France, Ireland, the UK and Sweden have made a joint proposal to the Council of the European Union to store the telecommunication data of all 450 million EU citizens for a period of 12 to 36 months, for law enforcement purposes.

If the ministers of the member states accept the proposal for a framework decision, all traces of telephony of internet usage of all EU citizens will be stored for a long time. These so-called traffic data reveal who has been calling and e-mailing whom, which websites they have visited, and even where people were with their mobile phones.

The draft framework decision addresses providers of telephony and internet, both networks and services. They will have to store the traffic data of all their users, not just those of suspects. Since there are only few people in Europe without a telephone, gsm or internet, in the newly enlarged Europe this decision would affect the privacy and freedom of expression of 450 million citizens.

Tomorrow, 6 May 2004, the French national assembly will have the final reading of the controversial digital economy law (Loi sur la confiance dans l'economie numerique, LEN), followed by a final reading in the Senate on 13 May 2004. This will conclude the French transposition process of the E-Commerce Directive (2000/31/EC) and part of the Directive on Privacy and Electronic Communications (2002/58/EC).

After the French Senate completed its second reading of the draft law on 8 April 2004, an inter-parliamentarian commission proposed a new text on 27 April 2004 to approximate the results of both the National Assembly and the Senate. The Senate and the commission have confirmed most of the very controversial provisions contained in the draft law (see EDRI-gram issue 2.1, 15 January 2004), but suppressed the provision obliging hosting providers to monitor the content of their customers, since this measure is explicitly forbidden by the E-Commerce Directive.

Today, 21 April 2004, the European Parliament has voted to take the European Commission to court over the agreement with the United States Department of Homeland Security on the transfer of air passenger's personal data (PNR) to U.S. authorities. The Strasbourg Court is now to examine whether the Commission, when making the deal, exceeded its powers and acted in disrespect of EU Data Protection legislation.

After a major controversy, the project for a recommendation to ask the opinion of the European Court of Justice was adopted with a small majority of only 276 votes against 260. The Parliament's biggest Group - the centre-right wing PPE/DE, counting 232 of the House's 626 members -, opposed the recommendation, as well as the 29-strong delegation of the UK Labour Party and presumably a handful of German Social Democrats.

EDRI member Privacy International has filed complaints about Google's proposed new Gmail service with privacy and data protection regulators in 17 countries in Europe, Canada and Australia. The complaint identifies a large number of possible breaches of EU law. These include: stability of the contract, security of data, interception and disclosure of content, subject control over data, searching of e-mail content, indefinite retention, confidentiality, third party issues, offshore processing of data, consent issues and the treatment of sensitive data.

Privacy International is requesting from national data protection commissioners "to assess this type of service with a view to ensuring that all necessary protections and safeguards required by the EU Data Protection Directive and national laws have been implemented. While we understand that the Gmail contract may be freely entered into by customers, and that Google has provided a degree of openness about its intentions, the conditions must be in place to ensure that privacy rights are protected."

On 29 April 2004 the French National Assembly will examine in second reading the draft law implementing the 1995 Directive on the protection of privacy and personal data. The transposition process started in July 2001 under the previous government. France is the last EU country where the implementation has not been completed, far beyond the deadline of October 1998.

French people have been however among the first EU citizens to enjoy a law on personal data protection, with the 'Computing and Freedom Law' (Loi informatique et libertes) adopted in January 1978. But this law only deals with protection against government activities, and the transposition is needed to reinforce protection against private and commercial activities. The long awaited implementation of the Directive is also supposed to empower the French Data Protection Authority (Commission nationale de l'informatique et des libertes or CNIL), giving it the power to impose financial sanctions on companies when they infringe the law.

The organising committee of the Big Brother Awards Switzerland has published a map of more than 70 video surveillance cameras in a city district of Zurich (Switzerland). The map was presented on the occasion of a public camera-spotting walk on 10 April 2004, that was organised as part of the annual 'Spring surveillance' events.

Most of the cameras are installed by private entities, some of them are dummies. The cameras are categorised by a special typology. The map can also be downloaded as a PDF file. Previously, in Belgium, Germany and the Netherlands, several cities were mapped.

Online surveillance map Zurich
http://www.bigbrotherawards.ch/doc/cctv/

Map Brussels
http://www.constantvzw.com/survcam/

Map 13 German cities, including Berlin, Cologne, Frankfurt, Hamburg, Munich and Stuttgart
http://www.dergrossebruder.org/main.php?id=34000

EU COMMISSION WANTS TO RFID EVERYTHING

The European Commission considers it to be part of the Lisbon Strategy - and therefore a top priority - 'to have smart dust and tag everything' with Radio Frequency Identification (RFID). The point was made by Rosalie Zobel, Director of the Information Society Technologies (IST) programme at the Commission, in her opening speech of a one-day workshop on 'wireless tags research needs' in Brussels on 20 April 2004. Mrs Zobel thinks this aim can be achieved and dreams of it being "the source of a new set of business models and creator of high quality tech jobs".

The workshop was part of a consultation process in relation to Work Programme 2005-06, which covers the second half of the EU's Sixth Research Framework Programme (FP6). The Work Programme will be officially published at the end of October, and is likely to contain three calls for projects that may be funded by the EU in the field of RFID technology with a total of 180 Million Euro.

The Article 29 Data Protection Working Party has adopted a working document on genetic data. The technical progress which science has made over recent years in the field of genetic research has given rise to new data protection questions and concerns in relation to the significance and impact of genetic tests and the processing of genetic data.

The document states that any use of genetic data for purposes other than directly safeguarding the data subject's health and pursuing scientific research should require national rules to be implemented, in accordance with the data protection principles. The application of these principles render the blanket implementation of mass genetic screening unlawful.

In addition, the ease with which genetic material can be obtained without the knowledge of the data subject and the relevant information can be subsequently extracted from such material, requires strict regulations in order to prevent the dangers related to new forms of identity theft.