On Friday 12 March the German Parliament (Bundestag) will discuss the proposal for a new Telecommunication Law in second and third reading. The government coalition (made up of Social Democrats and Greens) has softened many of the proposed new telecommunication surveillance powers.

There won't be mandatory general data retention and the costs of handing-over data about customers will be reimbursed on a case-by-case basis. Also, the idea - introduced in the draft of 15 October 2003 - to introduce mandatory identification for pre-paid phone-cards is gone. (See an earlier report in EDRI-gram 21)

Originally the Bundesrat, the council of the federal states, demanded that service providers should store all data about all the telecom activities of their users for a period of 6 months, including for example information

The Austrian Constitutional Court (VfGH) has declared parts of the military power law (Militaerbefugnisgesetz, MBG) unconstitutional, in a decision dated 23 January 2004. The case was instigated by Social Democratic members of the Austrian Parliament. The decision does not repair all points that critics have raised.

The military law was adopted in the year 2000 and amended in 2002. It was the first time in Austria that competencies and responsibilities of military authorities were regulated comprehensively. Before that, relevant regulations were scattered in the Austrian legislation while some parts weren't regulated at all.

Part of the law that was declared unconstitutional deals with data collection by observation, by requests of information and by recording sounds and images. These snooping activities are permissible for

The European parliament's committee on Citizens' Freedoms and Rights, Justice and Home Affairs is preparing to vote on a proposal by MEP Johanna Boogerd-Quaak to reject the draft decision of the EU Commission under which airline passenger data are transferred to the US Bureau of Customs and Border Protection.

The proposal calls upon EU Member States to require airlines and travel agencies to obtain passengers' consent for the transfer of data and asks the EU commission to withdraw the draft decision which is the current 'legal' basis for the transfer of data.

The proposal calls the draft decision "contradictory, since it fails to take into account the CAPPS II system (which involves the systematic assessment of all passengers by means including recourse to private information services) but at the same time it authorises the use of

In France the owner of a website was convicted to pay a penalty of 450 Euro for publishing personal data without first registering with the Data Protection Authority, the CNIL. On 25 February the appeal-court of Lyon confirmed the earlier ruling, even though the judges decided to suspend payment of the penalty.

Remarkably the website-owner, Roger Gonnet, is a former member of Scientology who denounces the organisation as a cult and mentions names and other data about members on his website. One of these members complained. The first court ordered him to pay a penalty of 450 Euro, plus 450 Euro compensation for attorney costs and a symbolical 1 Euro compensation for general damages. The appeal-court rejected the extra compensation, because the plaintiff could not prove the damages.

On 9 March the European Parliament adopted a resolution on the implementation of the Data Protection Directive of 1995 (95/46/EC), based on an own-initiative report by the Italian radical Marco Cappato. The report is very critical about the lack of adequate privacy protection in Europe.

The report centres on data protection within the third pillar (the area of justice and internal affairs). It urges the Commission to finally create the promised 'legal instrument' to protect privacy in the third pillar, especially concerning Europol, Eurojust and all other third-pillar organs.

The parliamentary resolution dedicates very harsh words to the transfer of PNR-data: "(...)national and European laws on the transfer of personal data to third countries have been flagrantly breached by the transfer of transatlantic

According to a new Communication on the research into security, the European Commission plans to fund research on "tagging, tracking and tracing devices ... that improve the capability to locate, identify and follow the movement of mobile assets, goods and persons".

The Commission announces the launch of a new funding program entitled 'Enhancement of the European industrial potential in the field of Security research 2004 - 2006'.

The program is a so-called 'Preparatory Action'. It should set the agenda for advanced security research from 2007 onwards. The action is funded with 15 million Euro in 2004 and approx. 65 million Euro overall.

Among the goals of the research is the improvement of 'situation awareness'. Relevant issues for the different projects are identified as "(...) Demonstration of the appropriateness and acceptability of tagging, tracking and tracing devices by static and mobile multiple sensors that improve the capability to locate, identify and follow the movement of mobile assets, goods and persons, including smart documentation (e.g. biometrics, automatic chips with positioning) and data analysis techniques (remote control and access)."

The UK Government has given a guarded welcome to a review of its data retention powers. The review came from the Newton Committee, which was set up by the Anti-Terrorism, Crime and Security Act 2001 that created these powers.

The Committee, even though empowered to revoke some powers, supports the principle of data retention for up to a year. The review recommends some changes to the form of the legislation, widening the scope from fighting terrorism to the more general area of serious crime.

The Government has just published a response to this review, which agrees with the proposal to move retention from anti-terrorism to general legislation. It suggests that the most appropriate location for the powers would be in an addition to the Regulation of Investigatory Powers Act 2000, which already governs access by authorities to stored

The Article 29 Working Party, the European collaboration of the Data Protection Authorities, has published a (brief!) 'Working Document on Trusted Computing Platforms and in particular on the work done by the Trusted Computing Group (TCG group).' It is a balanced description of 'work in progress', since there are not many end-user applications yet, besides some widely published tests with Digital Rights Management.

The document offers general observations derived from privacy principles, like the need to distinguish between usage in a corporate and in a private environment and the need to provide clear information to users, while always protecting the security of data.

"Both those who design technical specifications and those who actually build or implement applications or operating systems bear responsibility for the data protection aspects, although at different levels. Those who build, commercialise and use the applications bear responsibilities as well, especially organisations that process user data, as they will normally be the last one in the chain and the ones who interact with the user."