Behind closed doors, representatives of the Council of Ministers of Justice (JHA Council), representatives from the Commission and the leaders in the European Parliament of the social-democrat and christian-democrat groups have agreed to introduce an unprecedented law (directive) on mandatory data retention in the EU. The groups have agreed to introduce mandatory retention for fixed and mobile telephony data and for internet log-in-log-off, for e-mail records and for Voice over IP records. There is only one last formal hurdle; the plenary vote in the European Parliament on Monday evening 12 December 2005.
But in practice this vote hardly has any meaning, given the majority adoption of the principles of extensive data retention. The agreed minimum period is 6 month, the maximum period 24 months. But member states may also decide on any longer term they find necessary, including the new 15 years proposal from the Polish government (see article 3 in this EDRI-gram). This is foreseen by the new article 11: "A Member State facing particular circumstances warranting an extension for a limited period of the maximum retention period referred to in Article 7 may take the necessary (...) measures. The Member State shall immediately notify the Commission and inform the other Member States of the measures taken by virtue of this Article and indicate the grounds for introducing them."
The goal 'prevention' is deleted from this Council/EP compromise version, but that won't pose any problem for any member state that wishes to introduce or already has such legislation, since Article 15.1 of the e-privacy directive (2002/58/EC) is not replaced by this directive, but will still allow for any national retention rules. Thus member states that already have legislation for longer retention periods, such as Ireland and Italy, are not affected by this directive either.
The article about cost reimbursement is completely deleted, leaving it to the kindness of individual member states to reimburse providers or not. Access will be limited to the investigation of 'serious crimes', without any definition of 'serious' nor any limit to the access for security services. "The present Directive is without prejudice to the power of Member States to adopt legislative measures concerning the right of access to and use of data by national authorities as designated by them."
The outcome of these secret trialogue meetings underlines a fundamental deficit in the democratic construction of the EU. Councils should meet in public, as the European Ombudsman also demands (See EDRI-gram 3.21 ) and the European Parliament should not be forced into blind obedience by a Council that is unable to reach a unanimous decision itself.
The sudden change of heart of the German social-democrats, after their new coalition with the christian-democrats has most likely been the ultimate trump-card for the Council. Given the strong voting position of Germany (reflecting the amount of inhabitants) their consistent (and historically understandable) rejection of systematic surveillance was a major obstacle. In the new German government coalition, this resistance was reduced to the industry argument of not including failed caller attempts. The Council immediately jumped to this chance, and now only calls for the retention of some of these calls if companies already store such data.
"This shall include (...) unsuccessful call attempts where that data is generated or processed and stored (as regards telephony data) or logged (as regards Internet data) by providers of publicly available electronic communications services or of a public communications network within their jurisdiction in the process of supplying the communication services concerned. This Directive shall not require the retention of data in relation to unconnected calls."
In an interview with the German national radio on 2 December, the new minister of the Interior Wolfgang Schäuble explained his very positive view on data retention. Industry should not ask for cost reimbursement he said. Every citizen must keep financial records in order to file the annual tax declaration and nobody was claiming the Ministry of Finance should reimburse them for that civil duty. And because the main purpose from his perspective was the prevention of crimes, there should be broad access for security services, without any specific suspicion. The German coalition of regional data protection authorities, chaired by the independent authority of Schleswig-Holstein replied to the Council decision with a press release in which they reiterated their fundamental (constitutional) objections against the principle of retention. They call it a box of Pandora and conclude: "We expect that the European Parliament, the German parliament and the constitutional courts in Europe will make sure that this box will remain closed."
A week before the meeting of the JHA Council, on 24 November 2005 the LIBE committee of the European Parliament had agreed to a more limited set of data and retention period of 6-12 months. While this outcome in the LIBE committee was a serious set-back for digital rights groups, at least the LIBE committee had the decency to introduce strict limits to the use of the data (only with a judicial warrant!), truly independent oversight mechanisms and demands for extensive, public statistics on the use.
The day before the vote in the LIBE committee, EDRI and XS4ALL presented the +58.000 signatures to the petition against data retention to the chairman of LIBE, Jean Marie Cavada and to rapporteur Alexander Alvaro. The petition was also presented to 3 MEPs opposing data retention: Kathalijne Buitenweg (group leader of the Greens); Edith Mastenbroek (social democrat) and Charlotte Cederschiˆld (christian democrat). Pictures of the presentation can be found at the campaign WIKI.
While Alvaro proposed a maximum retention of 3 months for telephony data only, LIBE enlarged the list with location data and internet log-in log-off data, for a period of 6-12 months (to the discretion of member states). Another serious set-back for civil society was the new definition of 'serious crimes', based on the European Arrest Warrant. This list includes 'piracy', and this will become a criminal offence under the proposed new Commission decision on Intellectual Property Enforcement, including cases of downloading 'on a commercial scale'. But even this list is obviously too limiting for the Council, given its refusal to define serious crimes.
Possibly the Council and some members of parliament have fallen for the dramatic call from the audiovisual entertainment industry not to exclude them from access to the new European data well. In a press release from 23 November, the Creative and Media Business Alliance (companies and media associations) and IFPI urge the MEPs to include all criminal offences in the scope of the directive. They specifically refer to the Intellectual Property Enforcement Directive when they write: "For this legislation to be meaningful, it is essential that service providers retain the relevant data for a reasonable period and that the data can be disclosed for appropriate purposes. The proposed Directive on data retention should serve to facilitate this."
On Wednesday morning 7 December, EDRI will participate in a public hearing about data retention in Brussels, represented by Sjoera Nas, your EDRI-gram editor. The hearing is organised by the Greens in the European Parliament. Other speakers include representatives from EuroISPA, ETNO and the European Data Protection Supervisor (EDPS).
Outcome of the JHA Council / new compromise Directive proposal (02.12.2005)
http://www.edri.org/docs/2decembercouncil.pdf
Note from Presidency setting out four areas for decision of Council on its position (01.12.05)
http://www.statewatch.org/news/2005/dec/eu-dat-ret-council-1-dec-05.pd...
Interview with Wolfgang Schäuble, the new German minister of the Interior (in German, 02.12.2005)
http://www.dradio.de/dkultur/sendungen/interview/444143/
Euractiv analysis of the LIBE voting results, with voting list (24.11.2005)
http://www.euractiv.com/Article?tcmuri=tcm:29-149617-16&type=News
Final LIBE report, as amended (28.11.2005)
http://www.edri.org/docs/364679XM.pdf
CMBA/IFPI statement pro data retention (23.11.2005)
https://wiki.dataretentionisnosolution.com/index.php/The_recording_ind...
Pictures of the petition presentation in Brussels (23.11.2005)
http://wiki.dataretentionisnosolution.com/
Decision against data retention of the 70th conference of German DPAs (in German, 27-28.10.2005)
http://www.datenschutzzentrum.de/material/themen/presse/20051028-dsbk-...
European Digital Rights and Privacy International are urgently calling on the individual members of the European Parliament to reject the misguided compromise proposal on data retention. Party leaders of the christian-democrats and social-democrats in the parliament have agreed behind closed doors to allow for mandatory data retention of telephony and internet data for a period of 6 to 24 months, with even longer terms at the individual discretion of every member state, including the purpose of 'prevention of criminal offences'. This compromise completely overrules the suggestions of the appropriate parliamentary LIBE committee and ignores all the legal and technical objections against the inclusion of location and internet data.
On Tuesday 6 December the open letter will be offered to all 731 members of the European Parliament, endorsed by many digital rights groups, providers, consumer unions and other concerned parties. The full list of endorsements will be available on Tuesday afternoon 6 December.
The letter mentions 5 reasons to reject the proposal:
1. This Directive invades the privacy of all Europeans. The Directive calls for the indiscriminate collection and retention of data on a wide range of Europeans' activities. Never has a policy been introduced that mandates the mass storage of information for the mere eventuality that it may be of interest to the State at some point in the future.
2. The proposed Directive is illegal. It contravenes the European Convention on Human Rights by proposing the indiscriminate and disproportionate recording of sensitive personal information. Political, legal, medical, religious and press communications would be logged, exposing such information to use and abuse.
3. The Directive threatens consumer confidence. More than 58,000 Europeans have already signed a petition opposing the Directive. A German poll revealed that 78% of citizens were opposed to a retention policy. The Directive will have a chilling effect on communications activity as consumers may avoid participating in entirely legal transactions for fear that this will be logged for years.
4. The Directive burdens EU industry and harms global competitiveness. Retention of all this data creates additional costs of hundreds of millions of Euros every year. These burdens are placed on EU industry alone. The U.S., Canada and the Council of Europe have already rejected retention.
5. The Directive requires more invasive laws. Once adopted, this Directive will prove not to be the ultimate solution against serious crimes. There will be calls for additional draconian measures including: - the prior identification of all those who communicate, thus requiring ID cards at cybercafes, public telephone booths, wireless hotspots, and identification of all pre-paid clients; - the banning of all international communications services such as webmail (e.g. Hotmail and Gmail) and blocking the use of non-EU internet service providers and advanced corporate services.
According to the letter, the vote is a key moment, that might set in motion a chain of events that will lead to a surveillance society. The compromise-proposal lacks limits to the access and limits to the use. "Though the Council claims retention will combat terrorism, for years it has rejected limiting the legislation to such investigations. Even if access to this data were limited by the Parliament to a list of serious crimes nothing prevents the expansion of this list: already the Copyright Industry has called for access to this data to combat file-sharing online."
The European Parliament will have its first and final vote on Monday evening 12 December in Strasbourg. Given the low attendance in general in Strasbourg, and the fact Monday evening many attending MEPs won't have arrived, the vote seems reduced to a showpiece.
EDRI and PI letter to the European Parliament (06.12.2005)
http://www.privacyinternational.org/retentionlaunderingcampaign
Translation in French (by EDRI-member IRIS)
http://www.iris.sgdg.org/actions/retention/lettre-pe-fr-1205.html
Translation in Polish (by EDRI-observer ISOC Poland)
http://prawo.vagla.pl/node/5812
In Poland, the parliamentary leader of the new social-right governing party 'Law and Justice', Przemyslaw Gosiewski, has called for a new law to introduce mandatory telephony data retention for 15 years. His call followed an article the day before, on 22 November 2005, in the leading newspaper Gazeta Wyborcza with a cry from local investigators that they are unable to effectively prosecute corruption without telephony billing data from the last 4 years.
Poland only just formed a new minority-government after the elections, but the new conservative government does not seem to have a clear plan on this issue. They seem to have just responded spontaneously, but with a large parliamentary majority as the unfortunate result.
Gosiewski can count on support from two smaller populist parties: Andrzej Lepper's 'Selfdefense' and the extreme nationalists from the 'Union of Polish Families'. Both parties are most eager to prove that most (rich) entrepreneurs are thieves.
To make matters even worse, the conservative-liberal opposition from Platforma Obywatelska (Citizens Platform) also did not object to this proposal, and neglected to present itself as a defender of civil rights. The platform considers itself to be the 'almost governing' party, with a tendency to support all moves towards a so called 'stronger state'.
EDRI-observer ISOC Poland is trying to fight the proposal and has already contacted several ministers. They aim to also engage the Polish Commissioner for Civil Rights Protection and the Inspector General for the Protection of Personal Data.
File on data retention proposals (in Polish)
http://prawo.vagla.pl/retencja_danych
Polish - English translation service
http://www.translate.pl/
(Contribution by Piotr Vagla Waglowski and Wladyslaw Majewski, EDRI-observer ISOC Poland)
The French government has decided to apply the urgency procedure to a new anti-terrorism draft law, with only one reading by each Chamber. The draft law was already passed by the National Assembly (French Lower House) on 29 November 2005 and will be examined by the French Senate in late December or early January 2006. The proposal creates increasing powers for the police and the intelligence services, thus undermining the protection of formal judicial procedures.
The law will extend the use of video-surveillance, authorising private parties to install CCTV cameras in public places "likely to be exposed to terrorist acts", and in places open to the public when they are "particularly exposed to risks of aggression or theft". Obviously, this covers almost any public or privately-owned place, including shops. In case of emergency, CCTV cameras may be installed prior to any authorisation.
The draft law also extends telecom data retention possibilities, by putting cybercafe owners and WiFi providers (whether wireless Internet access is free or with payment) in the same category as telecom operators. This means, in practice, that cybercafe owners, as well as bars, restaurants and hotels will have to ask their customers for their IDs for Internet use in their establishments. Any logged data may also be seized directly by the police, without any judicial order, as is obliged currently.
Another major aspect of this draft law is a serious violation of freedom of movement. Anywhere on French territory, the police is authorised to take photographs of car plates and of people travelling by car on French roads, for the purpose of "fighting car theft". Furthermore, an administrative authority may allow for law enforcement to take pictures of people attending big public events (like football matches or street demonstrations), for the purpose of "public order preservation".
Finally, the draft law allows the French ministry of Interior to collect and process PNR (Passenger Name Record) data of any traveller to or from non-EU countries, for the purpose of fighting illegal immigration. Not only are the French willing to apply to non-EU countries what the US have done to the EU, but they are also extending the idea beyond air travel, since travelling by sea or rail is also concerned.
The French Data Protection Authority (CNIL) has expressed serious reservations on this draft law. However, the French ministry of Interior has made it clear that it has no intention to listen, stating in a communique that "each party must take its responsibility". In a joint press conference with the French Human Rights League and other French NGOs as well as magistrates and lawyers trade-unions, EDRI member IRIS also assessed the dangers of the draft law, explaining how it violates the finality and proportionality principles.
In a press release published today, IRIS also makes the link between this French draft law and the Directive proposal on data retention, to be examined by the EP on 12 December.
IRIS press release (in French, 05.12.05)
http://www.iris.sgdg.org/info-debat/comm-lettre-pe1205.html
CNIL opinion (in French, 10.10.05)
http://www.cnil.fr/index.php?id=1883&delib%5Buid%5D=75&cHash=2...
Ministry of Interior press release (in French, 18.10.05)
http://www.interieur.gouv.fr/rubriques/a/a5_communiques/20051013_cnil
IRIS et al. joint press release (in French, 23.11.05)
http://www.iris.sgdg.org/info-debat/comm-loi-terror1105.html
French National Assembly Dossier on draft law (in French, 29.11.05)
http://www.assemblee-nationale.fr/12/dossiers/terrorisme_securie_contr...
(Contribution by Meryem Marzouki, EDRI-member IRIS, France)
Like France, Denmark is also working on a new round of anti-terrorism measures, to be presented to Parliament in the spring of 2006. The proposals are quite far reaching and encompass a range of intrusions into citizens' digital privacy.
Among the most notorious proposals are: - a recommendation to let the authorities monitor the entire spectrum of telecommunications taking place within a delimited geographical area such as an apartment complex; - to allow intelligence services to request any information stored in any government database about any citizen without it being part of an ongoing investigation; - the introduction of mandatory screening of airline passenger lists by intelligence services; - to oblige all operators of services for electronic communications to implement technical measures to enable the authorities to wiretap any given communication at short notice. - a delegation to local authorities of the power to put in place CCTV surveillance of public spaces and open areas - a practice which previously had been disallowed.
The initiatives are part of a 49 item 'wish list' compiled by civil servants at the request of the government in the wake of the 7/7 bombings in London.
The initial reaction among legal experts, telecom operators and citizens' rights groups has been one of strongly outspoken opposition in relation to many of the proposals, which seems to have put the government on the defensive.
An action plan to further debate and implement the proposals was recently put forward in Parliament and won backing, although a majority had reservations. The political parties are now be invited to consult with government on the initial legislative drafts. In connection with this, the Parliamentary judicial committee has announced an expert conference on the initiatives in January 2006 and the government is expected to put forward its proposed legislation by spring of 2006. Digital Rights in Denmark are working pro-actively to influence public opinion in these matters.
Freedom and security under the shadow of terror (11.11.2005)
http://www.cphpost.dk/get/92115.html
PM backs off on terror package (17.11.2005)
http://www.cphpost.dk/get/92259.html
Government Action Plan on anti-terrorism (in Danish only)
http://www.stm.dk/publikationer/terrorpakke/index.htm
(Contribution by Kristoffer Nilaus Olsen, EDRI-member Digital Rights Denmark)
Digital Rights Ireland will formally launch at a press conference in the Conference Room in Pearse Street Library, at 11-am on Tuesday 6 December. The group has been formed to defend civil, human and legal rights in a digital age. Digital Rights Ireland will be discussing its mission, and current developments in relation to Data Retention, IRMA legal action and other matters.
Digital Rights Ireland is chaired by UCD Law Lecturer TJ McIntyre and is comprised of academics, journalists and technologists. The group believes that citizens' digital rights are being eroded - the rights we expect in the real world are being stripped from us in the online world. Protection of these rights will involve public promotion of digital rights, and lobbying for their protection where required.
Digital Rights Ireland is a contact point for policy makers who wish to gauge the impact of their regulation in this complicated, and sometimes technical, area. In addition, the group aims to provide an informed position on issues in the digital rights field, free from any commercial or political bias. Current areas of concern for the group include data retention, rights to privacy/data protection, helping people to fight spam, and intellectual property issues. Digital Rights Ireland also aims to inform citizens of their rights, and how to exercise them. To that end, collaborators already have produced pamphlets and research material on areas such as SMS spam and the Data Protection & Freedom of Information Acts. Further pamphlets, on matters such as libel liability for online speech, will follow shortly.
The foundation of Digital Rights Ireland is directly related to two political developments.
First, under current Irish law, citizens' electronic communications data must be retained for 3 years. This includes the physical location of every mobile phone in the country, and the numbers dialled from every mobile and land line. It may be accessed, without a court order or specific ministerial order, by the Gardai. This access need not be in response to any crime. If the Gardai are satisfied that it might be useful in the prevention of a crime (not limited to serious crime), it is permissible.
The Irish Government is currently one of a group of four countries seeking to have this requirement extended across the EU, and broadened to include your online activities. If passed, this will require Internet Services Providers to log every email you send and every web page you visit. Digital Rights Ireland will act to keep Irish people informed about these issues, to defend their right to privacy from unwarranted infringement and to ensure that all legislation proposed and passed is in line with European and Irish Human Rights Law.
Secondly, the Irish Recorded Music Association is currently seeking to sue individuals they say they have identified as having uploaded music onto file-sharing networks. DRI are in favour of civil, legal and human rights being protected in a digital world. That must extend to the legal rights of copyright holders, as much as individuals. However, protection of copyright cannot come at the expense of the civil right to privacy.
The Irish Recorded Music Association has also publicly stated that it believes that it's illegal to transfer music from your (legally bought) CDs to your (legally bought) iPod or MP3 player. DRI believes that the law in this area needs to be clarified - and if things like this are illegal, that the law needs to be changed.
All about Digital Rights Ireland
http://www.digitalrights.ie
(Contribution by Teresa Hackett, EDRI-observer eiFL, Ireland)
In Slovenia the number of installed surveillance video cameras on the roads is increasing rapidly. Apart from the CCTV systems on sections of so called "smart motorways" - which enable real-time monitoring of important traffic parameters and the informing of drivers via traffic portals - a large number of surveillance video cameras is installed on the whole Slovenian motorway network.
Article 74 of Slovenian Personal Data Protection Act requires that "a public or private sector person that conducts video surveillance must publish a notice to that effect. Such notice must be visible and plainly made public in a manner that enables individuals to acquaint themselves with its implementation at the latest when the video surveillance begins."
DARS (Motorway company in the Republic of Slovenia) has published such notices on toll collection booths. However, there are many sections (so called "open sections" and "half-open sections") of motorways on which drivers do not have to cross toll collection station in order to use the motorway. The use of such sections is free of charge. These sections are also equipped with video surveillance systems, but the drivers have no opportunity to get informed that they are entering the zone of video surveillance.
The Slovenian Personal Data Protection Inspector, Mr. Joze Bogataj confirmed that DARS is breaching article 74 of Personal Data Protection Act in case of motorway sections where drivers are not informed by toll booths or otherwise. There is one escape for video surveillance on these roads: it can be justified only if the video cameras are not able to capture image in sufficient quality, so that veivehiclechle number plates are not readable.
According to a statement by a police representative on 7 November on Radio Slovenia 1, DARS' video surveillance cameras on certain motorway sections are also used by the police for the prosecution of traffic offences. Therefore, the video cameras are most likely able to capture images in a way that vehicle number plates can be read from the recorded image.
Inspector Bogataj made the point that there is no special law that would permit DARS to perform video surveillance without having to comply with article 74 of Personal Data Protection Act.
On the 23 August 2005, there were 859 video surveillance cameras installed on the Slovenian motorway network, including those for monitoring toll collection stations (information provided by DARS).
Detailed article about road CCTV (in Slovenian only)
http://www.slo-tech.com/clanki/05016/
(Contribution by Aljaz Marn, EDRI-observer Privacyblog.net, Slovenia)
After the World Summit on the Information Society (WSIS) held in Tunis between 16 and 19 November 2005, a large number of attending civil society organisations decided to write another letter to Kofi Annan, secretary-general of the United Nations. During the WSIS the Tunisian government committed serious attacks on human rights and the right to freedom of expression. These attacks included harassment of delegates, assaults on Tunisian and international journalists and human rights defenders, denial of entry to the country, the blocking of websites, the censorship of documents and speeches, and the prevention and disruption of meetings. See also the report on the disturbance of a panel on freedom of expression, in EDRI-gram 3.23.
In the letter they ask him to investigate the attacks on human rights experienced by the participants during the Summit. "We believe it is essential that lessons are learnt from what has taken place here this week and we therefore call upon you, the Secretary General of the United Nations, to launch a full investigation into the attacks on human rights and freedom of expression that we have witnessed in Tunisia both in the run-up to and during the World Summit on the Information Society. We ask you to closely monitor the follow-up period in Tunisia."
On 1 October 2005 civil society organisations already sent a joint letter expressing very serious concerns about the suitability of Tunisia as a host country. Annan kindly replied on 27 October 2005, indicating he shared those concerns.
Civil society letter to Kofi Annan (28.11.2005)
http://www.citizens-summit.org/Letter-SecGen-241105.shtml
EDRI-gram 3.23, WSIS special
http://www.edri.org/edrigram/number3.23
The Supreme Court of the Netherlands ruled on 25 November 2005 in a landmark case against the freedom of internet users to express their opinion anonymously. The Supreme Court upheld a previous court verdict in which internetportal Lycos was forced to hand over the personal data of one of its subscribers to the Dutch stamp trader Pessers.
Mr Pessers trades in postage stamps on the auction portal eBay and was accused of fraud by a Lycos subscriber, who published Mr Pesser's name on his website. Subsequently Pessers demanded the personal data from the subscriber in order to sue for damages. But Lycos refused and was taken to court. After the initial verdict, Lycos did hand over the data, but only to find out the address data were false. Pessers started another procedure, to force Lycos to find other ways to retrieve the correct information, but that demand was declined.
Although the Court acknowledges that the content on the website was not 'apparently unlawful', the Court ruled that Lycos was required to hand over the data. In the view of the Court Pessers had made it 'sufficiently plausible' that the website 'could be' unlawful.
The outcome of the Supreme Court verdict is that ISPs in the Netherlands will have to evaluate two questions regarding websites when receiving complaints. The ISPs will have to take websites off-line after a notice and takedown request when that website is 'apparently unlawful'. This is a direct result of the e-commerce directive (2000/31/EC). The Court has now added a second question. If the website 'could be' unlawful then the ISP will have to hand over the personal data of the website owner. The music industry in the Netherlands has taken a great interest in the case Lycos/Pessers. The Dutch anti-piracy organisation Brein even paid for Pessers legal costs hoping that the ruling would enable them to get the personal data of peer-to-peer users through their access providers.
As a result of this ruling, ISPs in the Netherlands will have to evaluate a complex series of questions. Although Lycos decided to fight the legal battle to the very end, it is expected that most ISPs will not follow this example. It could become quite simple in the Netherlands to gain someone's personal data through an ISP if all it takes is to convince the ISP that the website involved 'could be' unlawful.
There is some light at the end of the tunnel as the Court stresses in its verdict that the conclusion only applies to the specific conflict between Lycos and Pessers and does not constitute a general rule.
Supreme Court: Lycos / Pessers (in Dutch only, 25.11.2005)
http://www.rechtspraak.nl/ljn.asp?ljn=AU4019
The international conference "e-Society.Mk" took place in Macedonia in October and November 2005, with the goal of raising awareness and sharing knowledge of decision makers about important information society issues with the general public. It was organised by Foundation Metamorphosis and supported by OSCE Mission in Skopje and the OSCE Representative on Freedom of the Media, in line with the recently adopted National strategy for the development of the information society.
Over thirty international and local experts interacted with an audience of around 400 participants in all events, discussing the topics of freedom of the media on the internet, e-business and cybercrime, copyrights and privacy, e-government and e-education. The audience consisted mainly of representatives of central and local government, IT experts, NGOs, journalists and university students (law, economics and IT).
Some of these sessions introduced topics that were entirely new to the Macedonian public discourse, such as alternative forms of protection of intellectual property (Creative Commons) and the protection of privacy. In Macedonia, there is no law on data protection yet. It is due in two years. Some sessions also served as advocacy channel to promote concrete solutions, including the announced Freedom of Information Act, expected to be adopted in the beginning of 2006.
Media coverage of the conference focused on the problem of increasing Internet penetration and bridging the digital divide in Macedonia, whose market is not completely liberalised, with large market players acting as de facto monopolies.
Mr. Miklos Haraszti, OSCE Representative on Freedom of the Media, stressed the need for "constant legislative care about pluralism of providers, pluralism of content providers, and pluralism in terms of media."
Mr. Xhemail Mehazi, the Minister of transport and communications of the Republic of Macedonia, emphasised the need for public-private partnerships and co-operation with all actors in society. Further policy and legislative obligations for Macedonia include enacting a Law on Information Society and a Broadband Strategy, scheduled for the beginning of 2006.
The conference started with an all-day plenary session in Skopje (on 20 October 2005) and was followed by public debates in four cities: e-business/cybercrime in Ohrid, freedom of the media on the internet in Skopje, e-government in Bitola and e-education in Tetovo.
e-Society.Mk Conference website
http://www.e-society.org.mk
Foundation Metamorphosis
http://www.metamorphosis.org.mk
OSCE Spillover Mission to Skopje
http://www.osce.org/skopje
(Contribution by Filip Stojanovski, EDRI-member Metamorphosis, Macedonia)
On 22 November 2005 the Advocate General of the European Court of Justice has advised to annul the EU-US agreement on the transfer of passenger data. The AG does not answer the privacy-questions raised by the European Parliament, but finds the agreement unacceptable under the subsidiarity rule of the European Union. Only the member states should decide on these matters, not the European Commission.
US Customs have had access to the passenger lists of Europeans flying to the US since May 2004. European commissioner Frattini promised to send the European Parliament an evaluation in May 2005, but nothing has surfaced yet.
The full court ruling will follow early in 2006. The court might still come up with a ruling that addresses the privacy-issue.
The court press release (available in different languages)
http://curia.eu.int/fr/actu/communiques/index.htm
Full-text of the opinion (in French, 22.11.2005)
http://www.statewatch.org/news/2005/nov/eu-us-pnr-ecj-ag-text.pdf
Advocate general backs Parliament challenge on passenger records (22.11.2005) http://www.euractiv.com/Article?tcmuri=tcm:29-149486-16&type=News
The Czech Lower House recently approved of a law introducing a new Penal Code, including a ratification of the Cybercrime convention.
The original version, prepared by the Ministry of Justice, contained a provision that would criminalise hacking and cracking IT systems, but due to misguided and very unclear wording it also criminalised legitimate activities such a cryptography, IT security testing etcetera.
The vagueness of the new law would have posed a serious threat of arbitrary criminalisation of legitimate activities and legal uncertainty in general.
Together with a coalition of crypto-analysts, EDRI-observer IuRe was successful in suggesting amendments of the proposal, basing it more literally on the text of the Convention.
The Senate still has to approve of the law, but nobody expects any challenges to the revised and improved provision.
Text of the proposed law from the Minsitry of Justice (in Czech)
http://www.psp.cz/sqw/text/tiskt.sqw?O=4&CT=744&CT1=0
Amendments proposed by MP¥s in the second reading (in Czech)
http://www.psp.cz/sqw/text/tiskt.sqw?o=4&ct=744&ct1=3
(Contribution by Helena Svatoöov·, EDRI-member Iuridicum remedium, Czech Republic)
14 December 2005, Brussels, Belgium
Presentation of the 'Worst EU lobbying Award'
Corporate Europe Observatory, LobbyControl, Spinwatch and Friends of the Earth Europe will present a new award for the most offensive case of corporate lobbying in EU capital Brussels. In the press release the Observatory writes: "Backed by almost a billion euros per year, over 10,000 corporate lobbyists roam the corridors of power in Brussels. Ever more inventive and often problematic ways of gaining influence are gaining ground. Pretending to be concerned environmentalists, buying science, funding anarcho-capitalist think-tanks, and securing first class treatment and access by EU bodies, powerful lobby groups manage to get their interests satisfied."
So far, the 'Campaign for Creativity' is heading the list, nominated as a fake NGO brilliantly disguising corporate demands as grassroots concerns when in fact set up to lobby MEPs to vote for US-style software patents.
http://www.corporateeurope.org/worstlobby/
27-31 December 2005, Berlin, Germany, 22nd CCC congress
http://www.ccc.de/
28 January 2006, Amsterdam, the Netherlands
Presentation of the Big Brother Awards 2005
http://www.bigbrotherawards.nl