The European Union has taken steps towards the creation of an EU-wide health identity card. By 2008 there will be a new card with a microchip that can store a range of biometric and personal data. Approved by Union ministers in Luxembourg the plastic disk will slide into the credit-card pouch of a wallet or purse.

The European Health Insurance Card is intended to replace forms currently used by travellers who fall ill in other EU countries. Eventually it will replace a plethora of other complex forms needed for longer stays.

During the first phase - starting at 1 June 2004 - each country will be able to choose whether to include photographs, fingerprints and biometric data, such as eye measurements, on the 'national' side of the card.

European discussions can't agree on the appointment of a European privacy-czar. The European parliament insists on choosing Joaquín Bayo Delgado, who has no experience in data protection issues, as the new EU Data Protection Supervisor. The Council favours the Dutch Data Protection Commissioner Peter Hustinx.

Jorge Salvador Hernández Mollar, the President of the European Parliament's Committee on Citizens' Freedoms and Rights, Justice and Home Affairs (LIBE), recently made a move to break the blockade between the Parliament and the Council on the issue. In a letter sent on 10 October to Umberto Vattani, the Permanent Representative of Italy with the European Union, Mr.

Human rights experts in Romania issued harsh criticism at the government resolution adopted last week to set up an Integrated Information System (SII), as they consider it as extremely dense, imprecise and giving room to arbitrary interpretation.

The French Data Protection Authority, the CNIL, considers the current use of chip-cards for public transport a serious danger for privacy. The cards combine identity-data with travel data like point of entrance to the subway, date and time, and even exact route in case the passenger switches route halfway.

In its recommendation of 16 September, the CNIL says: "In fact, the movements of persons using these cards can be reconstructed and thus they are no longer anonymous. This limits the fundamental and constitutional freedom of coming and going as well as the right to a private life, which also is a constitutional value."

The possibility of anonymous travelling should be maintained, according to the French DPA, independent of any card system.

Industry and human rights campaigners have condemned new data retention proposals from the UK's Home Office (Ministry of Internal Affairs).

The draft Statutory Instruments (secondary legislation) would approve 'voluntary' retention by Internet Service Providers, but preserve the power of the Home Secretary to impose a compulsory code. Data on customers would be retained for up to 12 months, and could be accessed by a large number of government bodies for many different purposes. While the 'Snoopers Charter', that enabled access for almost every government-related agency was officially withdrawn in June 2002, the new proposals show no change of heart.

Negotiations about airline passenger data between the European Commission and the US are stuck but both parties have agreed to solve their differences before the end of this year. On 22 September, Asa Hutchinson, US Under Secretary for Border & Transportation Security met with EU Commissioner Bolkestein, but that didn't result in any public change of the US position.

Since March the US is demanding passenger data from European airlines flying to or through the US. The data is send to the US prior to flight departure and used by the US to screen passengers and apply a risk assessment.

The European Commission is planning a new Directive on privacy in the workplace, in 2004 or 2005. After two consultations with the social partners, in August 2001 and October 2002, the Commission is convinced of the necessity of such a new directive.

On 15 September the Frankfurt District Court confirmed an earlier partial ruling in favour of the German web anonymiser AN.ON. According to this ruling, there was no legal ground for the request by the German Federal Bureau of Criminal Investigation to record data about visitors to a specific website (see EDRI-gram 16 and 17).

The initiators of the project are confident about the outcome of their other appeal against the court order to hand over the single record they stored under the initial order. However, they seem less confident about the legislator.