Over forty non-governmental organisations from around the world signed an open letter to the International Civil Aviation Organization (ICAO) on 30 March 2004.

Privacy International (an EDRI member) and the American Civil Liberties Union wrote the letter calling on the ICAO to reconsider its standards-setting on biometric travel documents.

The ICAO proposes that all passports worldwide implement RFID chips to support face-scanning, and possibly other forms of biometric data, including fingerprinting and iris scanning. This information would be collected at the national level, but then compared to and possibly stored in international databases. Already the EU has proposed to build on the idea in order to create a central register of fingerprints of all EU passport and visa holders.

The European Parliament has rejected the existing 'agreement' between the USA and the EU on the transfer of airline passenger data. During a plenary session on 31 March Parliament adopted a resolution prepared by MEP Johanna Boogerd-Quaak.

The resolution calls upon EU Member States to require airlines and travel agencies to obtain passengers' consent for the transfer of data and asks the EU commission to withdraw the draft decision which is the current 'legal' basis for the transfer of data. Parliament criticizes the Commission's decision because it goes 'against the principles of proportionality and of data quality' and 'does not grant all passengers the protection which is afforded to US citizens'. In the resolution the Parliament reserves the right to appeal to the Court of Justice when the European Commission finalizes its agreement with the USA.

On 1 March 2004 the EU launched a new 4-year project on privacy and identity management. Its objective is the research and development of solutions to empower individuals in managing their privacy in cyberspace. The Commission contributes a budget of 10 million euro.

Following a longtime focus on privacy enhancing technologies, the Commission feels that privacy management should be built into information systems by design rather than as an afterthought. Under the new program, technical solutions should be developed to minimise disclosure of personal data and enforce end-users' privacy preferences. The scope of digital identities is very broad, from border controls to future electronic services that might deal with sensitive data such as patient health data, employee data, and credit card data.

An international coalition of privacy and civil liberty organisations have signed an open letter to Google urging the company to suspend its Gmail service until the privacy issues are adequately addressed. EDRI-members Privacy International, FIPR and Bits of Freedom have signed the letter.

Gmail is a free web-mail service that will scan the contents of e-mail in order to present targeted advertisements based on keywords in the e-mail text.

The international coalition is concerned about the unlimited period for data retention that Gmail proposes and the lack of clear policies about its data sharing between business units. Gmail sets potentially dangerous precedents and establishes reduced expectations of privacy in email communications that may be adopted by other companies and governments for many years after Google is gone.

EDRI has obtained secret documents in preparation of a Declaration against Terrorism that will be published during the Spring Summit of EU heads of state. The draft from the Irish presidency specifically mentions the need to prioritise mandatory data retention for GSM and internet providers. The Commission input for the Summit, issued a few days earlier, does not mention data retention, but proposes many other measures that will have a chilling effect on the daily lives of European citizens and their freedom to travel and communicate.

The desire for mandatory data retention was already expressed last week, on 19 March, during an emergency meeting of the EU's Justice and Home Affairs ministers in Brussels. Following a German initiative, the ministers discussed a catalogue of measures in the fight against

EDRI has obtained a confidential draft declaration on fighting terrorism for the EU Spring Summit, which will be held in Brussels on 25 and 26 March. The draft plans mandatory data retention of communications traffic data by service providers.

• Draft declaration on combating terrorism (PDF, 154 KB)
• Commission paper to the Council on Terrorism providing input for the European Council (PDF, 174 KB)
• Projet de déclaration sur la lutte contre le terrorisme (PDF, 144 KB)

The Council of Europe's Convention on Cybercrime will enter into force on 1 July 2004, following its ratification by Lithuania. The convention requires at least 5 CoE members to ratify. Previously Albania, Croatia, Estonia and Hungary have done so.

The convention's aim is to develop a common criminal policy on cybercrime by promoting international co-operation and the adoption of appropriate legislation. Signatories will have to implement into their national law criminal code concerning computer crime and will also have to give their police new powers to conduct investigations regarding computers and the internet.

Besides computer hacking and viruses, the convention covers (virtual) child pornography and computer-related fraud. Police forces in the ratifying countries will get new powers to seize data, intercept

The Italian government has issued a decree on Friday 12 March that puts a fine of 1.500 euro on the internet file-sharing of feature movies.

On top of the fine, computers and digital storage media can be seized. To complete the humiliation for the file-sharer, the sentence has to be published in 1 national daily newspaper and 1 specialised entertainment magazine. The Ministry of Culture Giuliano Urbani has mockingly declared this sanction 'symbolic'. Adding to that, in reference to peer-to-peer file sharing, Urbani said that 'multimedia piracy is a theft, and must be handled as such'.

Since its first draft, this legislative measure was strongly protested against by citizens, ISPs (forced to violate the privacy laws by spying and filing complaints against their customers), columnists and