meetdocs/committees/juri/20030521/488980en.pdf
==================================================================
6. FINNISH PLANS TO LOWER PRIVACY PROTECTION EMPLOYEES
==================================================================
On 26 June, the Finnish Ministry of Labour released a draft new version of
the law protecting privacy at the workplace. The proposal would make it
legal to read employees' email under certain circumstances. It also
contains new regulations on camera surveillance (allowed as long as a
single employee is not singled out) and drug testing (widely allowed at
work, but not as part of job interviews).
The proposal was sternly criticised in the Finnish media for giving too
much leeway to how companies can monitor their employees. Many people are
especially concerned about the fact that employers will be allowed to check
all kind of emails employees receive while they are sick or on holiday. The
traffic data and information in the headers can easily reveal sensitive
personal information that should fall under privacy protection. Secondly,
even if the proposal categorically forbids employers to open private
emails, it is not always possible to know beforehand whether email is
private or work related. Emails often contain both kinds of material.
Tietosuoja ja työntekijän valvonta ? työryhmä (no English material is
currently available)
http://www.mol.fi/julkaisut/tietosuojaraportti.pdf
(Contribution by Ville Oksanen, EFFI)
==================================================================
7. 2 MILLION DNA-PROFILES IN UK POLICE DATABASE
==================================================================
On the 100th anniversary of George Orwell, a UK police database with
DNA-profiles of suspects reached the number of 2 million. According to an
article in the English daily The Guardian, Home Secretary (minister of
internal affairs) David Blunkett said the five-year-old database was well
on the way to its target of holding 3 million profiles of people charged
with offences by 2004. Mr. Blunkett also said the police force had 5.5
million sets of fingerprints.
Police powers to keep DNA samples have been strengthened considerably since
2001 when they were first allowed to keep the information indefinitely from
suspects who were not convicted. Severely criticised by civil rights
groups, the new Criminal Justice Bill now before Parliament extends this
rule to people who are arrested but never charged.
Police DNA log now has 2m profiles (The Guardian, 26.06.2003)
http://www.guardian.co.uk/uk_news/story/0,3604,985006,00.html
DNA database being built by stealth, say civil rights groups (The
Telegraph, 26.06.2003)
http://www.telegraph.co.uk/news/main.jhtml?
xml=/news/2003/06/26/ndna26.xml&sSheet=/portal/2003/06/26/ixportal.html
==================================================================
8. DUTCH COURT ORDERS BAN ON FOREIGN GAMBLING WEBSITES
==================================================================
Last Tuesday, a Dutch court ordered 21 foreign gambling websites to ban
Dutch visitors. The sites are located in 10 different countries, from a
well-known gambling paradise like Antigua to companies based in Canada and
Australia.
The case was instigated by the national Dutch lottery (Lotto). This 100%
state-owned company became very confident after winning a case in February
against the international gambling firm Ladbrokes. Ladbrokes appealed. This
appeal will serve on 28 July.
According to the preliminary verdict, the 21 gambling sites violate the
Dutch Gambling Act because they are not licensed to offer online gambling
in the Netherlands. Since Dutch people can directly access the sites, they
are considered to operate within the Netherlands. And according to the law,
only 1 party is licensed to do so, De Lotto. Plans to open up the online
gambling market in the Netherlands have been debated in the Lower House
since 2000, but have not even lead to a test with competitors yet.
Online gambling is one of the 4 exceptions not harmonised by the European
E-Commerce Directive. Clearly, most EU member states have a high financial
interest in enforcing the national gambling monopoly.
Verdict Arnhem Court (01.07.2003, in Dutch)
http://www.rechtspraak.nl/uitspraak/show_detail.asp?ui_id=48882
==================================================================
9. FOUNDATION OF TURKISH DIGITAL CIVIL RIGHTS GROUP
==================================================================
At the end of this year, Turkey will have its first digital civil rights
group. Foundational work started in April 2003. Initiator is Dr. Yaman
Akdeniz, the founder and director of Cyber-Rights and Cyber-Liberties (UK).
According to Akdeniz, the organisation aims to protect the interests of all
honest, law-abiding Turkish Internet users with the aim of promoting free
speech and privacy on the Internet in Turkey. The organisation will be
actively involved with the Internet policy-making processes of the Turkish
Government, the European Union, Council of Europe, OECD, and the United
Nations. Turkish cyber-rights will co-operate as much as possible with
other civil liberties and public interest organisations working in this
field outside Turkey.
For further information contact Dr. Yaman Akdeniz <lawya at cyber-rights.org>
==================================================================
10. RECOMMENDED READING
==================================================================
The Internet under Surveillance: Obstacles to the free flow of information
Second annual report of the Paris based organisation of international
journalists (Reporters sans Frontieres) on the attitudes towards the
internet in 60 countries, between spring 2001 and spring 2003. According to
RSF "The Internet is the bane of all dictatorial regimes, but even in
democracies such as the United States, Britain and France, new
anti-terrorism laws have tightened government control of it and undermined
the principle of protecting journalistic sources."
The internet under surveillance
http://www.rsf.org/IMG/pdf/doc-2236.pdf
==================================================================
12. AGENDA
==================================================================
9-12 July 2003 Metz, France - RMLL2003
(Unofficial) fourth annual Libre Software meeting
http://www.rencontresmondiales.org/
7-10 August 2003 Berlin, Germany - Chaos Computer Camp 2003
http://www.ccc.de/camp/
5 September - Deadline Call for Papers about Copyright and Open and
Proprietary Software
On 4-5 December 2003, the Center for Tele-Information of the Technical
University of Denmark organizes its 8th annual international conference -
this year on copyright and software patents. A selection of the best papers
for the conference will be published in the international journal
Telematics and Informatics in spring 2004.
http://www.cti.dtu.dk/
==================================================================
13. ABOUT
==================================================================
EDRI-gram is a bi-weekly newsletter from European Digital Rights, an
association of privacy and civil rights organisations in Europe. Currently
EDRI has 10 members from 7 European countries. EDRI takes an active
interest in developments in the EU accession countries and wants to share
knowledge and awareness through the EDRI-grams. All contributions,
suggestions for content or agenda-tips are most welcome.
Newsletter editor: Sjoera Nas <edrigram at edri.org>
Information about EDRI and its members:
http://www.edri.org/
- EDRI-gram subscription information
subscribe/unsubscribe web interface
http://www.edri.org/cgi-bin/mailman/listinfo/edri-news/
subscribe by email
To: edri-news-request at edri.org
Subject: subscribe
You will receive an automated email asking to confirm your request.
- EDRI-gram in Russian
EDRI-gram is also available in Russian, a few days after the English
edition. The contents are the same. Translations are provided by Sergei
Smirnov, Human Rights Network, Russia.
The EDRI-gram in Russian can be read on-line via
http://www.hro.org/editions/edri/
- Newsletter archive
Back issues are available at:
http://www.edri.org/cgi-bin/index?funktion=edrigram
- Help
Please ask <info at edri.org> if you have any problems with subscribing or
unsubscribing.
==================================================================
Publication of this newsletter is made possible by a grant from
the Open Society Institute (OSI).
==================================================================
More information about the Syndicate
mailing list