During the last meeting of the EU Communication Committee on 11 June, a document was presented with answers of the member states to the questionnaire on spam. The same document was also presented next day to the members of the article 29 working party (the collaboration between the EU data protection authorities). The questionnaire was developed by the European Commission to find out what problems member states might incur when implementing the spam-ban decreed by the new Directive on Privacy in the Telecommunications Sector.
The answers show a great variety in approach when it comes to awareness raising, complaints mechanisms and judicial remedies and penalties. The new privacy directive raises a number of complex issues. How should consent be construed, and how should member states deal with the difference in protection between legal and natural persons? Under Article 13 Member States are only required to ensure the protection to natural persons, not to legal persons. But how can a sender determine whether a recipient is a natural or a legal person ? Should an e-mail address consisting of the name of an individual working for a company be considered as belonging to natural or a legal person? The definition of direct marketing is also complex. There is no definition of direct marketing, only a description in recital 30 of Directive 1995/46/EC, which states that messages by charities and political parties are also covered by the definition.
"A majority of respondents would favour EU guidelines on these issues, in order to guarantee as much effectiveness as possible", the report states. Disappointingly, the Commission refrains from issuing specific guidelines to clarify minimum standards. The commission only wants to set-up an informal on-line newsgroup with 2 representatives from each country (one from the government designated competent authority and 1 from the Data Protection Authority).
EDRI was invited to attend the CoCom meeting as an expert. According to EDRI, it would be good if every member state would at least empower the National Regulatory Authority or Data Protection Authority to impose administrative fines. Secondly, EDRI expects these guidelines to contain minimum standards of redress for internet users when receiving spam from any country within the internal market. When creating codes of conduct on top of these minimum legal standards, representatives from internet user groups and/or consumer associations should be heard and approval of the data protection authority should be required.
Answers to the questionnaire (03.06.2003)
http://www.edri.org/docs/cocom03-33.pdf
Directive 2002/58/EC concerning the processing of personal data and the
protection of privacy in the electronic communications sector
http://europa.eu.int/comm/internal_market/privacy/law_en.htm
At the end of a two-day conference in Amsterdam on internet-related perils to freedom of expression, the OSCE Representative on Freedom of the Media, Freimut Duve has issued a call to take up a strong position towards free flow of information on the internet. The Organization for Security and Co-operation in Europe (OSCE) is the largest regional security organization in the world with 55 participating States from Europe, Central Asia and North America.
"Freedom of the Media as a human right is universal. No matter what technical means are used to channel the work of journalists to the public - be it TV, radio, newspapers or the Internet - the basic constitutional value of freedom of the media must not be questioned", Freimut Duve said in his opening remarks to the conference.
In his statement Duve addresses the delicate balance between the need to fight illegal content and the importance to guarantee freedom of expression. "All legislative and law enforcement activity must clearly target only illegal content and not the infrastructure of the Internet itself." Filtering or blocking content is not acceptable, problems with illegal content should be addressed in the country of origin, Duve writes, because "In a modern democratic and civil society citizens themselves should make the decision on what they want to access on the Internet."
The recommendation also addresses the perils to free speech arising from the extensions of copyright and patent law. "To a considerable extent the fast pace of innovation of digital networks is due to the fact that most of the basic code and software are in the public domain, free for everyone to use and enhance. This free-of-charge infrastructure is one of the key elements of freedom of expression on the Internet. Access to the public domain is important for both technical and cultural innovation and must not be endangered through the adoption of new provisions related to patent and copyright law."
Amsterdam Recommendation (17.06.2003)
http://www.osce.org/documents/rfm/2003/06/215_en.pdf
Four major industry groups have published a joint statement against mandatory data retention. The coalition represents worldwide and European businesses including most major electronic communications service providers and manufacturers. They are challenging EU member states on proposals that would require communication service providers to store details of all calls, emails and transactions for use by law enforcement agencies.
In the statement the coalition expresses concern at the overly broad definitions of traffic data and excessive storage periods, costs for industry, technical feasibility and damage to end-user confidence due to privacy concerns and increased security risks.
The statement recommends that European countries favour data preservation (targeted storage of specific data on specified end-users) over data retention (general storage of data for a specified period of time). It also says that any requirement for data storage must be "necessary, appropriate and proportionate" and that "transparent and effective oversight procedures are necessary to prevent abuses and to safeguard public confidence".
A majority of EU members favours a binding European law for mandatory data retention as became clear from the answers to a questionnaire that the EU previously sent to member states.
Common industry statement on storage of traffic data for law enforcement
purposes (04.06.2003)
http://www.iccwbo.org/home/news_archives/2003/stories/data.asp
Answers to questionnaire on traffic data retention (20.11.2002)
http://www.effi.org/sananvapaus/eu-2002-11-20.html
The Council of Europe (45 member states) is finalizing a recommendation on the 'right of reply' in on-line media. Through a right of reply persons and organisations can reply to articles in the media in which they have been portrayed or criticized. Many countries in Europe already have a limited right of reply for printed media.
A committee of specialists has finalized the draft recommendation during a 16-18 June meeting. The recommendations are not limited to professional on-line media but "any natural or legal person or other entity whose main activity is to engage in the collection, editing and dissemination of information to the public via the Internet". This definition will not only cover professional news portals but also personal blogs, moderated mailinglists and individual websites.
Some parts of the recommendation are very detailed. "The reply should be made publicly available in a prominent place for a period of time which is at least equal to the period of time during which the contested information was publicly available, but in any case no less than for 24 hours." The recommendation will pose a greater burden on on-line media then on off-line media as on-line media are supposed to have more room for lengthy replies: "There should be flexibility regarding the length of the reply since there are less capacity limits for content than in off-line media."
An earlier draft of the recommendation limited itself to professional on-line media. But after an expert hearing in February 2003 definitions were broadened. The summary of the hearing mentions: "It could be argued that there was a particular need to grant a right of reply against non-professional media where there was an increased risk of compromising material."
The recommendation might collide with the very recent declaration on freedom on the internet by the same Council of Europe. That declaration urged countries to preserve anonymity on the internet. But the recommendation on the right of reply in on-line media mentions that "on-line media should make the name and contact details of a person responsible for handling requests for replies easily available".
A recommendation from the Council of Europe is not binding for its member states.
The right of reply in the on-line environment (21.03.2003)
http://www.coe.int/t/e/human_rights/media/7_Links/Right_of_reply_heari...
On 4 June EDRI-member EFFI organised a second annual Big Brother Ceremony. The award in the public sector was given to YTV, a firm that controls public transport in the Helsinki region. The company received the award for its new electronical ticket system that stores individual passenger information, including social security numbers. Anonymous cards were available, but in practice only for business purposes, at a much higher price. Only after a long struggle with the the Finnish data protection agency YTV finally changed their mind and concluded that the system could also work without any identification of the passengers.
For the Big Brother Award in the business category there was really only one candidate. Sonera, the biggest telephone company in Finland, was caught analysing the traffic data from the mobile phones of at least 50 customers, both employees and outsiders, in order to find out who had been leaking confidential corporate information to the press. The analysis didn't produce a suspect. At least 5 senior staff members were arrested (but later released) including the company executive officer (CEO). They will most likely face criminal charges.
A positive award was given to the Finnish ISPs, who have been very successful in their lobby against mandatory retention of telecom traffic data. Governmental plans for a 2 year period were withdrawn. Finnish providers are now required to retain traffic data for a period of 3 weeks. A honourable mention was given to Finnair, because of the companies refusal so far to hand-over passenger data to the US government.
Pictures and description of BBA ceremony (translation in English will
follow soon)
http://www.effi.org/yksityisyys/bb2003/index.html?setlang=en
YTV English web page:
http://www.ytv.fi/matkakortti/english/index.html
More arrests in Sonera snooping probe (The Register - 26.11.2002)
http://www.theregister.co.uk/content/6/28295.html
(Contribution by Ville Oksanen, EFFI)
The European Parliament's Committee for Legal Affairs and the Internal Market (JURI) voted Tuesday 17 June about a list of proposed amendments to the planned software patent directive. It was the third and last in a series of committee votes. The results will be presented to the parliament in plenary early in September. The other two commissions (Culture, Industry) had chosen to more or less clearly forbid software patents. The rapporteur of the JURI committee, Arlene McCarthy (UK socialist) also claimed to be aiming for a "restrictive harmonisation of the status quo" and "exclusion of software as such, algorithms and business methods from patentability". Yet McCarthy presented a voting list to fellow members of parliament that does make it possible to turn ideas like the Amazon One-Click shopping method into patentable inventions.
McCarthy and her followers rejected all amendment proposals that would limit patentability while supporting all those that even go beyond the European Commission's proposal. The new amendments threaten to impose unlimited patentability and patent enforceability in Europe, with little chance of recovery for years to come.
Most of McCarthy's proposals found a conservative-socialist 2/3 majority (20 of 30 MEPs), whereas the proposals from the other committees (CULT, ITRE) and study reports commissioned by parliament and other EU institutions were disregarded. A few socialists and conservatives voted together with Greens, Left and (partially) Liberals in favour of amendments that would limit patentability, but they were overruled by the two biggest blocks.
Daniel Cohn-Bendit (Greens - Fr), co-president of the Greens/EFA group and chairman of a conference earlier this year on software patents and SMEs, commented: "This patent report is an insult even to the principle of free trade. Pretending to protect inventors and their inventions, it instead allows multinationals to lock up the market."
Detailed description of the vote in JURI
http://swpat.ffii.org/news/03/juri0617/
Public debate about software patents in The Guardian: Richard Stallman and
Nick Hill attack software patents
http://www.guardian.co.uk/online/story/0,3605,970294,00.html
Rapporteur Arlene McCarthy defends her proposals
http://www.guardian.co.uk/online/story/0,3605,975126,00.html
(Contribution by Hartmut Pilch, Foundation For a Free Information structure)
The World Summit on the Information Society (WSIS), the first part of which will be held in Geneva from 10 to 12 December this year, tries to involve governments, the private sector and the civil society in its process. Intergovernmental organizations and various UN Agencies are also part of the WSIS, with the International Telecommunications Union being the organizer of the whole event. But so far, the absence of the UN Office of the High Commissioner for Human Rights has been remarkable.
43 International non-governmental organisations (NGOs) have signed an open letter to Mr Bertrand Ramcharan, the UN Deputy High Commissioner for Human Rights, calling for his active participation. The initiative is also endorsed by EDRI.
The participation of the Human Rights Commissioner to the preparatory meetings and the World Summit itself would help to ensure that human rights language in the WSIS process is comprehensive, strong and consistent with resolutions and decisions adopted by the Commission on Human Rights. The development of an information and communication society has to build on a core set of principles that are fundamental for democratic societies. International human rights standards represent such principles and should serve as the international framework guiding regional and national policies and actions.
A copy has been sent by email to Mr Adama Samassekou, President of the WSIS Preparatory Process, and to Mr Pierre Gagné, Director of the WSIS Executive Secretariat.
This letter is a joint initiative from the World Federalist Movement and the WSIS Human Rights in the Information Society Caucus, a group of 22 NGOs.
The letter with the list of signatures is available on the Human Rights
Caucus web site
http://www.iris.sgdg.org/actions/smsi/hr-wsis
Draft action plan and declaration of principles (05.06.2003)
http://www.itu.int/wsis/documents/doc_multi.asp?lang=en&id=624%7C6...
Official website of organisers of the World Summit
http://www.itu.int/wsis/
(Contribution by Meryem Marzouki, IRIS and co-coordinator of the WSIS Human Rights in the Information Society Caucus)
The UK Government has finally admitted that the public are overwhelmingly opposed to the idea of a national ID card. In response to a parliamentary question from member of parliament Anne McIntosh, Home Office minister Beverley Hughes has confirmed that over 5,000 of the 7,000 responses to a public consultation on the issue were opposed to the scheme.
Recently, government ministers claimed that they received around 2,000 responses, 2:1 of which were in favour of the idea. Yet stand.org.uk, which allowed user to e-mail responses to the consultation, report that they forwarded 5,029 -- mostly negative -- messages on behalf of users. And the 798 responses sent through two phones lines (Yes and No) set up by EDRI-member Privacy International were also ignored.
Privacy International made an open government request early in May to ask the Home Office exactly how many responses they had received, and how those responses would be classified. But on the day the request was due to be answered, the Home Office told Privacy International that a similar request for information had been made by a Member of Parliament. Therefore, due to to parliamentary procedure, they would have to answer that MPs query first. (This procedure is not mentioned in the open government code that governs these requests).
The latest press reports suggest that the government intends to press on with its plans for ID cards - this time using the crime and asylum arguments that they explicitly rejected in 2002 when they launched their consultation.
Dossier Privacy International
http://www.privacyinternational.org/issues/idcard/uk/
(Contribution by Ian Brown, FIPR)
The European Parliament currently discusses 3 different reports about the Schengen Information System (SIS). Rapporteur for all three reports is Carlos Coelho. The reports aim at extending the amount of data handled and the degree of cross-linking within the computer network.
Coelho, a Portuguese Conservative, has already been the Rapporteur on four previous reports on the Schengen Information System in the last year-and-a-half. Before that, he was the chairman of the Temporary Committee on the Echelon system, and it is in part his merit that the report on the U.S.-led interception system became a call for something similar in the EU. Coelho may be considered very close to pro-surveillance circles in the Council and the Commission. For this reason, his reports should more or less reflect the positions of the officials running the SIS server in Strasbourg and its mirrors in each of the EU Member States.
One of the reports, officially an own-initiative report (Proposal for a Recommendation pursuant to Rule 49(1) of the Rules of Procedure) on behalf of the Conservative Group in the EP, deals with the schedule and capabilities of the Schengen Information System II (SIS II), which shall be installed by 2006. As a starting point, Coelho quotes from a council Document stating "When the SIS was first created, its only purpose was to be a compensatory measure for the opening of the borders. Ever since, and not in the least because the SIS has proven to be a useful and efficient tool, recognition has grown that the potential of the SIS could be maximised, mainly within the frame of police cooperation." This would probably include close links between Europol and SIS, a plan that was uncovered by the UK publication Statewatch last year.
Besides extending SIS / SIS II from a border-oriented to an all-over data warehouse - which has already been acquired in practice, Coelho and his party plan to extend capacities, scope and users of the system: "SIS II must have the potential to handle a significantly larger quantity of data and be extended to cope with new information types, new subjects, further new functions and new categories of users." He quotes from the draft conclusions of the June 5th / 6th Justice and Home Affairs Council to give a few examples of new features of the system, e.g. interlinking of alerts ('alert' is what a data record in SIS is called), including biometric data and new 'categories of persons' like 'violent troublemakers' (EU slang for persons engaged in Anti-EU Demonstrations) and 'persons precluded from leaving the Schengen area'.
Working Document on the Schengen Information System II (SIS II): current
developments (timetable, new functionalities and users currently under
discussion)
http://www.europarl.eu.int/meetdocs/committees/libe/20030611/499809EN....
Working Document on Schengen Information System II: future developments http://www.europarl.eu.int/meetdocs/committees%%%/libe/20030611/500117...
Proposal for a Recommendation pursuant to Rule 49(1) of the Rules of
Procedure by Carlos Coelho on behalf of the PPE-DE Group on the
second-generation Schengen information system (SIS II)
http://www.europarl.eu.int/meetdocs/committees/libe/20030611/030066en....
Statewatch: Europol to be given access to the S.I.S., then custody?
http://www.statewatch.org/news/2002/mar/15europol.htm
(Contribution by Andreas Dietl, consultant on EU privacy issues)
France has started the process of ratification of the Council of Europe cybercrime convention. On 11 June, Dominique de Villepin, the French minister of foreign affairs presented to the council of ministers a draft law for the ratification of the convention. France would be the first EU country to ratify the convention, which has only been ratified till now by 3 Council of Europe countries: Albania, Croatia and Estonia. The convention needs at least 5 ratifications (among them 3 from CoE countries) to enter into force.
Press release announcing ratification plans (in French - 11.06.2003)
http://www.premier-ministre.gouv.fr/fr/p.cfm?ref=39831
IRIS dossier on the cybercrime convention
http://www.iris.sgdg.org/actions/cybercrime/
(Contribution by Meryem Marzouki, IRIS)
On 13 June, the Article 29 working party (the association of the EU data protection authorities) released an opinion about the transfer of so-called PNR-data to the USA, detailed booking-information about European airtravellers. The data protection authorities recommend a 'push' technique for selected records, in stead of full and live access for the Americans to all databases with PNR-data. Pushing also enables the European airlines to limit the amount of information per passenger, and for example not give away sensitive data like meal preferences.
Finally, the working party recommends that the purposes for which the data will be used should be limited to fighting acts of terrorism without expanding their scope to other unspecified 'serious criminal offences'.
Opinion on PNR transfer, 13 June 2003:
http://europa.eu.int/comm/internal_market/privacy/docs/wpdocs/2003/wp7...