With the planned inclusion of two biometric identifiers into EU Member States' passports and ID Cards as well as Visa to the EU, it was only a question of time when the first plans to store these identifiers in an EU-wide database would be announced.

The announcement came shortly before Christmas: Biometric data will, according to a Communication from the EU Commission, be included in the data sets referring to persons in the next-generation Schengen Information System. While the update of the present Schengen Information System (SIS) was initially justified by this system's inability to deal with the 25 Member States the EU will have after the enlargement (SIS can only deal with up to 18 national databases), new features have been added continuously to SIS-II, making it the hub of future EU surveillance networks. The present SIS contains, in practice, personal information mostly on non-EU citizens who have been denied access to the EU. SIS-II, which is to become operational in two year's time, will, according to the Commission, be 'integrated in the same architecture' as the future Visa Information System (VIS). Europol, the EU police force, will have access to both.

Commissioner Frits Bolkestein concealed important details on the draft agreement reached with the USA on the transfer of Passenger Name Record Data (PNR) to the U.S. Bureau of Customs and Border Protection when reporting to two Committees of the European Parliament four weeks ago. This is what Bolkestein's spokesman Jonathan Todd has admitted in an interview with German public television station WDR.

On 16 December 2003, speaking to a joint session of the EU Parliament's Legal Affairs and Interior Affairs Committees, Bolkestein claimed that the use of EU citizen’s personal data in the CAPPS-II system was explicitly exempted from the agreement the negotiation group he heading had just reached with U.S. authorities. He made the point that this exclusion was part of 'important concessions' of the U.S. side, prerequisite to the Commission's agreement to the transfer of PNR data to the U.S.: "The arrangement will not cover the US Computer Assisted Passenger Pre-Screening System (CAPPS II)." And: "In concluding my last round of discussions with Mr Ridge, I informed him that in the light of the narrower uses for PNR, the exclusion for now of CAPPS II and all the other improvements they had made, I was prepared to propose that the Commission make a finding of adequate protection with regard to transfers of PNR to the US Bureau of Customs and Border Protection."

The US airline company Nothwest Airlines voluntarily handed over the personal data of possibly as much as 10 million US and European passengers to the National Aeronautics and Space Administration (NASA). Northwest Airlines has an alliance with the Dutch airline company KLM. The two companies have integrated their reservation systems and operate code-sharing flights from the USA to Amsterdam and beyond routes to Europe, Africa, the Middle East and India. Airline experts believe part of the data handed over to NASA originates from KLM passengers.

The Electronic Privacy Information Center (EPIC) in Washington publicized documents about the transfer obtained through a Freedom of Information Act procedure. NASA requested from Northwest Airlines the passenger data (PNR) from July to September 2001 for use in development and testing of passenger-profiling schemes. Northwest acknowledges the transfer. The company said in a statement that the transfer was 'appropriate' but that its current policy 'is to not provide passenger name record data to private contractors or federal government agencies for use in aviation security research projects'. EPIC has filed a complaint against Northwest Airlines with the US Department of Transport.

Peter Hustinx, the Dutch data protection commissioner, will be elected today as the new EU data protection commissioner.

The Conference of Presidents, composed of the heads of the Political Groups in the European Parliament, decided to back-down from their original idea to give the position to the Spanish magistrate Joaquín Bayo Delgado. He will now be appointed Assistant Commissioner. The decision will be made public today, after the Council has approved.

Back in May Bayo Delgado, backed by an informal coalition of Spanish MEPs, won a test vote in the European Parliament Interior Affairs committee.

Talks between the European Commission and the US department of Homeland Security about airline passenger data are moving very slowly. Commissioner Frits Bolkestein told the European Parliament that the US are only willing to compromise on a few disagreements. Most importantly the US do not want to limit the use of airline passenger data to the purpose of fighting terrorism.

Since March the US are demanding passenger data from European airlines flying to or through the US. The data is sent to the US prior to flight departure and used by the US to screen passengers and apply a risk assessment. The passenger name record data (PNR) consist of many data items: departure and return flights, connecting flights, special services required on board the flight (meals such as Kosher, Halal) and payment

On 22 October, EDRI members FIPR and Privacy International held a public meeting to assess proposed government legislation to retain and snoop on information about the phone and Internet activity of everyone in the UK.

Speakers from the government side tried to convince a sceptical audience that the plans were a necessary and proportionate response to crime. Representatives of the Home Office, Northamptonshire County Council and the Department for Work and Pensions said that access to this data was essential to their work. However, the head of information rights at the Department for Constitutional Affairs said that they still had concerns about the regulation of some government agencies.

Pointing to different persons on a website and making them recognisable by naming them or in any other manner is an act of processing of personal data and must therefore be dealt with under EU Directive 95/46/EC. That's the substance of a recent judgement of the European Court of Justice (reference number C-101/01; case Bodil Lindqvist). It is the first time this court has ruled on the scope of the data protection directive and freedom of movement for such data on the internet.

Back in 1998, the Swedish Mrs. Bodil Lindqvist had posted personal information, meant to be humorous, about herself and 18 of her colleagues at a local church. Among other things she mentioned that one of her colleagues had fallen off a ladder and broken her ankle.

On 15 October the German Federal Government adopted a draft new telecommunication act. The draft aims, inter alia, at implementing the European Directive on privacy and electronic communications (2002/58/EC), but will not introduce the spam-ban described in Article 13 of the Directive. In Germany spam will be banned through an update of the Act against Unfair Competition, and remain subject only to civil law.

The new telecommunications Act contains some important changes in privacy issues.