(Dieser Artikel ist auch in deutscher Sprache verfügbar)
Two members of the European Parliament (MEPs), rapporteurs on the European huge biometric databases Visa Information System (VIS) and the Schengen Information System II (SIS II), have addressed a public letter to commissioner Frattini asking for effective data protection and data security provisions and thus excluding the copying or storage of sensitive data in mobile formats such as, for instance, diskettes or CD-ROMs.
This letter comes as a reaction to the UK government data protection security problems, after two CDs containing the personal data of 25 million citizens were lost in the post.
The two MEPs - Baroness Sarah Ludford MEP, Liberal Democrat European justice spokeswoman and European Parliament rapporteur on the VIS and Carlos Coelho, responsible for the Schengen Information System - have reminded Commissioner Frattini and the Portuguese Presidency that during the negotiations on the SIS II one of the major concerns of the Parliament was exactly the problem of the so-called "technical copies" that lead to personal data stored off-line. The compromise with the Council was that all routine technical copies which lead to data stored offline would have to be phased out, and that only in exceptional cases could a copy be made offline if several rigorous criteria were met and they were destroyed after 48 hours.
The letter, published by Statewatch, reminds that, in the current discussions on the draft Common Consular Instructions/biometrics collection measure, the European Commission provided the European Parliament with a document in which "offline copies on disc are still presented as a possible means of transfer of visa data, and that in a context in which encryption may be challenged by the host country." This is seen as a major concern by the 2 MEPs that asked the Commission to learn from the UK problems:
"Not only the UK government but the EU as a whole need to ensure that lessons are learned from this monumental blunder at HMRC. We cannot allow lax security standards on access or copying of vast centralised databases to imperil the personal security of millions of people", said Sarah Ludford. "EU data protection laws either need to be toughened up or accompanied by a strict training and auditing regime in which data protection supervisors must be given adequate resources and enforcement powers, both hitherto lacking in the UK."
They also demand that the European Commission together with the Article 29 Working Party and European Data Protection Supervisor should draw up a green paper on the risks that exist and the safeguards needed to keep data safe.
A new draft proposal that needs the ammend the European Privacy and Electronic Communications Directive has been published by the European Commission. One of the important changes will be the obligation of the electronic communication companies to notify its customers when a privacy breach had occurred.
Letter to Franco Frattini on data security (22.11.2007)
http://www.statewatch.org/news/2007/nov/eu-ep-letter-frattini-data-sec...
EU must learn database lessons from UK lost records (22.11.2007)
http://www.sarahludfordmep.org.uk/news/000951/eu_must_learn_database_l...
European Commission plans security breach notification law (5.12.2007)
http://www.out-law.com/page-8741
EDRI-gram: UK government loses personal data on 25 million citizens
(21.11.2007)
http://www.edri.org/edrigram/number5.22/personal-data-lost-uk