In their vote yesterday on the future EU Data Protection Supervisor, the Committee of the European Parliament on Justice and Home Affairs (LIBE) produced a very surprising result. Out of 8 possible candidates, a majority of the MEPs voted for the only candidate who has no record of dealing with privacy, data protection or even the protection of any other civil rights.

Joaquín Bayo Delgado has become known to regular readers of the Official Bulletin of the State of Spain as the dean of the university of Barcelona, and that's about it.

In their formal evaluation of the European Directive on Electronic Pay-Services (98/84/EC), the European Commission strongly promotes legal measures against copyright infringements. The report, published 2 weeks ago, evaluates the implementation and enforcement of the directive by member states and candidate countries, from its adaptation in November 1998 through to December 2002. Part of the report is dedicated to the problems with satellite TV. According to the authors, a significant amount of piracy is caused by the fact that many EU-citizens are unable to access protected satellite TV channels originating from other member states, even if they are willing to pay for it.

The Commission’s secret talks with U.S. authorities on the transmission of air passenger data have caused a heavy clash between EU institutions. The Security spokesperson of the EP conservative fraction, the Austrian Hubert Pirker, announced today his fraction will take the Commission to the European Court of Justice.

Since 5 March U.S. authorities have access to most European airlines’ passenger data bases. On 10 March, the European Parliament’s influential Citizen’s Rights and Freedoms, Justice and Home Affairs Committee (LIBE) adopted a resolution containing harsh criticism of the Commission’s proceedings. It “questions the legal base and the repercussions”, of the Joint Declaration with U.S. officials and “expresses concern that it could be interpreted as an indirect invitation to the national authorities to disregard Community law”. The original French-language draft of the resolution contained even more outspoken criticism, stating that the Joint Declaration “lacks any legal basis”. Immediately after the vote, amendments were drafted in order to broaden the criticism of the Commission in the EP resolution, which will be voted in Brussels on 26 or 27 March and is likely to be adopted by a vast majority.

From 5 March onwards, USA officials will have direct electronic access to databases with EU passenger data. On 19 February, U.S. Deputy Customs Commissioner Douglas Browning and officials of the European Commission agreed to give the custom officials direct access to the personal data of passengers flying to, from and through the United States.

These databases don't just include names of passengers, but also itinerary, phone and credit card number, time of booking and possible changes. The discussion about data of a sensitive nature, such as meal preferences, was closed with a recommendation to jointly develop measures to protect these data, preferably before 5 March 2003.

In return, 'US Customs undertakes to respect the principles of the Data Protection', at least, as long as these principles don't stand in the way of the secret services. 'US Customs may provide information to other US law enforcement authorities only for purposes of preventing and combating terrorism and other serious criminal offences, who specifically request PNR information from US Customs.'

The EU Safer Internet Action Plan, than ran from 1999 to 2002, did not deliver very impressive results, to put it mildly. Rapporteur Bill Newton Dunn (UK Liberal Democrat) from the Parliamentary Committee on Citizen’s Freedoms and Rights, Justice and Home Affairs (LIBE) wrote a slashing draft report about the request to extend the plan for another 2 years. The original plan had 4 objectives:

• Create a European network of childporn hotlines
• Develop European filtering and rating systems
• Encourage awareness actions
• Organise an international conference about the topic

Analysing the achievements, Newton Dunn states that nobody seems to know the telephone numbers of the supposed network of hotlines in 10 member states. Secondly, in stead of validating existing filtering software and carry out security tests against counter-attacks, the express wish of the EP, the Commission financed 13 seemingly vague and uncoordinated filtering projects. Awareness has not been promoted very well either. ‘Projects such as the SUI project resulted in the distribution of 60.000 copies of a brochure on safer Internet use to teachers (...).’ Finally, no conference was organised, ‘and now, in the rapporteur’s opinion, the money would be better spent with the candidate countries.’

Microsoft has agreed to change its Passport authentication system, after the publication on 29 January of a very critical review by the united EU privacy commissioners. Besides the Microsoft .NET Passport system, the commissioners, united in the so-called Article 29 Working Party, also examined the Liberty Alliance Project. The review concludes with general guidelines for future on-line authentication systems.

In order to comply with EU privacy rules, Microsoft agreed to substantially modify the Passport system, "involving in particular a radical change of the information flow".

Passport is a system that centralizes authentication and information sharing for users on the internet. The system stores user information such as addresses, ages, phone and credit card numbers and other personal details in a large central database. With one click, users can transfer their personal information to participating websites.

38 Members of the European Parliament from 7 different political groups have united in their resistance against mandatory data retention. Initiated by Marco Cappato, Italian Radical and former Rapporteur on privacy in the electronic communications, last week the MEP's presented a strongly worded recommendation to the European Council. Even though the new European Privacy Directive leaves room for national legislation on data retention, the MEP's reject the current Council-plans for a binding framework Decision.

A questionnaire that was sent out to all member-countries about current practice and wishes concerning mandatory data retention showed all in favour of a harmonised regime, with the sole exception of Germany and Austria, and some

hesitance in the Netherlands, that rather wait for Council harmonisation under