archief:edri_gram_nieuwsbrief:17_11_10
no way to compare when less than two revisions
Verschillen
Dit geeft de verschillen weer tussen de geselecteerde revisie en de huidige revisie van de pagina.
— | archief:edri_gram_nieuwsbrief:17_11_10 [2017/09/11 21:36] (huidige) – ↷ Pagina verplaatst van edri_gram_nieuwsbrief:17_11_10 naar archief:edri_gram_nieuwsbrief:17_11_10 KapiteinG | ||
---|---|---|---|
Regel 1: | Regel 1: | ||
+ | ====== EDRI-gram Nieuwsbrief - 17 november 2010 ====== | ||
+ | ===== 1. E-Commerce directive: ensure freedom of expression and due process of law ===== | ||
+ | EDRi has responded to the public consultation of the European Commission on Electronic Commerce Directive (2000/ | ||
+ | This consultation, | ||
+ | |||
+ | EDRi focuses its answer on the liability regime of the technical intermediaries set by Articles 12 to 15 of the Directive. This scheme applies to intermediaries providing access to the Internet as well as content distribution and hosting. From the users' perspective, | ||
+ | |||
+ | EDRi's response stresses that the lack of clarity and precision of this regime does not currently allow adequate protection of human rights and the rule of law, nor does it ensure legal certainty for intermediaries. In support of this assertion, EDRi provides examples of concrete situations having occurred in different countries following the transposition of the Directive into national laws. | ||
+ | |||
+ | In order for the EU to respect its current obligations with regard to its own Charter of Fundamental Rights and its upcoming obligations under the European Convention on Human Rights, EDRi underlines the need to revise the current intermediaries liability regime as follows: | ||
+ | |||
+ | * Where an intermediary is not hosting the content (acting as a mere conduit, an access provider or a search engine), it should have no liability for this content, nor should it have any obligations with regards to the removal or filtering of this content; | ||
+ | * Where an intermediary acts as a hosting provider, its liability with respect to the content hosted should be restricted to its lack of compliance with a court order to take down this content; | ||
+ | * Intermediaries should have no obligation to monitor content; | ||
+ | * Services and activities currently not addressed by the Directive (search engines, web2.0 services, hypertext links) should also benefit from the same limited liability regime. | ||
+ | |||
+ | Details on all these issues are provided in the EDRi response. | ||
+ | |||
+ | * [[http:// | ||
+ | * [[http:// | ||
+ | * [[http:// | ||
+ | |||
+ | ===== 2. Panoptykon looks for the rationale behind the blanket data retention ===== | ||
+ | On 9 and 10 November 2010 the representatives of the EDRi-member Panoptykon Foundation met with the representatives of the European Commission in order to discuss the evaluation of the Data Retention Directive (DRD) and the rationale behind the regime of blanket data retention . The meetings were held with representatives from Reding Cabinet first and secondly with members of the Directorate General for Home Affairs - DG Home. The following is a summary of the main issues that were discussed according to Panoptykon' | ||
+ | |||
+ | It seems that the Commissioner Reding remains very critical about the current data protection regime. The following might be identified as the main problems with the Directive: | ||
+ | * (i) there is too much room for interpretation for Member States as to what " | ||
+ | * (ii) retention periods are too long; | ||
+ | * (iii) the scope of data to be retained remains undefined (especially with regard to the Internet); | ||
+ | * (iv) there should be an obligatory judicial control mechanism provided in the DRD itself. | ||
+ | |||
+ | On the next day with DG Home there were discussed three main problems: | ||
+ | * (i) the evaluation process and their plans for the near future; | ||
+ | * (ii) the implementation of DRD and its planned revision; | ||
+ | * (iii) the proportionality of the data retention regime in principle. | ||
+ | |||
+ | Regarding the evaluation process, DG Home admitted that they were still working on the report and 3 March 2011 remains their internal deadline for publishing it. The delay in the process is due to the lack of response from the Member States - only 13 responded, sending rather low quality data (e.g. no statistical information on how the retained data was used and with what effect for law enforcement). Only the UK made an effort to give more insight into how the retained data was used in investigations. | ||
+ | |||
+ | There might be nine key issues in the evaluation report: purpose, period, scope, modalities, authorities, | ||
+ | |||
+ | As far as the implementation and considered revision of DRD is concerned, from the discussion with | ||
+ | |||
+ | DG Home it appears that not a single Member State has implemented the directive as it was intended by the Commission. However, it seems that the evaluation report will not mention particular states. | ||
+ | |||
+ | While discussing the shortening of the retention period, DG Home quoted a survey saying that while the retained data is requested within the first 3-6 months in investigating minor crimes or offences, in the case of most serious crimes (like terrorism) data is requested even 2 years after the crime occurred. So the argument is that if someone wants to fulfill the original goal of the DRD, a long retention period might be a necessity. | ||
+ | |||
+ | It was our understanding that DG Home seems convinced that the amount of data stored byoperators under DRD remains the same as it was under the e-Privacy Directive (Art.15). Also that DRD remains an alternative legal basis for implementing the data retention regime to Art.15 of the e-Privacy Directive . That would mean that DRD was not seen as lege specialis(!). | ||
+ | |||
+ | Finally, on the point of the adaptation of the data retention regime to " | ||
+ | |||
+ | A long discussion related with the proportionality issue. One opinion was that the reasoning applied by the European Court of Justice in the Marper case can be used to legitimise the blanket data retention regime. This might be understand as the Court criticised " | ||
+ | |||
+ | * [[http:// | ||
+ | |||
+ | ===== 3. Data retention regime in discussion all over Europe ===== | ||
+ | While in Germany the Minister of Justice rejects the current data retention regime, Sweden is preparing to implement it. In the meantime, the European Commission is organizing a public debate on the review of the directive, but has delayed its final report on the revision. | ||
+ | |||
+ | The Swedish Government has proposed a draft law to implement the data retention directive, asking for a six month period of keeping the trafficdata of electronic communications. Justice Minister Beatrice Ask considers that it is " | ||
+ | |||
+ | The European Commission (EC) has already started the review of the data retention directive, but decided to postpone the report after it failed to obtain from member countries enough evidence to show why the directive is needed. "The data retention directive is a totally failed initiative," | ||
+ | |||
+ | In Germany, the head of the Federal Criminal Police considers that its country should re-enact the data retention law. But the German Minister of Justice Sabine Leutheusser-Schnarrenberger has supported the position of the civil society which is against such a measure. Moreover, she has informed the German Working Group on Data Retention (AK Vorrat) that she supports their position that if the EU Commission wants to uphold the data retention policy entirely, the EU must at least leave it to national parliaments and constitutional courts to decide whether they wish to implement this policy or not. "I am permanently in touch with the EU Commission and will take your arguments into account in our upcoming discussions", | ||
+ | |||
+ | The AK Vorrat press info also points to the recent ruling of the European Court of Justice | ||
+ | |||
+ | that considered " | ||
+ | |||
+ | "The EU must now also abandon the disproportionate practise of indiscriminate retention of records on any communication, | ||
+ | |||
+ | Six EU member states have refused to transpose the controversial 2006 EU data retention directive; in two more EU Member States constitutional courts have annulled data retention laws, finding them incompatible with fundamental rights. | ||
+ | |||
+ | The Canadian Government also distanced itself from the controversial EU data retention policy. It announced plans to " | ||
+ | |||
+ | * [[http:// | ||
+ | * [[http:// | ||
+ | * [[http:// | ||
+ | * [[http:// | ||
+ | * [[http:// | ||
+ | |||
+ | ===== 4. European Commission takes next step towards data protection review ===== | ||
+ | The European Commission has published a Communication on "a comprehensive approach to personal data protection in the European Union", | ||
+ | |||
+ | Based on its work on this dossier to date, the Commission has identified the need to address several key priorities, the first of these being to adapt to the impact of new technologies. Three further priorities (enhancing the single market, providing stronger institutional arrangements and improving coherence) address a core problem that unites pretty much everybody concerned with the current framework - the lack of consistency and predictability in the implementation of the Directive. This consistency will be tested by the broader applicability of the Directive as a result of the Lisbon Treaty. A further priority will be to strengthen international measures, to ensure protection of personal data on a global level, particularly as a result of developments such as outsourcing. | ||
+ | |||
+ | These priorities are honed down it the Commission' | ||
+ | |||
+ | The first objective is the strengthening of individuals' | ||
+ | |||
+ | The second objective is more difficult still - to increase transparency for data subjects. The Commission proposes three different strands of action on this point. It suggests a general principle of transparent processing, bolstered by specific obligations on what information to provide and how to provide it and with standard EU forms for data controllers. Finally, as it was almost unavoidable after the introduction of a sector-specific breach notification obligation in the e-privacy Directive, the Commission suggests a general breach notification obligation. | ||
+ | |||
+ | The third objective is a clearer power of citizens to have control over their own data, where theoretical rights granted by the existing Directive are currently very difficult to enforce in practice. The aim of the Commission is to improve the procedures for exercising the rights of access, rectification, | ||
+ | |||
+ | ("as far as technically feasible" | ||
+ | |||
+ | The fourth objective is to increase the level of awareness of data protection rights in Europe, including funding for this via the EU budget and through an obligation on Member States to raise awareness. | ||
+ | |||
+ | Fifth, the Commission sets an objective of ensuring free and informed consent but, unsurprisingly, | ||
+ | |||
+ | The sixth objective is updating the protection for sensitive data, in particular with regard to the extension of the definition of sensitive data and harmonizing the conditions for processing such data. | ||
+ | |||
+ | Finally, and importantly, | ||
+ | |||
+ | With regard to the single market, the Commission recognizes the failures of the existing framework and undertakes to " | ||
+ | |||
+ | The Commission is keen to ensure that simplification of procedures will not lead to a weakening of rights and therefore aims to create specific obligations including data protection impact assessments and the use of privacy enhancing technologies. This approach would be bolstered by self-regulatory initiatives such as codes of conduct. | ||
+ | |||
+ | The Commission ambitiously aims to address the problems of data protection in the field of police and judicial cooperation. While there is a Framework Decision on this subject, it does not cover domestic processing of data and also is too weak with regard to purpose limitation. To overcome these and other problems, the Commission suggests considering the extension of the application of the general data protection rules to the areas of police and judicial cooperation in criminal matters and considers the possibility of specific and harmonised provisions in the new general Data Protection Framework, for example on data protection regarding the processing of genetic data for criminal law purposes or distinguishing the various categories of data subjects (witnesses, suspects etc.) in the area of police cooperation and judicial cooperation in criminal matters. In addition, it is contemplating a specific consultation on the revision of current supervision systems in this area and the alignment of existing sector-specific rules to the general data protection framework. | ||
+ | |||
+ | With regard to the many and varied problems related to international data transfer, the Commission says that it intends to examine how to improve and streamline the current procedures for international data transfers, to clarify the Commission' | ||
+ | |||
+ | * [[http:// | ||
+ | * [[http:// | ||
+ | |||
+ | ===== 5. Kroes wants copyright as a building block, not a stumbling block ===== | ||
+ | During the Avignon Forum for the international meetings of culture, economy and media that took place on 5 November 2010, Neelie Kroes, European Commission Vice-President for the Digital Agenda, expressed her very strong conviction that copyright regulations had to change. | ||
+ | |||
+ | The Commissioner believes the existing copyright rules are not adapted to the development brought by the Internet and that any big technological revolution brings forth the necessity for adaptation. In her opinion, the intermediaries between the artists and the public are those that must understand the change and adapt. The " | ||
+ | |||
+ | Kroes drew the attention that culture intermediaries might not be spared by the " | ||
+ | |||
+ | In other words, change or face the consequences! "I believe that those who will prosper in the digital age are those who understand that convergence is one of the keys," because " | ||
+ | |||
+ | The Commissioner believes the development of the Internet will not kill other type of media just as " | ||
+ | |||
+ | Kroes expressed her goal of promoting cultural diversity and content adapted to the digital age and her hope that " | ||
+ | |||
+ | And she gave the example of Europeana project, the online portal of libraries, museums and archives in Europe which is endangered by copyright. " | ||
+ | |||
+ | The Commissioner criticised the fragmented copyright system which is not adapted to the reality of today and which has reached a point where it gives a more important role to intermediaries than to artists. "It irritates the public who often cannot access what artists want to offer and leaves a vacuum which is served by illegal content, depriving the artists of their well deserved remuneration. And copyright enforcement is often entangled in sensitive questions about privacy, data protection or even net neutrality." | ||
+ | |||
+ | As Kroes thinks an immediate debate on the topic is necessary, she announced that the Commission would soon make some legislative proposals after examining the issue of divergent national private copy levies and multi-territorial and pan-European licensing. | ||
+ | |||
+ | The Commissioner made an appeal to go back to sense rather than having "a dysfunctional system based on a series of cultural Berlin walls," | ||
+ | |||
+ | For the time being, we face situations like that of a young man accused, in a P2P case in US, of illegally downloading and distributing 24 tunes on the net, who was found in breach of copyright and fined with 1,1 million Euro (about 46 000 Euro/song). | ||
+ | |||
+ | A similar case in Germany brought about a 15 Euro fine/song. Although the cases are not identical in their details, they illustrate the very different approaches to copyright infringement in different jurisdictions. | ||
+ | |||
+ | * [[http:// | ||
+ | * [[http:// | ||
+ | * [[http:// | ||
+ | * [[http:// | ||
+ | |||
+ | ===== 6. Dutch government cancels plans for national database on bank data ===== | ||
+ | After facing enormous pressure from the media, civil society and several MPs, The Dutch Ministry of Security and Justice announced that it will not develop a national database or search engine containing bank data of all Dutch citizens. The Dutch digital rights organization Bits of Freedom discovered plans to this end in one of 27 internal documents, that were made public after a Freedom of Information Act requests by independent researcher Rejo Zenger. As the response of the Government followed only one day after these plans hit the news, the campaign illustrates the crucial role civil society can and must play to protect digital civil rights. | ||
+ | |||
+ | The ambitions are a part of the much larger ' | ||
+ | |||
+ | The implications of the CIOT-database function creep were put in context by a second finding: at least 78.000 requests of traffic- and location data by Dutch LAEs in the last year. Until now, the Ministry had kept secret this information for the general public. Consequently, | ||
+ | LAEs have been neglecting the data protection rules surrounding the database for at least three years in a row, even though internal audit reports had strongly called upon the LAEs to respect the privacy and data protection rights since the errors where ' | ||
+ | |||
+ | Hence, the cancellation of the database on bank data is of important symbolic value. It casts light on the Traffic Tower project, the impact of mandatory centralized personal data storage and shows that civil society can stop such ambitions as it has the facts on its side. It also shows that civil society is needed in the future: the Ministry is still working out the centralization of telecommunications traffic- and location data of all Dutch citizens, to the effect that every single communication and movement of all Dutch citizens can be requested with one mouse click. Bits of Freedom will continue to put any ambitions to this end under close scrutiny. | ||
+ | |||
+ | [[https:// | ||
+ | |||
+ | [[http:// | ||
+ | |||
+ | [[https:// | ||
+ | |||
+ | [[https:// | ||
+ | |||
+ | [[https:// | ||
+ | |||
+ | ===== 7. EP and Article 29 WP opinions on PNR transfers to third countries ===== | ||
+ | As negotiations continue between EU and USA on the issue of air passenger data (PNR) transfer, so is the debate on the issue between the European Commission and the other EU bodies. | ||
+ | |||
+ | The European Parliament (EP) issued on 11 November 2010 a resolution on the matter. While reaffirming its determination to fight terrorism and organised crime, and welcoming the Commission' | ||
+ | |||
+ | As proportionality remains a key issue for the EP, the resolution asks from the Commission to give " | ||
+ | |||
+ | As it has a veto right, the EP requires to be fully informed on any PNR developments related to " | ||
+ | |||
+ | In October, European Data Protection Supervisor Peter Hustinx also expressed his concerns regarding the necessity and legitimacy of PNR collection schemes and called for better safeguards in international PNR agreements. "The conditions for collection and processing of PNR data should be considerably restricted. I am particularly concerned about the use of PNR schemes for risk assessment or profiling," | ||
+ | |||
+ | He also criticised the Commission for doing its work in reverse order, dealing with international PNR agreements before having any kind of system within the EU. An intra-EU equivalent scheme is not scheduled until 2012. | ||
+ | |||
+ | "We have PNR (agreements) with the US and the EU. It is a lack of logic that we are not sharing (PNR) in the EU," said Home Affairs Commissioner Cecilia Malmström who added that all the state members had required such an agreement. | ||
+ | |||
+ | On 15 November, Article 29 Data Protection Working Party (WP) issued an opinion stating that the European data protection authorities belonging to the WP remained critical on the exchange of PNR data with countries outside the EU. | ||
+ | |||
+ | In its opinion, issued as a reaction to the European Commission communication on the global approach to PNR transfers of 21 September 2010, Article 29 WP questions "the necessity of large-scale profiling for law enforcement purposes on the basis of passengers' | ||
+ | |||
+ | Article 29 WP believes there still is no objective proof or statistics showing that PNR data are valuable in combating transnational crime and terrorism. | ||
+ | |||
+ | The data protection authorities consider that although the Commission has made some movements in the right direction there is still room for improvement such as the standards referring to onward transfer of collected data where "the principle of purpose limitation should apply, which means that the collected data may not be used by other government authorities in the receiving country for purposes not related to the combating of transnational serious crime and terrorism." | ||
+ | |||
+ | [[http:// | ||
+ | [[http:// | ||
+ | |||
+ | [[http:// | ||
+ | |||
+ | [[http:// | ||
+ | |||
+ | [[http:// | ||
+ | |||
+ | ===== 8. Czech 2010 Big Brother Awards ===== | ||
+ | The sixth edition of the Czech Big Brother Awards has recently been organised by EDRi member Iuridicum Remedium in Prague BIO eye where an expert jury selected the winners for 2010 from more than 140 nominations. | ||
+ | |||
+ | The Czech police received the Big Brother award in the long-term spying category, for having violated people' | ||
+ | |||
+ | For the second year in a row, Facebook received the mock award as the largest corporate spy, for pushing users to enable anybody to have access to private data by its deceptive strategy and technical parameters. Facebook gets the maximum information from personal profiles, increasing their commercial potential. | ||
+ | |||
+ | The Interior Ministry was given the award in the category of the biggest official spying, for having hindered the preparation of the legislation for the improvement of personal data protection from camera monitoring systems, wiretapping and DNA databases. | ||
+ | |||
+ | Even the European Union received an award, at spying among nations category, for the negotiations in the Anti-Counterfeiting Trade Agreement (ACTA) and for funding the INDECT project aimed at developing computer programmes to detect " | ||
+ | |||
+ | The winner in the category of "The Big Brother' | ||
+ | |||
+ | ACTA got the award at the legal standard category for disregarding human rights in favour of the industry. | ||
+ | |||
+ | The positive award for privacy protection was obtained by the citizens in Vir nad Svratkou, South Moravia, for having stood up against the installation of a camera monitoring system in their village. | ||
+ | |||
+ | * [[http:// | ||
+ | * [[http:// | ||
+ | |||
+ | ===== 9. Macedonia: New copyright law ===== | ||
+ | Prison sentences of up to five years for copyright infringement are projected in the new Law on Copyright and Related Rights adopted in September 2010 in Macedonia. | ||
+ | |||
+ | With this law, which in addition to authors' | ||
+ | |||
+ | With these changes to the law that was being prepared for four years, Macedonia now formally has the same copyright protection standards as the EU member states. However, the general impression is that the formal progress is far from significant, | ||
+ | |||
+ | Representatives of agencies working in the IP field and fighting infringers of the Law on Copyright and Related Rights say that major violations of this Law are taking place in Macedonia, and no sphere is an exception; from the textile, pharmaceutical, | ||
+ | |||
+ | We're seeing counterfeited material, copies of registered trademarks in every area - says Mite Kostov, chairman of the Coordination Body for Intellectual Property. He added that a great number of DVD stores across the country were closed as part of a copyright protection campaign. In Strumica, for example, out of 22 DVD stores, only a few remained in business, and only seven out of thirty in Tetovo, i.e. the ones that legally exist - Kostov said. | ||
+ | |||
+ | The common impression of experts in this sphere is that the biggest problem regarding the sanctioning of offenders is in the courts. This was also noted in the latest EU 2010 Progress Report on Macedonia, stating that only 23 out of 98 court procedures on copyright have been completed - Pepeljugovski said. | ||
+ | |||
+ | * [[http:// | ||
+ | * [[http:// | ||
+ | |||
+ | ===== 10. ENDitorial: Net neutrality - wait and see the end of the open Internet ===== | ||
+ | At the joint European Parliament and European Commission net neutrality summit in Brussels on 11 November there was a clear political message - that interference with Internet traffic is permissible as long as companies tell their consumers that it is happening. | ||
+ | |||
+ | The Commission will "wait and see" if such interferences cause problems for the market and will consider taking action if this is the case. | ||
+ | |||
+ | In a whole day of discussions, | ||
+ | |||
+ | Anyone who has been active in telecoms regulation in Brussels for the past decade would have been forgiven for suffering from a severe bout of " | ||
+ | |||
+ | The European Commission has heard the large operators' | ||
+ | |||
+ | The European Commission heard those arguments again when it started asking questions about the huge cost of mobile phone roaming. After initially waiting to see the scale of the issue, it started investigating the problem at the end of 2004 and a Regulation entered into force in June 2007. It took a further three years to deal with data roaming. The cost of this "wait and see" delay was the loss of millions of Euro for European businesses and European citizens. "Wait and see" had failed European citizens again. | ||
+ | |||
+ | And now, when developing policy to address interferences with private communications, | ||
+ | |||
+ | Once Internet intermediaries start interfering more overtly with communications, | ||
+ | |||
+ | When the Commission finally decided to act in relation to unbundling and roaming, it just had to face the lobbying power of the telecoms companies. With the non-neutral Internet, however, things will be very different. | ||
+ | |||
+ | It will face the opposition not just of the large telecom providers, but also every company and organisation with a vested interest in restricting access to communication. It will also face the opposition of organisations arguing for policing of the net by access providers. The OECD is currently discussing how Internet intermediaries can police the Internet to achieve public policy objectives, the Council of Europe has asked for " | ||
+ | |||
+ | Once the Commission has waited and seen that regulatory intervention is needed, it will be too late. Just wait and see. | ||
+ | |||
+ | * [[http:// | ||
+ | * [[http:// | ||
+ | * [[http:// | ||
+ | * [[http:// | ||
+ | * [[http:// | ||
+ | |||
+ | ===== 11. Recommended Reading ===== | ||
+ | * [[http:// | ||
+ | * [[http:// | ||
+ | * [[http:// | ||
+ | |||
+ | ===== 12. Agenda ===== | ||
+ | * [[http:// | ||
+ | * [[http:// | ||
+ | * [[http:// | ||
+ | * [[http:// | ||
+ | * [[http:// |
archief/edri_gram_nieuwsbrief/17_11_10.txt · Laatst gewijzigd: 2017/09/11 21:36 door KapiteinG