EDRI-gram newsletter - Number 10, 4 June 2003
EDRI-gram newsletter
edrigram at edri.org
Thu Jun 5 11:05:10 CEST 2003
==================================================================
EDRI-gram
bi-weekly newsletter about digital civil rights in Europe
Number 10, 4 June 2003
==================================================================
Contents
==================================================================
1. EU data protection supervisor: contest not over yet
2. Council of Europe declaration on freedom on the internet
3. Radio chips in euro banknotes
4. Belgian DPA investigates transfer of passenger data
5. Irish DPA threatens government with court case
6. Finnish protest against EU copyright plans
7. Recommended reading
8. Agenda
9. About
==================================================================
1. EU data protection supervisor: contest not over yet
==================================================================
The list of candidates for the new post of EU Data Protection Supervisor
and Deputy Supervisor is shrinking. Joaquín Bayo Delgado, the contested
candidate of a Conservative-Social Democrat alliance in the European
Parliament (EP) risks to get pushed out of it. Bayo Delgado, the Dean of
the Judges of Barcelona, will, as it seems, not be accepted by the European
Council?s Committee of Permanent Representatives (Coreper). On 20 May,
Coreper came forward with a list of four candidates. They didn't indicate
what candidate they preferred as Supervisor and which as Deputy. This list
differed from the list of the EP Civil Liberties (LIBE) Committee (see
EDRi-gram Number 9) only in one person: instead of Bayo Delgado it favours
OECD Data Protection Commissioner Anne Carblanc. Despite the efforts of the
chair of the LIBE Committee, Jorge Salvador Hernández Mollár, Coreper has
up to now refused to redraft its list to include Bayo Delgado, who had won
a test vote in the LIBE Committee with a margin of five votes. After its
session on 28 May, when some members of parliament expected a redrafted
list of Council candidates, Coreper remained remarkably tight-lipped on the
issue.
Out of the nine candidates presented to the LIBE committee, Bayo Delgado is
the only one who has no record of commitment to Data Protection or any
other Civil Liberties issues whatsoever. Hernández Mollar (Conservative),
who had, together with his compatriot Anna Terrón i Cusí (Social Democrat),
lobbied heavily for Bayo Delgado as Supervisor before the test vote, now
seems willing to strike a deal. In the LIBE session of 2 June, Terrón ì
Cusí and Hernández Mollar suggested they would be ready to accept Peter
Johan Hustinx, the Dutch Data Protection Commissioner and preferred
candidate of the Liberal EP Group, on the condition that Bayo Delgado would
become Deputy.
Other members of parliament, among them French Conservative (MCC) Gérard
Deprez, were not ready to accept this new attempt of the Spanish connection
to promote their candidate. Now that both LIBE and Coreper have presented
their list of favourite candidates, Deprez said, the future Supervisor as
well as the Deputy should be selected from the intersection. This set
contains, besides Hustinx, Council of Europe Data Protection Commissioner
Waltraud Kotschy from Austria and Germany?s Deputy Data Protection
Commissioner, Ulrich Dammann. A third Group around the Dutch MEPs
Kathalijne Buitenweg (Greens) and Joke Swiebel (Social Democrats) attach
importance to one of the posts being taken by a woman, which could be
either Kotschy or Carblanc. Kotschy has applied only for the post of
Supervisor and is said not to be willing to become Deputy.
On 5 June, Hernández Mollár will ask a mandate for further negotiations
with Coreper from the EP?s Conference of Presidents. It is uncertain
whether this high body of the parliament will give him an unconditional
mandate - which he would no doubt use to carry on the struggle for Bayo -
or whether he will be given a clearly defined mission.
Meanwhile, on 30 May, EDRi-member Privacy International sent an open letter
to members of parliament, reminding them of the importance of the position
and asking them to choose a more eminently qualified candidate.
Open letter Privacy International (30.05.2003)
http://www.privacyinternational.org/intl_orgs/eu/delgado-letter-503.html
(Contribution by Andreas Dietl, consultant on EU privacy issues)
==================================================================
2. Council of Europe declaration on freedom on the internet
==================================================================
The Council of Europe Committee of Ministers has adopted a Declaration on
freedom of communication on the internet. The text contains 7 principles
that underline the principle of freedom of expression and condemn practices
aimed at restricting or controlling internet access, especially for
political reasons. Remarkably, the 7th principle is the right of anonymity.
"In order to ensure protection against online surveillance and to enhance
the free expression of information and ideas, member states should respect
the will of users of the Internet not to disclose their identity."
The declaration also deals with the freedom to provide services via the
internet and the liability of providers. The provision of services via the
internet should not be made subject to specific licence schemes, as still
is the case in many countries outside of the European Union, nor should
providers be obliged to monitor content on the internet. Closely following
articles 12, 13 and 14 of the E-Commerce Directive (2000/31/EC), the
Council states that service providers should not be held liable for data
they are merely transporting. In case of hosting, liability should only
begin after the provider has become aware of the illegality of hosted
material (to be defined in national law) and does not remove or disable
access. Much clearer though than in the E-Commerce Directive, the Council
of Europe underlines the need to protect the freedom of expression and the
right of users to information.
In practice, the E-Commerce Directive has not brought much clarity in the
responsibility of internet providers. The self-regulatory approach causes
providers to be split between the opposing interests of freedom of
expression and copyright holders. Many civil rights activists and providers
have argued for a more formal approach, where only an order from a judge
would constitute actual knowledge of infringing material.
Attempts to develop a standardised notice and takedown (NTD) procedure have
failed miserably so far. The parties involved, citizens, service providers
and copyright holders have been unable to achieve agreement about the exact
meaning of terms like 'expeditiously' and 'apparently illegal'.
"Any self-regulatory regime within the context of NTD procedures cannot be
truly effective without some form of legislative underpinning", was the
conclusion of Rightswatch, a 2 year program of EU-sponsored debates about
provider liability between citizens, providers and rightholders in
North-Europe, South-Europe and the UK/Ireland. However, the European
Commission has made it clear that the E-Commerce Directive will not receive
a review of its text until, at the earliest, 2006. This leaves it up to
national governments to choose the level of protection for the freedom of
expression.
Council of Europe Declaration (28.05.2003)
http://www.coe.int/T/E/Communication%5Fand%5FResearch/Press/News/2003/20030528
_declaration.asp
Final report of the Rightswatch Program (20.02.2003)
http://www.rightswatch.com/DocsRepository/2701/FinalReport030123v1.pdf
==================================================================
3. Radio chips in euro banknotes
==================================================================
Japanese electronics maker Hitachi has told the Japanese press that it has
started talks with the European Central Bank (ECB) about the use of RFIDs
in euro banknotes.
RFIDs (radio frequency identification) are very small radio chips that
transmit a unique serial code when a reader is placed in their proximity.
RFID were originally designed for logistic purposes; to track and trace
items in transport or stored in warehouses. But the mini-tags are also
getting embedded in consumer products, as described in the previous
EDRI-gram. This raises great privacy-concerns, since the technology makes
it possible to track and trace individual consumption-patterns. The RFIDs
have no access control. Anyone with a reader can detect them and read the
serial number. The only possibility to protect privacy would be to remove
or disable the tag when buying the product in a store.
The RFIDs in euro banknotes could help against counterfeiting and make it
possible to detect money hidden in suitcases at airports. But the
technology would also enable a mugger to check if a victim has given all of
his money. If RFIDs are embedded in banknotes, governments and law
enforcement agencies can literally 'follow the money' in every transaction.
The anonymity that cash affords in consumer transactions would be eliminated.
Curiously the European Central Bank has stated recently in an biannual
report that "the full extent of euro counterfeiting is very small".
Hitachi mu-chip
http://www.hitachi.co.jp/Prod/mu-chip/
Biannual information on the counterfeiting of the euro (23.01.2003)
http://www.ecb.int/press/03/pr030123_1en.htm
==================================================================
4. Belgian DPA investigates transfer of passenger data
==================================================================
Following a complaint from European parliament member Marco Cappato the
Belgian data protection office is investigating a possible violation of
European privacy law by the airline carriers Continental Airlines and
United Airlines. Mr Cappato sent a letter to the Belgian data protection
commissioner urging his office to investigate the transfer of his personal
data to the US authorities. These so-called PNR data are sent to the US
authorities by airlines following an agreement between US Customs and the
European Commission. This agreement is considered unlawful by many observers.
The Belgian data protection office has told Mr Cappato that "The commission
contacted the companies concerned, in order to obtain information
concerning the implementation of a system of transfer to the American
authorities of the personal data of their passengers travelling towards the
United States. The Commission also asked these companies to indicate the
detail of the transmitted data, their mode of transmission, which
information has been communicated to you in this respect as well as the
information generally communicated to each passenger concerned, as well as
the fact of knowing if the passenger is made able to agree voluntarily or
to oppose the transfer."
Mr Cappato used one of the model letters that European Digital Rights
offers for download on its website. The model letters are part of EDRI's
campaign against the illegal transfer of airline passenger data.
EDRI campaign against the transfer of PNR-data to the USA
http://www.edri.org/cgi-bin/index?funktion=view&id=000100000085
==================================================================
5. Irish DPA threatens government with court case
==================================================================
According to an article in the Irish Times of 26 May, the Irish Data
Protection Commissioner Mr Joe Meade has twice threatened to begin High
Court proceedings against the Government for using an "invalid" Ministerial
Direction to unconstitutionally store citizens' phone, fax and mobile call
data for 3 years.
As reported in EDRI-gram nr. 3, in April 2002 the Minister for Public
Enterprise issued directions to telecommunication operators to keep
detailed, non-anonymous traffic data for a three-year period. When Meade
revealed this during a conference on data retention in February, he stated
that government was also preparing mandatory data-retention for internet
providers.
The situation was even worse when Meade first obliged providers and telco's
to register their databases with the Office for Data Protection. In January
2001 the Commissioner found out that companies had been keeping these data
for 6 years. Following EU privacy-guidelines he pressed for a maximum
retention period of 6 months. The Irish government obviously wasn't pleased
and issued the secret direction in response.
The Irish Times obtained correspondence of the Commissioner under the
Freedom of Information Act. In his letters, Meade said the Direction was
"in breach of Article 15.2.1 of the Constitution", lacked "the character of
law", and was "in breach of the principles of (European) Community law". He
also threatened proceedings because he believed the Government had failed
to act with the haste it initially promised, to replace the secret
Direction with primary legislation.
'Court threat for State over data privacy' by Karlin Lillington (26.05.2003)
http://radio.weblogs.com/0103966/2003/05/26.html#a2327
==================================================================
6. Finnish protest against EU copyright plans
==================================================================
EDRI-member Electronic Frontier Finland (EFFI) submitted a statement on a
proposed EU Directive to harmonise the enforcement of intellectual property
laws, including copyrights and patents, across member states. According to
EFFI, the new directive is based too unilaterally on studies made for the
media industry. For example, the proposal compares piracy to drug trade and
terrorism. Besides proposing punitive damages, the draft directive suggests
that defendants should pay for the publication of judgements in newspapers.
Another principle objection of the Fins against the draft Directive is that
it treats digital products the same way as the counterfeiting of medicines,
alcohol, toys and car parts. EFFI argues that piracy and counterfeiting
affecting the safety and the health of individuals should never be compared
with infringements on digital products.
The proposal, adopted by the Commission at the end of January, is currently
under discussion in the Legal Affairs Committee of the European Parliament.
A first draft of a 'Working Document' was presented to that Committee by
its rapporteur Janelly Fourtou on 28 April. The vote in Legal Affairs is
foreseen for 11 September, the one in Plenary for the week following 20
October.
EFFI statement
http://www.effi.org/julkaisut/lausunnot/ipr_enforcement_lausunto.en.html
Proposal for a Directive of the European Parliament and of the Council on
measures and procedures to ensure the enforcement of intellectual property
rights
http://europa.eu.int/eur-lex/en/com/pdf/2003/com2003_0046en01.pdf
Working Document presented by Fourtou to the European Parliament's Legal
Affairs Committee
http://www.europarl.eu.int/meetdocs/committees/juri/20030428/495099EN.pdf
==================================================================
7. Recommended reading
==================================================================
Study about copyright levies produced by the Dutch Institute for
Information Law (IVIR). The study examines existing levy systems in the
European Union and gives an overview of existing and emerging DRM-based
content distribution models and formats. The researchers examine the key
notions of ?private copying? and ?fair compensation?, as applied in the
Directive, and conclude with a series of strong arguments against a levy
(tax) on computers or hard disks.
DRM and the future of levies (03.2003)
http://www.ivir.nl/publications/other/DRM%20Levies%20Final%20Report.pdf
==================================================================
8. Agenda
==================================================================
13-14 June 2003 Amsterdam, The Netherlands - Freedom of the Media and
the Internet
2-day conference organised by OSCE, the Organisation for Security and
Co-operation in Europe.
http://www.osce.org/events/fom/amsterdam/
25 June 2003 London, United Kingdom - International Big Brother Award
http://www.privacyinternational.org/bigbrother/
30 June - 2 July 2003 St. Petersburg, Russia - Building the Information
Commonwealth
http://www.communities.org.ru/conference/
9-12 July 2003 Metz, France - RMLL2003
(Unofficial) fourth annual Libre Software meeting
http://www.rencontresmondiales.org/
7-10 August 2003 Berlin, Germany - Chaos Computer Camp 2003
http://www.ccc.de/camp/
17-29 August 2003 Budapest, Hungary - ICT policy training programme
Ten-day programme on information and communications technologies (ICT) for
25 selected participants from Central, Eastern and South-eastern Europe,
organised by the Stanhope Centre for Communications Policy Research in
co-operation with the Open Society Institute and the Markle Foundation
Applications are due by 16 June 2003, and should be sent via email to Susan
Abbott, Research and Programme Co-ordinator, Stanhope Centre for
Communications Policy Research, <sabbott at stanhopecentre.org>.
==================================================================
9. About
==================================================================
EDRI-gram is a bi-weekly newsletter from European Digital Rights, an
association of privacy and civil rights organisations in Europe. Currently
EDRI has 10 members from 7 European countries. EDRI takes an active
interest in developments in the EU accession countries and wants to share
knowledge and awareness through the EDRI-grams. All contributions,
suggestions for content or agenda-tips are most welcome.
Newsletter editor: Sjoera Nas <edrigram at edri.org>
Information about EDRI and its members:
http://www.edri.org/
- EDRI-gram subscription information
subscribe/unsubscribe web interface
http://www.edri.org/cgi-bin/mailman/listinfo/edri-news/
subscribe by email
To: edri-news-request at edri.org
Subject: subscribe
You will receive an automated email asking to confirm your request.
- EDRI-gram in Spanish
EDRI-gram is also available in Spanish, usually 3 days after the English
edition. The contents are the same. Translations are provided by David
Casacuberta, secretary of the Spanish chapter of Computer Professionals for
Social Responsibility (CPSR).
To subscribe to the Spanish language EDRI-gram, please visit
http://www.edri.org/cgi-bin/mailman/listinfo/edri-grama/
or subscribe by email:
To: edri-grama-request at edri.org
Subject: subscribe
- EDRI-gram in Russian
EDRI-gram is also available in Russian, a few days after the English
edition. The contents are the same. Translations are provided by Sergei
Smirnov, Human Rights Network, Russia.
The EDRI-gram in Russian can be read on-line via
http://www.hro.org/editions/edri/
- Newsletter archive
Back issues are available at:
http://www.edri.org/cgi-bin/index?funktion=edrigram
- Help
Please ask <info at edri.org> if you have any problems with subscribing or
unsubscribing.
==================================================================
Publication of this newsletter is made possible by a grant from
the Open Society Institute (OSI).
==================================================================
More information about the Syndicate
mailing list