The list of candidates for the new post of EU Data Protection Supervisor and Deputy Supervisor is shrinking. Joaquín Bayo Delgado, the contested candidate of a Conservative-Social Democrat alliance in the European Parliament (EP) risks to get pushed out of it. Bayo Delgado, the Dean of the Judges of Barcelona, will, as it seems, not be accepted by the European Council’s Committee of Permanent Representatives (Coreper). On 20 May, Coreper came forward with a list of four candidates. They didn't indicate what candidate they preferred as Supervisor and which as Deputy. This list differed from the list of the EP Civil Liberties (LIBE) Committee (see EDRi-gram Number 9) only in one person: instead of Bayo Delgado it favours OECD Data Protection Commissioner Anne Carblanc. Despite the efforts of the chair of the LIBE Committee, Jorge Salvador Hernández Mollár, Coreper has up to now refused to redraft its list to include Bayo Delgado, who had won a test vote in the LIBE Committee with a margin of five votes. After its session on 28 May, when some members of parliament expected a redrafted list of Council candidates, Coreper remained remarkably tight-lipped on the issue.
Out of the nine candidates presented to the LIBE committee, Bayo Delgado is the only one who has no record of commitment to Data Protection or any other Civil Liberties issues whatsoever. Hernández Mollar (Conservative), who had, together with his compatriot Anna Terrón i Cusí (Social Democrat), lobbied heavily for Bayo Delgado as Supervisor before the test vote, now seems willing to strike a deal. In the LIBE session of 2 June, Terrón ì Cusí and Hernández Mollar suggested they would be ready to accept Peter Johan Hustinx, the Dutch Data Protection Commissioner and preferred candidate of the Liberal EP Group, on the condition that Bayo Delgado would become Deputy.
Other members of parliament, among them French Conservative (MCC) Gérard Deprez, were not ready to accept this new attempt of the Spanish connection to promote their candidate. Now that both LIBE and Coreper have presented their list of favourite candidates, Deprez said, the future Supervisor as well as the Deputy should be selected from the intersection. This set contains, besides Hustinx, Council of Europe Data Protection Commissioner Waltraud Kotschy from Austria and Germany’s Deputy Data Protection Commissioner, Ulrich Dammann. A third Group around the Dutch MEPs Kathalijne Buitenweg (Greens) and Joke Swiebel (Social Democrats) attach importance to one of the posts being taken by a woman, which could be either Kotschy or Carblanc. Kotschy has applied only for the post of Supervisor and is said not to be willing to become Deputy.
On 5 June, Hernández Mollár will ask a mandate for further negotiations with Coreper from the EP’s Conference of Presidents. It is uncertain whether this high body of the parliament will give him an unconditional mandate - which he would no doubt use to carry on the struggle for Bayo - or whether he will be given a clearly defined mission.
Meanwhile, on 30 May, EDRi-member Privacy International sent an open letter to members of parliament, reminding them of the importance of the position and asking them to choose a more eminently qualified candidate.
Open letter Privacy International (30.05.2003)
http://www.privacyinternational.org/intl_orgs/eu/delgado-letter-503.ht...
(Contribution by Andreas Dietl, consultant on EU privacy issues)
The Council of Europe Committee of Ministers has adopted a Declaration on freedom of communication on the internet. The text contains 7 principles that underline the principle of freedom of expression and condemn practices aimed at restricting or controlling internet access, especially for political reasons. Remarkably, the 7th principle is the right of anonymity. "In order to ensure protection against online surveillance and to enhance the free expression of information and ideas, member states should respect the will of users of the Internet not to disclose their identity."
The declaration also deals with the freedom to provide services via the internet and the liability of providers. The provision of services via the internet should not be made subject to specific licence schemes, as still is the case in many countries outside of the European Union, nor should providers be obliged to monitor content on the internet. Closely following articles 12, 13 and 14 of the E-Commerce Directive (2000/31/EC), the Council states that service providers should not be held liable for data they are merely transporting. In case of hosting, liability should only begin after the provider has become aware of the illegality of hosted material (to be defined in national law) and does not remove or disable access. Much clearer though than in the E-Commerce Directive, the Council of Europe underlines the need to protect the freedom of expression and the right of users to information.
In practice, the E-Commerce Directive has not brought much clarity in the responsibility of internet providers. The self-regulatory approach causes providers to be split between the opposing interests of freedom of expression and copyright holders. Many civil rights activists and providers have argued for a more formal approach, where only an order from a judge would constitute actual knowledge of infringing material.
Attempts to develop a standardised notice and takedown (NTD) procedure have failed miserably so far. The parties involved, citizens, service providers and copyright holders have been unable to achieve agreement about the exact meaning of terms like 'expeditiously' and 'apparently illegal'.
"Any self-regulatory regime within the context of NTD procedures cannot be truly effective without some form of legislative underpinning", was the conclusion of Rightswatch, a 2 year program of EU-sponsored debates about provider liability between citizens, providers and rightholders in North-Europe, South-Europe and the UK/Ireland. However, the European Commission has made it clear that the E-Commerce Directive will not receive a review of its text until, at the earliest, 2006. This leaves it up to national governments to choose the level of protection for the freedom of expression.
Council of Europe Declaration (28.05.2003)
http://www.coe.int/T/E/Communication%5Fand%5FResearch/Press/News/2003/...
Final report of the Rightswatch Program (20.02.2003)
http://www.rightswatch.com/DocsRepository/2701/FinalReport030123v1.pdf
Japanese electronics maker Hitachi has told the Japanese press that it has started talks with the European Central Bank (ECB) about the use of RFIDs in euro banknotes.
RFIDs (radio frequency identification) are very small radio chips that transmit a unique serial code when a reader is placed in their proximity. RFID were originally designed for logistic purposes; to track and trace items in transport or stored in warehouses. But the mini-tags are also getting embedded in consumer products, as described in the previous EDRI-gram. This raises great privacy-concerns, since the technology makes it possible to track and trace individual consumption-patterns. The RFIDs have no access control. Anyone with a reader can detect them and read the serial number. The only possibility to protect privacy would be to remove or disable the tag when buying the product in a store.
The RFIDs in euro banknotes could help against counterfeiting and make it possible to detect money hidden in suitcases at airports. But the technology would also enable a mugger to check if a victim has given all of his money. If RFIDs are embedded in banknotes, governments and law enforcement agencies can literally 'follow the money' in every transaction. The anonymity that cash affords in consumer transactions would be eliminated.
Curiously the European Central Bank has stated recently in an biannual report that "the full extent of euro counterfeiting is very small".
Hitachi mu-chip
http://www.hitachi.co.jp/Prod/mu-chip/
Biannual information on the counterfeiting of the euro (23.01.2003)
http://www.ecb.int/press/03/pr030123_1en.htm
Following a complaint from European parliament member Marco Cappato the Belgian data protection office is investigating a possible violation of European privacy law by the airline carriers Continental Airlines and United Airlines. Mr Cappato sent a letter to the Belgian data protection commissioner urging his office to investigate the transfer of his personal data to the US authorities. These so-called PNR data are sent to the US authorities by airlines following an agreement between US Customs and the European Commission. This agreement is considered unlawful by many observers.
The Belgian data protection office has told Mr Cappato that "The commission contacted the companies concerned, in order to obtain information concerning the implementation of a system of transfer to the American authorities of the personal data of their passengers travelling towards the United States. The Commission also asked these companies to indicate the detail of the transmitted data, their mode of transmission, which information has been communicated to you in this respect as well as the information generally communicated to each passenger concerned, as well as the fact of knowing if the passenger is made able to agree voluntarily or to oppose the transfer."
Mr Cappato used one of the model letters that European Digital Rights offers for download on its website. The model letters are part of EDRI's campaign against the illegal transfer of airline passenger data.
EDRI campaign against the transfer of PNR-data to the USA
http://www.edri.org/cgi-bin/index?funktion=view&id=000100000085
According to an article in the Irish Times of 26 May, the Irish Data Protection Commissioner Mr Joe Meade has twice threatened to begin High Court proceedings against the Government for using an "invalid" Ministerial Direction to unconstitutionally store citizens' phone, fax and mobile call data for 3 years.
As reported in EDRI-gram nr. 3, in April 2002 the Minister for Public Enterprise issued directions to telecommunication operators to keep detailed, non-anonymous traffic data for a three-year period. When Meade revealed this during a conference on data retention in February, he stated that government was also preparing mandatory data-retention for internet providers.
The situation was even worse when Meade first obliged providers and telco's to register their databases with the Office for Data Protection. In January 2001 the Commissioner found out that companies had been keeping these data for 6 years. Following EU privacy-guidelines he pressed for a maximum retention period of 6 months. The Irish government obviously wasn't pleased and issued the secret direction in response.
The Irish Times obtained correspondence of the Commissioner under the Freedom of Information Act. In his letters, Meade said the Direction was "in breach of Article 15.2.1 of the Constitution", lacked "the character of law", and was "in breach of the principles of (European) Community law". He also threatened proceedings because he believed the Government had failed to act with the haste it initially promised, to replace the secret Direction with primary legislation.
'Court threat for State over data privacy' by Karlin Lillington (26.05.2003)
http://radio.weblogs.com/0103966/2003/05/26.html#a2327
EDRI-member Electronic Frontier Finland (EFFI) submitted a statement on a proposed EU Directive to harmonise the enforcement of intellectual property laws, including copyrights and patents, across member states. According to EFFI, the new directive is based too unilaterally on studies made for the media industry. For example, the proposal compares piracy to drug trade and terrorism. Besides proposing punitive damages, the draft directive suggests that defendants should pay for the publication of judgements in newspapers. Another principle objection of the Fins against the draft Directive is that it treats digital products the same way as the counterfeiting of medicines, alcohol, toys and car parts. EFFI argues that piracy and counterfeiting affecting the safety and the health of individuals should never be compared with infringements on digital products.
The proposal, adopted by the Commission at the end of January, is currently under discussion in the Legal Affairs Committee of the European Parliament. A first draft of a 'Working Document' was presented to that Committee by its rapporteur Janelly Fourtou on 28 April. The vote in Legal Affairs is foreseen for 11 September, the one in Plenary for the week following 20 October.
EFFI statement
http://www.effi.org/julkaisut/lausunnot/ipr_enforcement_lausunto.en.ht...
Proposal for a Directive of the European Parliament and of the Council on
measures and procedures to ensure the enforcement of intellectual property
rights
http://europa.eu.int/eur-lex/en/com/pdf/2003/com2003_0046en01.pdf
Working Document presented by Fourtou to the European Parliament's Legal
Affairs Committee
http://www.europarl.eu.int/meetdocs/committees/juri/20030428/495099EN....
Study about copyright levies produced by the Dutch Institute for Information Law (IVIR). The study examines existing levy systems in the European Union and gives an overview of existing and emerging DRM-based content distribution models and formats. The researchers examine the key notions of 'private copying' and 'fair compensation', as applied in the Directive, and conclude with a series of strong arguments against a levy (tax) on computers or hard disks.
DRM and the future of levies (03.2003)
http://www.ivir.nl/publications/other/DRM%20Levies%20Final%20Report.pd...