EDRI-gram newsletter - Number 20, 22 October 2003
EDRI-gram newsletter
edrigram at edri.org
Wed Oct 22 19:45:28 CEST 2003
========================================================
==========
EDRI-gram
bi-weekly newsletter about digital civil rights in
Europe
Number 20, 22 October 2003
========================================================
==========
CONTENTS
========================================================
==========
1. Expert meeting on spam in Brussels
2. 199 amendments on IP enforcement directive
3. Still no EU Data Protection Supervisor
4. First decision against spam in Poland
5. 'Mandatory data retention is unlawful'
6. EU health chip
7. Dutch Big Brother Award for Minister of Justice
8. White paper on notice and take-down
9. Report of WSIS prepcom 3
10. Recommended reading
11. Agenda
12. About
========================================================
==========
1. EXPERT MEETING ON SPAM IN BRUSSELS
========================================================
==========
With only a few days to go before the 31 October
deadline for the
transposition of the new Directive for Privacy and
Electronic
Communications, on 13 October the Commission organised a
public workshop
about spam. More than 200 public and private stake-
holders attended,
ranging from government representatives to consumer &
civil rights groups
and from data protection authorities to spokespersons
for both internet
and mobile telephony companies. Later this year, the
Commission will
produce a (non-binding) communication based on the
results of the
workshop.
In his opening speech Erkki Liikanen, the Commissioner
for Enterprise and
the Information Society summed up 3 main tasks for
member states after the
entry into force of the directive; enforcement, consumer
self-help and
awareness and international co-operation.
Up to date, only Austria, Belgium, Denmark, Italy and
Austria have enacted
the opt-in regime, the other member states have yet to
follow. When asked
about the progress in negotiating a spam-ban with the
United States,
Liikanen referred to private anti-spam initiatives by US
internet service
providers. The United States currently don't even have
an opt-out regime,
and Liikanen remarked that it was very difficult to
convince US
politicians of the need to take measures, since they
consider mail a very
important communication channel with their constituency
and are afraid of
restricting it.
Discussing the need for complaints mechanisms, EDRI
pleaded for Commission
support for national or even Europe-wide spam-boxes as
the easiest way for
European citizens to get redress for complaints about
spam. The
representative from the European Coalition against
Unsolicited Commercial
Email (Eurocauce) supported the need for cross-border
monitoring and
enforcement. The Commission said they would gladly
intensify collaboration
with the Data Protection Authorities after the 31st of
October. When asked
by the Commission about their experiences with a
national spam mailbox,
representatives from the French and Belgian DPA answered
that both pilot
projects had stopped. Both concluded that a national
initiative would
never suffice, and called on the Commission to help with
cross-border
enforcement. Though the Commission saw no possibility
for further (civil
law) harmonisation of fines, the future framework
decision on attacks
against information systems will create a penal law
solution against
(fraudulent) spam.
In February 2004 the OECD will host a conference on
spam. The Commission
hopes this will encourage more countries to switch to an
opt-in regime.
Given the particularly slow implementation rate of the
previous privacy
directives, it comes as no surprise that the spam-ban
will not be
evaluated before 2006.
Commission: results of questionnaire (01.10.2003)
http://europa.eu.int/information_society/topics/ecomm/do
c/highlights/current_spotlights/spam/310_01
_issue_paper_workshopspam_web.doc
========================================================
==========
2. 199 AMENDMENTS ON IP ENFORCEMENT DIRECTIVE
========================================================
==========
Last Monday, the European Parliament's Judicial Affairs
Committee (JURI)
should have discussed its Report on the Enforcement of
Intellectual
Property Rights. But the agenda was so overcrowded that
the Rapporteur,
French MEP Janelly Fourtou, could only make some
introductory remarks
before the session was over.
Overwhelmed by the large number of 199 amendments the
Parliament's
translation service failed to present translations into
all of the EU's
eleven official languages, leaving Parliamentarians with
nothing more than
English, Greek and Danish versions of the 159 page
document, which were
presented only hours before the discussion was going to
take place.
Mrs. Fourtou, who would like to see the report become
applicable law
before the Enlargement of the Union and EU-wide
Parliamentary elections
next summer, had to announce that the initial schedule
was going to be
postponed.
Mrs. Fourtou has been under attack from a large number
of her Parliament
colleagues, even from within her own Conservative Group.
She is criticised
for introducing a set of amendments criminalising even
small-scale file
sharers - and for her defence of an article in the draft
directive that
constitutes a violation of the EU's rules of procedure.
Article 20 of the draft directive deals with criminal
law provisions for
infringements of intellectual property rights. Some of
the sanctions
foreseen pre-empt a possible decision by a Court of
Justice on whether
such an infringement has taken place at all, and
therefore constitutes
so-called substantive law. In the EU's complicated
lawmaking process,
which foresees different procedures for different fields
of competence,
creating substantive criminal law is still an
intergovernmental competence
and can not take place under the co-decision procedure.
4 of the amendments aim at deleting Article 20, but Mrs.
Fourtou and
Commission officials alike are not willing to even
discuss this. The
initial discussion of the Report will now, as it seems,
take place either
on Tuesday, November 4th - the date initially foreseen
for the vote in the
Committee - or on November 6. The vote in the Committee
would then take
place either on November 26 or the following day, which
would mean the
vote in Plenary would have to take place in the week
following December
15.
EU Commission: Proposal for a Directive on measures and
procedures to
ensure the enforcement of intellectual property rights
[COM (2003) 46]
http://europa.eu.int/eur-lex/en/com/pdf/2003/com2003_
0046en01.pdf
Janelly Fourtou's Draft Report on this Directive
http://www.europarl.eu.int/meetdocs/committees/juri/2003
1020/498789en.pdf
199 Amendments to the Fourtou Report
http://www.europarl.eu.int/meetdocs/committees/juri/2003
1020/509224en.pdf
Law Professors criticise IPR Enforcement Directive
http://www.cl.cam.ac.uk/ftp/users/rja14/cornish.pdf
(Contribution by Andreas Dietl, consultant on EU privacy
issues)
========================================================
==========
3. STILL NO EU DATA PROTECTION SUPERVISOR
========================================================
==========
European discussions can't agree on the appointment of a
European
privacy-czar. The European parliament insists on
choosing Joaquín Bayo
Delgado, who has no experience in data protection
issues, as the new EU
Data Protection Supervisor. The Council favours the
Dutch Data Protection
Commissioner Peter Hustinx.
Jorge Salvador Hernández Mollar, the President of the
European
Parliament's Committee on Citizens' Freedoms and Rights,
Justice and Home
Affairs (LIBE), recently made a move to break the
blockade between the
Parliament and the Council on the issue. In a letter
sent on 10 October to
Umberto Vattani, the Permanent Representative of Italy
with the European
Union, Mr. Hernández expresses the hope that "each
institution should
accept the first choice of the others", which seems to
be diplomatic
language meaning that the Council should accept the
choice of the
Parliament.
LIBE's indicative vote on 20 May 20 showed a slight but
clear majority of
votes for Joaquín Bayo Delgado, the only candidate from
the nine-person
list with no experience in Data Protection whatsoever.
The Greek Council
Presidency made it known to the Parliament that it would
not accept this
candidate. The Council instead favoured Peter Hustinx,
the Dutch Data
Protection Commissioner, who has indeed been very active
on the
international scene.
In an informal meeting following the vote both
institutions agreed to
disagree, sticking to their different candidates. The
rules for the
nomination of the Data Protection Commissioner and his
Assistant did not
foresee any procedure for such a situation. Blame it on
the rules - since
then, the silence between the Council and Parliament was
only interrupted
by occasional letters confirming to the respective other
side that the
authors were still not willing to leave their positions.
Mr. Hernández, it
seems, was hoping for the Greek Presidency to be
replaced by Italy, whose
government is politically closer to his own Spanish
Popular Party. The two
parties are also in the same Group within the European
Parliament, the
Conservative PPE. The fact that Italy has still not
reacted, however, may
be an indication that the split doesn't follow party
lines, but that the
question is understood as a national issue. The other
outspoken backer of
Mr. Bayo Delgado, besides Mr. Hernández, is Ana Terrón i
Cusí. She is a
member of the Social Democrat PSE Group, but she is
Spanish, as are
Hernández Mollar and Bayo Delgado.
The procedure of choosing an EU Data Protection
Supervisor started one
year ago.
EU Commission: EU Data Protection Supervisor
http://europa.eu.int/comm/internal_market/privacy/applic
ation_en.htm
Outsider recommended as new EU Data Protection
Supervisor (EDRI-gram 9)
http://www.edri.org/cgi-bin/index?funktion=view&id=
000100000098
EU data protection supervisor: contest not over yet
(EDRI-gram 10)
http://www.edri.org/cgi-bin/index?funktion=view&id=
000100000099
(Contribution by Andreas Dietl, consultant on EU privacy
issues)
========================================================
==========
4. FIRST DECISION AGAINST SPAM IN POLAND
========================================================
==========
The Polish agency for Competition and Consumer
Protection recently for the
first time condoned a spammer. According to the agency,
the Firm
Edukacyjna Impuls Plus from the city of Grudziadz had
violated the
Provision of Electronic Services Bill by sending
unsolicited commercial
mail. The businessman was ordered to stop such actions
and to publish a
special announcement in the Gazeta Wyborcza (one of the
most popular daily
newspapers in Poland).
It is the first decision against a spammer in Poland and
it is based on
administrative law.
Nobody has yet tried to challenge the phenomenon on the
ground of private
law.
The Polish law on the provision of electronic services
was enacted on 18
July 2002, partially transposing both the directive on
electronic commerce
(2000/31/EC) and the directive on privacy and electronic
communications
(2002/58/EC).
The Polish regulation imposes a ban on sending
unsolicited commercial
messages to private persons by means of electronic
communication,
especially electronic mail. Legally, spamming is
considered to be unfair
competition in the interpretation of the law on Fighting
Unfair
Competition.
But the issue is quite complex. "The attempts to answer
some questions
connected with the use of information and communication
technologies in a
normative context, face many difficulties when it comes
to defining
certain terms" - the lawmakers said. One of the problems
the Poles face is
the fact that the law only protects against spam with a
clear commercial
character.
Legal analysis of the anti-spam decision (in Polish)
http://www.vagla.pl/skrypts/spam_delikt_nieuczciwej_konk
urencji.htm
Polish - English translation service
http://www.translate.pl
(Contribution by Piotr VaGla Waglowski, Internet Society
Poland)
========================================================
==========
5. 'MANDATORY DATA RETENTION IS UNLAWFUL'
========================================================
==========
A legal opinion commissioned by EDRI-member Privacy
International and
provided by the law firm Covington & Burling concludes
that mandatory data
retention plans in the EU are unlawful.
The opinion, which relates to an EU framework directive
on the retention
of communications data, has profound ramifications for
ten EU states that
have implemented, or are planning to implement, measures
to place
communications users under blanket surveillance.
The opinion states: "The data retention regime envisaged
by the (EU)
Framework Decision, and now appearing in various forms
at the Member State
level, is unlawful. Article 8 of the European Convention
on Human Rights
(ECHR) guarantees every individual the right to respect
for his or her
private life, subject only to narrow exceptions where
government action is
imperative. The Framework Decision and national laws
similar to it would
interfere with this right, by requiring the accumulation
of large amounts
of information bearing on individuals' private
activities. This
interference with the privacy rights of every user of
European-based
communications services cannot be justified under the
limited exceptions
envisaged by Article 8 because it is neither consistent
with the rule of
law nor necessary in a democratic society."
The opinion continues: "The indiscriminate collection of
traffic data
offends a core principle of the rule of law: that
citizens should have
notice of the circumstances in which the State may
conduct surveillance,
so that they can regulate their behaviour to avoid
unwanted intrusions.
Moreover, the data retention requirement would be so
extensive as to be
out of all proportion to the law enforcement objectives
served. Under the
case law of the European Court of Human Rights, such a
disproportionate
interference in the private lives of individuals cannot
be said to be
necessary in a democratic society."
A series of regulations (Statutory Instruments) recently
laid before the
UK Parliament intends to create a legal basis for
comprehensive
surveillance of communications. The regulations will
allow an extensive
list of public authorities access to records of
individuals' telephone and
Internet usage. This 'communications data' -- phone
numbers and e-mail
addresses contacted, web sites visited, locations of
mobile phones, etc. -
will be available to government without any judicial
oversight. Not only
does government want access to this information, but it
also intends to
oblige companies to keep personal data just in case it
may be useful.
Privacy International
http://www.privacyinternational.org/
========================================================
==========
6. EU HEALTH CHIP
========================================================
=========
The European Union has taken steps towards the creation
of an EU-wide
health identity card. By 2008 there will be a new card
with a microchip
that can store a range of biometric and personal data.
Approved by Union
ministers in Luxembourg the plastic disk will slide into
the credit-card
pouch of a wallet or purse.
The European Health Insurance Card is intended to
replace forms currently
used by travellers who fall ill in other EU countries.
Eventually it will
replace a plethora of other complex forms needed for
longer stays.
During the first phase - starting at 1 June 2004 - each
country will be
able to choose whether to include photographs,
fingerprints and biometric
data, such as eye measurements, on the 'national' side
of the card. The
ultimate objective is to have an electronic chip on the
card as the
technology improves.
European health insurance card
http://europa.eu.int/comm/employment_social/news/2003/fe
b/hicard_en.html
========================================================
==========
7. DUTCH BIG BROTHER AWARD FOR MINISTER OF JUSTICE
========================================================
==========
The Dutch Big Brother Awards were presented in front of
a 300 person
audience in Amsterdam on the 11th of October. With the
Awards the person,
company, governmental institution and initiative are
rewarded for damaging
the privacy of citizens in 2003 the most. The 4 winners
of 2003 are:
minister of Justice Piet Hein Donner; several major
lawyer firms; the
Immigration and Naturalisation Service and the legal
proposal to introduce
compulsory identification.
According to the jury minister Donner seems to have a
personal mission in
the destruction of the right to privacy. The minister
was awarded for a
long list of proposals and determined efforts to shift
the balance between
privacy and safety. The minister is in particular
responsible for the law
proposal for compulsory identification for all persons
starting at 14
years.
The second Big Brother Award is awarded to several Dutch
lawyer firms for
using the services of investigation office Mariendijk.
Under false
pretence the office managed to extract very privacy-
sensitive information
from banks and social security offices.
The Immigration and Naturalisation Service (IND)
deserves the Award with
the storage of all e-mails of all employees for an
undetermined period of
time.
Finally the jury crowned the legal proposal for
compulsory identification
with an Orwellian Award. This proposal requires all
persons to permanently
wear ID from the age of 14. People unable to immediately
show a valid
passport, drivers license or identity card risk a fine
of 2250 euro.
Since Privacy International presented the first Big
Brother Awards in
1998, an international tradition has begun. By now, more
than 40
ceremonies have taken place in 15 different countries.
In the next two
weeks several Award ceremonies are scheduled in Germany,
Spain, Austria,
Switzerland and Hungary (see agenda below).
Dutch Big Brother Awards
http://www.bigbrotherawards.nl/index_uk.html
Big Brother Awards International
http://www.bigbrotherawards.org/
========================================================
==========
8. WHITE PAPER ON NOTICE AND TAKE-DOWN
========================================================
==========
The RightsWatch Project, a research project funded under
the European
Commission's Information Society Technology programme,
produced a white
paper on notice and take-down of websites.
During a 2 year project RightsWatch tried to develop
consensus between
providers, right holders and internet users about self-
regulatory notice
and takedown (NTD) procedures. The attempts miserably
failed, since
self-regulation requires at least some willingness to
achieve consensus.
While right holders insisted on immediate take-down
after any
(unsubstantiated) complaint, internet users objected
against private
censorship by internet providers and internet providers
dreaded their
position in the middle. European commission and
parliament refused to
solve this problem in the directive on electronic
commerce (2000/31/EC),
leaving it up to market forces to guarantee freedom of
speech online, in
stead of referring these complex issues to independent
courts.
White Paper (October 2003)
http://www.rightswatch.com
========================================================
==========
9. REPORT ON WSIS PREPCOM 3
========================================================
==========
>From 15 to 26 September 2003 governments and civil
society assembled in
Geneva for the third preparatory conference for the
World Summit on the
Information Society. The two weeks ended with many key
issues still
unresolved, and with a last-minute proposal to reconvene
for an extra
session from 10 to 14 November.
EDRI members IRIS (FR) and Digital Rights (DK)
participated as
co-ordinators of the Human Rights caucus, currently made
up of 32
organisations. EDRI-member EFFI also participated, as
part of the Finish
delegation. The HR caucus presented oral statements to
the plenary
government meetings, to the EU-group, and to the two
governmental working
groups on communication rights and privacy/security,
respectively.
Furthermore, drafting proposals were made both for the
Declaration of
Principles and Plan of Action.
Some of the key messages of the HR Caucus were:
The WSIS documents need to build on the human rights
framework and
standards and general HR principles on equal rights and
non-discrimination
must be ensured on all levels of IT policy and action
plans. Secondly, the
right to privacy should be acknowledged in a new Article
34a and thirdly,
the concept of "information security" should not be
used, as it may be
used to legitimise censorship. Instead the term 'network
security' is
proposed.
The HR caucus also issued a petition against the
nomination of General
Habib Ammar as President of the preparatory committee of
the second phase
of the Summit to be held in Tunisia in 2005.
Furthermore, the HR Caucus
wrote a protest letter on the exclusion of Reporters
sans Frontiers and
Human Rights China from the WSIS process (see EDRI-gram
18).
Statements, input and Tunisia petition HR caucus
http://www.iris.sgdg.org/actions/smsi/hr-wsis/
(Contribution by Rikke Frank Joergensen, Digital Rights)
========================================================
==========
10. RECOMMENDED READING
========================================================
==========
A number of well-known information security specialists
have written an
opinion on the security risk resulting from Microsoft's
monopoly.
"Most of the world's computers run Microsoft's operating
systems, thus
most of the world's computers are vulnerable to the same
viruses and worms
at the same time. The only way to stop this is to avoid
monoculture in
computer operating systems, and for reasons just as
reasonable and obvious
as avoiding monoculture in farming."
The authors recommend government intervention "to
confront the security
effects of monopoly and acknowledge that competition
policy is entangled
with security policy from this point forward". They also
have a few
short-term recommendations for Microsoft such as
publication of certain
specifications.
One of the authors, Daniel Geer, Chief Technical Officer
for @Stake, was
fired because of the report. @stake said that Geer had
been sacked because
he had not gained its approval for release of the
report, which presented
opposing views to those of the company.
CyberInsecurity: The Cost of Monopoly.
http://www.ccianet.org/papers/cyberinsecurity.pdf
========================================================
==========
11. AGENDA
========================================================
==========
Upcoming Big Brother Awards 2003:
24 October, Bielefeld, Germany
24 October, Iruna (Pamplona), Spain
26 October, Vienna, Austria
1 November, Berne, Switzerland
6 November, Budapest, Hungary
http://www.bigbrotherawards.org
24-26 November, Paris, France - EGOVOS
The EGOVOS conference is a high-level international
event covering the
topic of free/open source software, interoperability and
open standards in
the government sphere.
http://www.egovos.org/nov-2003/agenda.html
8-9 January 2004, Sheffield, UK - CCTV and Social
Control
Conference organised by the Centre for Criminological
Research, University
of Sheffield on the politics and practice of video
surveillance, from a
European and global perspective.
http://www.sheffield.ac.uk/ccr/publicity/conference/inde
x.html
30-31 January 2004, Stockholm, Sweden - WHOLES
A Multiple View of Individual Privacy in a Networked
World
An international workshop to explore interdisciplinary
approaches to
privacy. Contribution deadline for papers: 31 October
2003.
http://www.sics.se/privacy/wholes2004/
========================================================
==========
12. ABOUT
========================================================
==========
EDRI-gram is a bi-weekly newsletter from European
organisations in Europe.
Currently EDRI has 14 members from 11 European
countries. EDRI takes an
active interest in developments in the EU accession
countries and wants to
share knowledge and awareness through the EDRI-grams.
All contributions,
suggestions for content or agenda-tips are most welcome.
Newsletter editor: Sjoera Nas <edrigram at edri.org>
Information about EDRI and its members:
http://www.edri.org/
- EDRI-gram subscription information
subscribe/unsubscribe web interface
http://www.edri.org/cgi-bin/mailman/listinfo/edri-news/
subscribe by e-mail
To: edri-news-request at edri.org
Subject: subscribe
You will receive an automated email asking to confirm
your request.
- EDRI-gram in Russian
EDRI-gram is also available in Russian, a few days after
the English
edition. The contents are the same. Translations are
provided by Sergei
Smirnov, Human Rights Network, Russia.
The EDRI-gram in Russian can be read on-line via
http://www.hro.org/editions/edri/
- EDRI-gram in Italian
EDRI-gram is also available in Italian, a few days after
the English
edition. The contents are the same. Translations are
provided by
autistici.org
The EDRI-gram in Italian can be read on-line via
http://www.autistici.org/edrigram/
- Newsletter archive
Back issues are available at:
http://www.edri.org/cgi-bin/index?funktion=edrigram
- Help
Please ask <info at edri.org> if you have any problems with
subscribing or
unsubscribing.
========================================================
==========
Publication of this newsletter is made possible by a
grant from
the Open Society Institute (OSI).
========================================================
==========
More information about the Syndicate
mailing list