On 12 September the moratorium expires on the transfer of European passenger-data to the United States. Already harsh words are being exchanged between EU institutions, one of the last realms of diplomatic kindness. "The violation of EU legislation is continuing and with it the rights of European citizens are being violated." This judgement from an official Working Document of the European Parliament is aimed at the Commission, which, according to the document, "in the 6 months since the adoption of Parliament's resolution (on the transfer of Airline Passenger's PNR data to U.S. authorities) has made very little progress with regard to ensuring that EU data protection legislation is observed". Still, the EP rapporteur, Dutch Liberal Johanna Boogerd-Quaak, continues, "Your rapporteur believes that the US commitments do not offer adequate protection." "This", she concludes, "is a flagrant violation of EU data protection legislation, as laid down in Directive 95/46 EC and Regulation 2299/89." Members of Parliament are now ready to prepare two oral questions for the Council and the Commission, and eventually take legal action before the European Court of Justice.
On 13 March, the Parliament passed a resolution containing criticism of the Commission's secretive negotiations with U.S. envoys about the transfer of airline passenger's personal data to the United States. Parliament was angry about the lack of adequate level of data protection. It urged the Commission to ensure that EU Privacy and Data Protection law would be respected. Up to the present day that is not the case. The procedure that might now follow is laid down in Article 232 of the EC Treaty. First an official warning by the Parliament. Next, action before the Strasbourg court that could result in the Commission being obliged to stop the transfer immediately. Already on 2 September, the Chair of the EP Civil Liberties Committee has taken first steps to prepare such action.
This is also what the Parliament will urge now: a prohibition of all data transfer on a 'pull' basis by 1 October, and an international agreement that will have to be in accordance with EU data protection law. In her Working Paper, Mrs. Boogerd-Quaak goes into some detail and exemplifies minimum requirements any future arrangement should meet to avoid legal action, such as reducing the storage time from 7 years to the duration of the passenger's stay in the U.S. and reconsidering whether PNR transfer is adequate in the proclaimed fight against terrorism.
On 5 May EDRi launched a campaign against the PNR transfer, with letters passengers can send to the national Data Protection Authority in their country to request an investigation of the illegal transfer of their personal data.
EP draft Oral Question to the Council (02.09.2003)
http://www.europarl.eu.int/meetdocs/committees/libe/20030908/505934en....
Working Document Johanna L.A. Boogerd-Quaak (02.09.2003)
http://www.europarl.eu.int/meetdocs/committees/libe/20030908/506027en....
EP Resolution (Motion 10.03.2003, accepted 13.03.2003)
http://www.europarl.eu.int/meetdocs/committees/libe/20030310/492022EN....
EDRi campaign against the illegal transfer of European travellers' data to the USA
http://www.edri.org/campaigns/airline
(Contribution by Andreas Dietl, consultant on EU privacy issues)
European citizens could find many common activities banned as the EU Copyright Directive becomes law, a new report reveals. Transferring songs from a copy-protected CD to a Walkman or computer could be illegal, as could watching a DVD on a computer running Linux.
'Implementing the EU Copyright Directive', published 8 September 2003, reports on legal developments across the EU as member states change their laws to comply with the Directive (2001/29/EC).
It finds that it is now illegal in several countries such as Greece and Germany to use copyrighted works such as CDs, films or electronic books in ways restricted by the publisher. Offenders can be fined tens of thousands of euros and imprisoned for several years.
Few EU countries provide an effective mechanism for consumers to make use of their legal rights. Most require consumers to complain to a government body, which may then take several months to enforce those rights. Nor do these bodies include consumer representatives.
Little provision has been made to stop copyright law being used to raise prices to consumers for items such as game console accessories or printer cartridges. Without explicit protection, Europeans can expect to see this type of anti-competitive behaviour cross the Atlantic, where it has become common under a similar law (the Digital Millennium Copyright Act).
European research into computer security mechanisms will also be damaged. On current plans, only German, Danish and Finnish scientists will be allowed to investigate the effectiveness of measures that are being used to protect copyright works. Ian Brown, editor of the report and EDRI-member, said: "These new laws are removing European citizens' rights. They need to be rewritten to protect the owners of CDs, DVDs and e-books as well as media companies."
The report (08.09.2003)
http://www.fipr.org/copyright/guide/
8 years after Scientology started legal procedures against Dutch author Karin Spaink, internet provider XS4ALL and 20 other defendants, the Appellate Court of The Hague rejected all claims and ruled that freedom of expression should prevail upon copyrights.
According to the ruling "The (...) texts show that, in their doctrine and their organisation, Scientology et al. do not hesitate to overthrow democratic values. From the texts it also follows that one of the objects of the non-disclosure of the contents of OT II and OT III ... is to thwart discussion of the doctrine and practices of the Scientology organisation."
In September 1995, XS4ALL servers were formally seized by a bailiff, assisted by a representative from Scientology, for hosting the Fishman Affidavit on the homepage of a customer. This affidavit, a court-testimony from a former member, contained many quotes from documents that the church wanted to keep secret. Another customer of XS4ALL, Karin Spaink, put the document on her homepage. When Scientology threatened to sue her and XS4ALL, many other people put mirrors on their homepages. In interim injunction proceedings in 1996, the court of The Hague declared all Scientology's claims against XS4ALL, Karin Spaink and the other defendants to be unfounded. Scientology appealed, but lost once again in 1999. However, this 1999 decision included a separate declaratory judgement stating that providers could be held liable if three conditions are met; first, the provider is notified; secondly, the notification leaves no reasonable doubt about the infringement of (copy-)rights; and thirdly, the provider does not take down or block the material. The E-Commerce Directive was influenced by this verdict.
In 1999, court also ruled that providers might be held liable for hyperlinks and have to hand over the names and addresses of their customers under certain circumstances. The Appellate Court of The Hague quashed this ruling completely, but did not offer any further help on liability of providers. The E-Commerce Directive, with its vague liability-exemptions for hosting, is now leading once more, leaving it up to providers to decide about the freedom of expression on-line.
The Hague ruling Scientology vs. Spaink, XS4ALL a/o (04.03.2003)
http://www.xs4all.nl/uk/news/overview/scientology.pdf
Website Karin Spaink
http://www.spaink.net/fishman/home.html
The legal victory for privacy was short-lived for the German web anonymiser AN.ON. Only 2 days after a German Court suspended a previous verdict to build a back door in the anonymiser, German police obtained a new court order to raid the offices.
On Friday 29 August, the Lower District Court in Frankfurt /Main gave a search warrant for the rooms of the AN.ON project at the TU Dresden to find a protocol data record. This single record had been recorded by the back door, showing the IP-address of a visitor to a specific website.
On Saturday, police officers went to the apartment of the director of the Institute of System Architecture at the Faculty of Information Technology and demanded the surrender of the data record. Apparently, police threatened to confiscate the hardware on which the anonymiser service is run, unless the data were turned over. To avoid further damage to the TU Dresden, the data record was handed over.
According to the project partners' opinion, the decision by the Lower District Court is unlawful. Since the suspension of the duty to disclose information on 27 August by the District Court in Frankfurt/Main, it was clear there was no obligation to surrender until the final decision in the main case was made. The project partners are going to lodge an appeal against this decision.
German Police proceeds against anonymity service (02.09.2003)
http://www.datenschutzzentrum.de/material/themen/presse/anon-bka_e.htm
European Parliament rapporteur Arlene McCarthy has withdrawn the draft directive on software patents. The directive will now go back to the committee stage for some more work. A new vote is scheduled for the plenary sessions between 22 and 25 September.
Even though officially the European Patent Office does not allow for patents on software, many trifle software inventions and business methods have already been accepted. For example, on 26 August 2002 Nippon Electric filed a patent-request for webshops with customer log-in functionality.
Many internet-users, programmers, economists and owners of small and medium sized companies, united in the Eurolinux Alliance and the Foundation for a Free Information Infrastructure (FFII) fear that the Directive will legalise this practice, with a stifling effect on innovation.
In response to the loud public outcry with open letters to parliament from businesses and scientists, a demonstration, and a petition signed by more than 240.000 people, McCarthy published a factsheet about the draft. In the factsheet she explains that she has been the victim of a "misinformation campaign" and is in reality championing the protesters' cause. She denies the directive will enable U.S. style unlimited patentability of algorithms and business methods such as Amazon's 'one-click' shopping. "In fact the Parliament's objective is to stop the drift by the EPO and national patent offices to patent business methods. The Parliament's proposal is stronger than current law and practice of the EPO and is explicitly excluding the patentability of business methods and algorithms with the introduction of a new article and recitals, specifically Article 4a and recitals 13a and 13c."
The FFII however states that 'one click' shopping would be patentable without any doubt under the final terms of McCarthy's Legal Affairs Committee. The controversy centres around the explanation of the word 'technical'. According to FFII any business method can be patented, as long as it is presented as a solution to a technical problem.
To underline the fact that Europeans can expect a plethora of trivial patents on business methods, on 1 September the German Linux community LIVE, together with the anti-globalisation group ATTAC, filed a patent on petitions on websites.
Arlene McCarthy factsheet (01.09.2003)
http://www.aful.org/wws/arc/patents/2003-09/msg00014.html
FFII analysis and criticism of factsheet (02.09.2003)
http://swpat.ffii.org/papers/eubsa-swpat0202/amccarthy030901/index.en....
Nippon Electric patent on webshops (filed 26.08.2002, published 03.05.2003)
http://l2.espacenet.com/espacenet/viewer?PN=EP1288816&CY=ep&LG...
German users file patent on web petitions (31.08.2003)
http://www.attac.de/presse/presse_ausgabe.php?id=231
Italy is introducing tough fines and prison sentences against spammers. Senders of unsolicited junk e-mails can expect fines up to a maximum of 90.000 euros and 3 years in prison.
The penalties go far beyond those in any other European country. All EU member states will have to outlaw spam by 31 October 2003 as a result of European directive 2002/58/EC. From that date on the sending of unsolicited bulk email is only allowed after prior consent of the receiver. The European directive does not specify penalties.
The Italian data protection authority said that the high penalties apply to senders that operate with the aim of making a profit. The limitations of the penalties are also clear, since 60 percent of the spam mails that Italians receive, come from abroad.
Lo spamming a fini di profitto e un reato (03.09.2003)
http://www.garanteprivacy.it/garante/doc.jsp?ID=272444
On 2 September the Danish network on the World Summit on the Information Society hosted a conference on Freedom of Expression in the Information Society. The conference addressed global tendencies of regulation of freedom of expression, the new Council of Europe Declaration on Freedom of Communication on the Internet, intellectual property rights, (traditional) media, access to information and the role of libraries. A number of concerns was raised, both in relation to the WSIS process as such, and in relation to the topics discussed. For instance the general tendency of amputating internationally recognised freedom of expression principles in the WSIS docs, the legislative tendencies post 9-11 and how to preserve individual privacy and freedom, the future role of libraries in providing free information access and local capacity-building, the fear of diversity as the underlying current for censorship, the ambiguity between the principle of limited liability for ISPs and the principle of self-regulation, and not least the balance between intellectual property rights and access to information, which is one of the most controversial topics in the global development of the Information society.
A conference report with resumes of workshop discussions and plenary speeches will be available shortly. As a follow-up to the conference, The Danish Institute for Human Right is drafting concrete suggestions for the WSIS Declaration of Principles and Action Plan to feed into the upcoming Prepcom3 meeting in Geneva (15-16 September).
Conference information
http://www.una.dk/wsis
(Contribution by Rikke Frank Joergensen, Digital Rights Denmark)
This annual report by EPIC and Privacy International reviews the state of privacy in over fifty-five countries around the world. It outlines legal protections for privacy, new challenges, and summarises important issues and events relating to privacy and surveillance.
The 2003 edition of Privacy and Human Rights looks at the expansion of government surveillance authority. The report finds increased data sharing among government agencies, the use of anti-terrorism laws to suppress political dissent, and the growing use of new technologies of surveillance.
The report also notes public opposition to the Total Information Awareness program, video surveillance, and systems of biometric identification. The survey includes new reports on privacy in countries joining the European Union. Other new topics include genetic privacy, Radio Frequency Identification (RFID), and the WHOIS database.
Privacy and Human Rights 2003
http://www.privacyinternational.org/survey/phr2003/