EDRi-gram newsletter - Number 8.22, 17 November 2010

EDRI-gram newsletter edrigram at edri.org
Wed Nov 17 10:58:42 PST 2010 

============================================================

           EDRi-gram

biweekly newsletter about digital civil rights in Europe

    Number 8.22, 17 November 2010


============================================================
Contents
============================================================

1. E-Commerce directive: ensure freedom of expression and due process of law
2. Panoptykon looks for the rationale behind the blanket data retention
3. Data retention regime in discussion all over Europe
4. European Commission takes next step towards data protection review
5. Kroes wants copyright as a building block, not a stumbling block
6. Dutch government cancels plans for national database on bank data
7. EP and Article 29 WP opinions on PNR transfers to third countries
8. Czech 2010 Big Brother Awards
9. Macedonia: New copyright law
10. ENDitorial: Net neutrality - wait and see the end of the open Internet
11. Recommended Reading
12. Agenda
13. About

============================================================
1. E-Commerce directive: ensure freedom of expression and due process of law
============================================================

EDRi has responded to the public consultation of the European Commission on
Electronic Commerce Directive (2000/31/EC) asking for the revision of the
European regime of intermediaries liability, in view of better guaranteeing
the respect for fundamental rights and the due process of law application on
the Internet.

This consultation, closed on 5 November 2010, aimed at assessing the
implementation of the Directive in Member States, and at identifying
limitations with the current text.

EDRi focuses its answer on the liability regime of the technical
intermediaries set by Articles 12 to 15 of the Directive. This scheme
applies to intermediaries providing access to the Internet as well as
content distribution and hosting. From the users' perspective, this regime
has a major impact on the level of freedom of expression, freedom of
information, right to privacy and personal data protection on the Internet,
as well as on the due process of law. From the technical intermediaries'
perspective, it must ensure the needed legal certainty to run their
activities.

EDRi's response stresses that the lack of clarity and precision of this
regime does not currently allow adequate protection of human rights and the
rule of law, nor does it ensure legal certainty for intermediaries. In
support of this assertion, EDRi provides examples of concrete situations
having occurred in different countries following the transposition of the
Directive into national laws.

In order for the EU to respect its current obligations with regard to its
own Charter of Fundamental Rights and its upcoming obligations under the
European Convention on Human Rights, EDRi underlines the need to revise the
current intermediaries liability regime as follows:

- Where an intermediary is not hosting the content (acting as a mere
conduit, an access provider or a search engine), it should have no liability
for this content, nor should it have any obligations with regards to the
removal or filtering of this content;

- Where an intermediary acts as a hosting provider, its liability with
respect to the content hosted should be restricted to its lack of compliance
with a court order to take down this content;

- Intermediaries should have no obligation to monitor content;

- Services and activities currently not addressed by the Directive (search
engines, web2.0 services, hypertext links) should also benefit from the same
limited liability regime.

Details on all these issues are provided in the EDRi response.

EDRI response to the consultation on the E-Commerce Directive (5.11.2010)
http://www.edri.org/files/EDRi_ecommerceresponse_101105.pdf

European Commission public consultation on the E-Commerce Directive
http://ec.europa.eu/internal_market/consultations/2010/e-commerce_en.htm

Article 19 response to the consultation on the E-Commerce Directive
(5.11.2010)
http://www.article19.org/pdfs/press/european-commission-freedom-of-expressionneeds-better-protection-in-digital.pdf

(Contribution by Meryem Marzouki, EDRi-member IRIS - France)

============================================================
2. Panoptykon looks for the rationale behind the blanket data retention
===========================================================

On 9 and 10 November 2010 the representatives of the EDRi-member Panoptykon
Foundation met with the representatives of the European Commission in
order to discuss the evaluation of the Data Retention Directive (DRD)
and the rationale behind the regime of blanket data retention . The
meetings were held with representatives from Reding Cabinet first and
secondly with members of the Directorate General for Home Affairs - DG
Home. The following is a summary of the main issues that were
discussed according to Panoptykon's point of view.

It seems that the Commissioner Reding remains very critical about the
current data protection regime. The following might be identified as the
main problems with the Directive: (i) there is too much room for
interpretation for Member States as to what "serious crime" means; (ii)
retention periods are too long; (iii) the scope of data to be retained
remains undefined  (especially with regard to the Internet); (iv) there
should be an obligatory  judicial control mechanism provided in the DRD
itself.

On the next day with DG Home there were discussed three main problems:
(i) the evaluation process and their plans for the near future; (ii)
the implementation of DRD and its planned revision; (iii) the
proportionality of the data retention regime in principle.

Regarding the evaluation process, DG Home admitted that they were
still working on the report and 3 March 2011 remains their internal
deadline for publishing it. The delay in the process is due to the
lack of response from the Member States - only 13 responded, sending
rather low quality data (e.g. no statistical information on how the
retained data was used and with what effect for law enforcement). Only
the UK made an effort to give more insight into how the retained data
was used in investigations.

There might be nine key issues in the evaluation report: purpose,
period, scope, modalities, authorities, operators, costs, crime and
data security. Later on, DG Home will probably move on to make an
impact assessment, which is officially treated as a second stage of
the whole process. This will include public consultation and the
invitation to voice concerns. The third stage will be the drafting of
a proposal for DRD revision. The important thing is that there will be
a proposal for review and not just re-casting of the DRD.

As far as the implementation and considered revision of DRD is
concerned, from the discussion with  DG Home it appears that not a
single Member State has implemented the directive as it was intended
by the Commission. However, it seems that the evaluation report will
not mention particular states.

While discussing the shortening of the retention period, DG Home
quoted a survey saying that while the retained data is requested
within the first 3-6 months in investigating minor crimes or offences,
in the case of most serious crimes (like terrorism) data is requested
even 2 years after the crime occurred. So the argument is that if
someone wants to fulfill the original goal of the DRD, a long retention
period might be a necessity.

It was our understanding that DG Home seems convinced that the amount of
data stored byoperators under DRD remains the same as it was under the
e-Privacy Directive (Art.15). Also that DRD remains an alternative legal
basis for implementing the data retention regime to Art.15 of the e-Privacy
Directive . That would mean that DRD was not seen as lege specialis  (!).

Finally, on the point of the adaptation of the data retention regime
to "technological change", there were possibilities of increasing the
scope of DRD to cover Information Society Service providers like
Google or Facebook. This is because the data retention in the current
shape might be seen as not efficient and easy to circumvent.

A long discussion related with the proportionality issue. One opinion was
that the reasoning applied by the European Court of Justice in the Marper
case can be used to legitimise the blanket data retention regime. This might
be understand as the Court criticised "indiscriminate and blanket" retention
of data only on the grounds of the time factor (i.e. that DNA profiles were
supposed to be stored forever) and not to the scope of the data collected
(i.e. that UK wanted to collect and store data of everyone who has ever been
suspected of committing an offence). Therefore blanket data retention might
remain, in some views, legitimate and proportional as long as it is limited
in time (e.g. the maximum period of 2 years).

EDRi-gram: Continuing the battle against data retention (3.11.2010)
http://www.edri.org/edrigram/number8.21/against-data-retention-directive

(contribution by Katarzyna Szymielewicz - EDRi-member Panoptykon
Foundation - Poland)

============================================================
3. Data retention regime in discussion all over Europe
============================================================

While in Germany the Minister of Justice rejects the current data retention
regime, Sweden is preparing to implement it. In the meantime, the European
Commission is organizing a public debate on the review of the directive, but
has delayed its final report on the revision.

The Swedish Government has proposed a draft law to implement the data
retention directive, asking for a six month period of keeping the
trafficdata of electronic communications. Justice Minister Beatrice Ask
considers that it is "important for us to create adequate protection for
personal integrity" and this is why Sweden has opted for the minimum period
allowed by the EU directive.

The European Commission (EC) has already started the review of the data
retention directive, but decided to postpone the report after it failed to
obtain from member countries enough evidence to show why the directive is
needed. "The data retention directive is a totally failed initiative,"
EDRi's Joe McNamee told Deutsche Welle. Now the EC has invited all relevant
stakeholders to a conference in Brussels on 3 December 2010 in order to
"finalise the evaluation of the Directive and to start the process of its
review".

In Germany, the head of the Federal Criminal Police considers that its
country should re-enact the data retention law. But the German Minister of
Justice Sabine Leutheusser-Schnarrenberger has supported the position of the
civil society which is against such a measure. Moreover, she has informed
the German Working Group on Data Retention (AK Vorrat) that she supports
their position that if the EU Commission wants to uphold the data retention
policy entirely, the EU must at least leave it to national parliaments and
constitutional courts to decide whether they wish to implement this policy
or not. "I am permanently in touch with the EU Commission and will take your
arguments into account in our upcoming discussions",
Leutheusser-Schnarrenberger assured the Working Group.

The AK Vorrat press info also points to the recent ruling of the European
Court of Justice  that considered "limitations in relation to the protection
of personal data must apply only in so far as is strictly necessary". It
ruled as "invalid" EU requirements to publish every recipient of
agricultural subsidies in the EU, deciding that this indiscriminate policy
"exceeded the limits which compliance with the principle of proportionality
imposes". "(I)t is possible to envisage measures which affect less adversely
that fundamental right of natural persons and which still contribute
effectively to the objectives of the European Union rules in question", the
Court held.

"The EU must now also abandon the disproportionate practise of
indiscriminate retention of records on any communication, lest the
EU Court of Justice rule the EU data retention directive invalid,
too", comments Patrick Breyer of the Working Group on Data
Retention. "The targeted preservation of suspect data is much less
invasive and still contributes effectively to the prosecution of
crime. The practise of most states world-wide demonstrates that EU
rules stipulating the indiscriminate retention of records on any
phone call, mobile phone location and Internet connection in the EU
is not 'strictly necessary', but violates our right to respect for
our private lives as guaranteed in the EU Charter of Fundamental
Rights. It is not only the EU Court of Justice but also national
constitutional courts and the European Court of Human Rights
that have in the past ruled invalid indiscriminate intrusions into
the personal lives of innocent citizens."

Six EU member states have refused to transpose the controversial 2006 EU
data retention directive; in two more EU Member States constitutional courts
have annulled data retention laws, finding them incompatible with
fundamental rights.

The Canadian Government also distanced itself from the
controversial EU data retention policy. It announced plans to
"create a preservation order that would require a telecommunication
service provider to safeguard and not delete its data related to a
specific communication or a subscriber when police believe the data
will assist in an investigation." "This is not data retention", the
Department of Justice pointed out. Preservation orders would be
"restricted to the data that would assist in a specific
investigation."

German Minister wants to end EU-wide communications data retention
(11.11.2010)
http://www.vorratsdatenspeicherung.de/content/view/405/79/lang,en/

Conference "Taking on Data retention" - 3 December 2010
http://www.dataretention2010.net/init.xhtml?event=31

Sweden falls in line with controversial EU data retention rules (12.11.2010)
http://www.dw-world.de/dw/article/0,,6223369,00.html

European Court of Justice cases C-92/09 and C-93/09 (9.11.2010)
http://curia.europa.eu/jurisp/cgi-bin/gettext.pl?where=&lang=en&num=79898890C19090092&doc=T&ouvert=T&seance=ARRET

Canada Backgrounder : Investigative Powers for the 21st Century Act
(11.2010)
http://www.justice.gc.ca/eng/news-nouv/nr-cp/2010/doc_32567.html

============================================================
4. European Commission takes next step towards data protection review
============================================================

The European Commission has published a Communication on "a comprehensive
approach to personal data protection in the European Union", as the final
stage in the consultation process leading to a review of the 1995 Data
Protection Directive.

Based on its work on this dossier to date, the Commission has identified the
need to address several key priorities, the first of these being to adapt to
the impact of new technologies. Three further priorities (enhancing the
single market, providing stronger institutional arrangements and improving
coherence) address a core problem that unites pretty much everybody
concerned with the current framework - the lack of consistency and
predictability in the implementation of the Directive. This consistency will
be tested by the broader applicability of the Directive as a result of the
Lisbon Treaty. A further priority will be to strengthen international
measures, to ensure protection of personal data on a global level,
particularly as a result of developments such as outsourcing.

These priorities are honed down it the Commission's Communication into
several specific objectives.

The first objective is the strengthening of individuals' rights. The
Commission raises the issue of the definition of personally identifiable
data in this context and says that additional measures are needed. The aim
is to ensure a coherent application of data protection rules, taking into
account the impact of new technologies on individuals' rights and freedoms
and the objective of ensuring the free circulation of personal data within
the internal market.

The second objective is more difficult still - to increase transparency for
data subjects. The Commission proposes three different strands of action on
this point. It suggests a general principle of transparent processing,
bolstered by specific obligations on what information to provide and how to
provide it and with standard EU forms for data controllers. Finally, as it
was almost unavoidable after the introduction of a sector-specific breach
notification obligation in the e-privacy Directive, the Commission suggests
a general breach notification obligation.

The third objective is a clearer power of citizens to have control over
their own data, where theoretical rights granted by the existing Directive
are currently very difficult to enforce in practice. The aim of the
Commission is to improve the procedures for exercising the rights of access,
rectification, erasure and blocking of data - including the "right to be
forgotten" - and "data portability"  ("as far as technically feasible" -
which will obviously need to be carefully worded to avoid businesses
devising systems to make this technically unfeasible).

The fourth objective is to increase the level of awareness of data
protection rights in Europe, including funding for this via the EU budget
and through an obligation on Member States to raise awareness.

Fifth, the Commission sets an objective of ensuring free and informed
consent but, unsurprisingly, as this is a particularly difficult issue, it
makes few proposals at the moment, beyond suggesting that self-regulatory
initiatives designed to develop solutions consistent with EU law may be a
way of making progress.

The sixth objective is updating the protection for sensitive data, in
particular with regard to the extension of the definition of sensitive data
and harmonizing the conditions for processing such data.

Finally, and importantly, the Commission wishes to prioritise the issue of
making remedies and sanctions more effective. It suggests that this could be
done via group actions and strengthening existing provisions on sanctions.

With regard to the single market, the Commission recognizes the failures of
the existing framework and undertakes to "examine the means to achieve
further harmonisation of data protection rules at EU level." The Commission
aims to achieve this in part through a simplification of the current
notification system. Following from this, it will seek to solve the issue of
applicable law, which is causing problems for companies established in
several EU Member States. The Commission undertakes to examine how to revise
and clarify the existing provisions on applicable law.

The Commission is keen to ensure that simplification of procedures will not
lead to a weakening of rights and therefore aims to create specific
obligations including data protection impact assessments and the use of
privacy enhancing technologies. This approach would be bolstered by
self-regulatory initiatives such as codes of conduct.

The Commission ambitiously aims to address the problems of data protection
in the field of police and judicial cooperation. While there is a Framework
Decision on this subject, it does not cover domestic processing of data and
also is too weak with regard to purpose limitation. To overcome these and
other problems, the Commission suggests considering the extension of the
application of the general data protection rules to the areas of police and
judicial cooperation in criminal matters and considers the possibility of
specific and harmonised provisions in the new general Data Protection
Framework, for example on data protection regarding the processing of
genetic data for criminal law purposes or distinguishing the various
categories of data subjects (witnesses, suspects etc.) in the area of police
cooperation and judicial cooperation in criminal matters. In addition, it is
contemplating a specific consultation on the revision of current supervision
systems in this area and the alignment of existing sector-specific rules to
the general data protection framework.

With regard to the many and varied problems related to international data
transfer, the Commission says that it intends to examine how to improve and
streamline the current procedures for international data transfers, to
clarify the Commission's adequacy procedure and better specify the criteria
and requirements for assessing the level of data protection in a third
country or an international organisation. It will also look at defining core
EU data protection elements, which could be used for all types of
international agreements.

Consultation - A comprehensive approach on personal data protection in the
European Union (4.11.2010)
http://ec.europa.eu/justice/news/consulting_public/0006/com_2010_609_en.pdf

Council Framework Decision on the protection of personal data processed in
the framework of police and judicial cooperation in criminal matters
(27.11.2008)
http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32008F0977:EN:NOT

(Contribution by Joe McNamee - EDRi)

============================================================
5. Kroes wants copyright as a building block, not a stumbling block
============================================================

During the Avignon Forum for the international meetings of culture, economy
and media that took place on 5 November 2010, Neelie Kroes, European
Commission Vice-President for the Digital Agenda, expressed her very
strong conviction that copyright regulations had to change.

The Commissioner believes the existing copyright rules are not adapted to
the development brought by the Internet and that any big technological
revolution brings forth the necessity for adaptation. In her opinion, the
intermediaries between the artists and the public are those that must
understand the change and adapt. The "content industry has failed to
capitalise on the changing market." The present copyright laws have become a
burden. "Despite the fact that thanks to the Internet the world has gotten
smaller than ever before, making it extremely easy for artists to get their
creations to as many people as possible, copyright law and the content
industry stand in their way."

Kroes drew the attention that culture intermediaries might not be spared by
the "Internet revolution, which is unveiling the unsustainable position of
certain content gatekeepers and intermediaries. No historically entrenched
position guarantees the survival of any cultural intermediary. Like it or
not, content gatekeepers risk being sidelined if they do not adapt to the
needs of both creators and consumers of cultural goods."

In other words, change or face the consequences! "I believe that those who
will prosper in the digital age are those who understand that convergence is
one of the keys," because "convergence means creative freedom and more
inspirational content ready to meet the expectations of a public that
evolves with art and content."

The Commissioner believes the development of the Internet will not kill
other type of media just as "cinema did not kill theatre, nor did television
kill radio." She used as argument the statistics that show that actually the
Internet increases the interest in art and creation. "...people who spend
more time on the Internet tend to read more, and to go to cinema and to
concerts more often than the population as a whole. Studies show that
nowadays, people increasingly watch TV and browse the Internet at the same
time - simply to get more information about something that intrigued them."

Kroes expressed her goal of promoting cultural diversity and content adapted
to the digital age and her hope that "Europe is and must remain a global
cultural force." She reminded the fact that copyright was not an end in
itself and that although it had been useful for 200 years to artists and the
creative industries, it was nowadays outdated. "We must ensure that
copyright serves as a building block, not a stumbling block."

And she gave the example of Europeana project, the online portal of
libraries, museums and archives in Europe which is endangered by copyright.
"...when it comes to 20th century materials, even to digitise and publish
orphan works and out-of-distribution works, we have a large problem indeed.
Europeana could be condemned to be a niche player rather than a world leader
if it cannot be granted licenses and share the full catalogue of written and
audio-visual material held in our cultural institutions."

The Commissioner criticised the fragmented copyright system which is not
adapted to the reality of today and which has reached a point where it gives
a more important role to intermediaries than to artists. "It irritates the
public who often cannot access what artists want to offer and leaves a
vacuum which is served by illegal content, depriving the artists of their
well deserved remuneration. And copyright enforcement is often entangled in
sensitive questions about privacy, data protection or even net neutrality."

As Kroes thinks an immediate debate on the topic is necessary, she announced
that the Commission would soon make some legislative proposals after
examining the issue of divergent national private copy levies and
multi-territorial and pan-European licensing.

The Commissioner made an appeal to go back to sense rather than having "a
dysfunctional system based on a series of cultural Berlin walls," and to
create a "system where there is scope to create new opportunities for
artists and creators, and new business models that better fit the digital
age."

For the time being, we face situations like that of a young man accused, in
a P2P case in US, of illegally downloading and distributing 24 tunes
on the net, who was found in breach of copyright and fined with 1,1 million
Euro (about 46 000 Euro/song).

A similar case in Germany brought about a 15 Euro fine/song. Although the
cases are not identical in their details, they illustrate the very
different approaches to copyright infringement in different jurisdictions.

Press release - Speech of Neelie Kroes European Commission Vice-President
for the Digital Agenda A digital world of opportunities at Avignon Forum
(5.11.2010)
http://europa.eu/rapid/pressReleasesAction.do?reference=SPEECH/10/619&format=HTML&aged=0&language=EN&guiLanguage=en

Kroes: EU copyright rules need major overhaul (5.11.2010)
http://www.advanced-television.tv/index.php/2010/11/05/kroes-eu-copyright-rules-need-major-overhaul/

$42 German P2P fine stark contrast to seven-figure US judgments (5.11.2010)
http://arstechnica.com/tech-policy/news/2010/11/42-german-p2p-fine-stark-contrast-to-seven-figure-us-judgments.ars

EDRI-gram: EDRi and partners launch Copyright for Creativity declaration
(5.05.2010)
http://www.edri.org/edrigram/number8.9/copyright-for-creativity-edri

============================================================
6. Dutch government cancels plans for national database on bank data
============================================================

After facing enormous pressure from the media, civil society and several
MPs, The Dutch Ministry of Security and Justice announced that it will
not develop a national database or search engine containing bank data of
all Dutch citizens. The Dutch digital rights organization Bits of
Freedom discovered plans to this end in one of 27 internal documents,
that were made public after a Freedom of Information Act requests by
independent researcher Rejo Zenger. As the response of the Government
followed only one day after these plans hit the news, the campaign
illustrates the crucial role civil society can and must play to protect
digital civil rights.

The ambitions are a part of the much larger 'Project verkeerstoren'
(Traffic Tower), that seeks to centralize the retention of and access to
several categories of personal data, in order to ease the procedure for
data requests by law enforcement agencies (LAEs). As telecommunications
subscriber data are already stored in the national database CIOT
(Centraal Informatiepunt Onderzoek Telecommunicatie) - accessed approx.
3 million times a year by Dutch LAEs - the Government had been
investigating in 'Project dataretentie' the extension the CIOT-model to
historical telecommunications subscriber data, traffic- and location
data following the enactment of the Data retention directive. In one
document however, the Government discusses the Traffic Tower project and
writes that bank data could follow, after the successful implementation
of the Data retention project. After the confirmation of these ambitions
by the Ministry to several journalists, the plans received considerable
media attention and critique from MPs. Two days later, the Ministry
cancelled the national database on bank data.

The implications of the CIOT-database function creep were put in context
by a second finding: at least 78.000 requests of traffic- and location
data by Dutch LAEs in the last year. Until now, the Ministry had kept
secret this information for the general public. Consequently, the news
that Dutch LAEs are a European frontrunner when it comes to
telecommunications data - subscriber-, traffic and locations data -
requests was mentioned along the plans for the centralization of bank
data. These revelations follow up a Bits of Freedom analysis of last
summer, that concluded that  the  LAEs have been neglecting the data
protection rules surrounding the database for at least three years in a
row, even though internal audit reports had strongly called upon the
LAEs to respect the privacy and data protection rights since the errors
where 'undermining the legitimacy of the Law Enforcement effort'. Bits
of Freedoms disclosure that authorized police officers had been giving
their PIN-codes away to their colleagues and that the entire request
procedure had not been subject to either independent oversight or prior
check of legitimate access, were two of the more striking examples that
reached the headlines in mainstream media back then. If that weren't
enough, ISP and telecoms incumbent KPN stated in a letter - amongst the
27 released documents - that the operator rather keeps the data for
itself, than handing it over to the CIOT-database.

Hence, the cancellation of the database on bank data is of important
symbolic value. It casts light on the Traffic Tower project, the impact
of mandatory centralized personal data storage and shows that civil
society can stop such ambitions as it has the facts on its side. It also
shows that civil society is needed in the future: the Ministry is still
working out the centralization of telecommunications traffic- and
location data of all Dutch citizens, to the effect that every single
communication and movement of all Dutch citizens can be requested with
one mouse click. Bits of Freedom will continue to put any ambitions to
this end under close scrutiny.

Rejo Zenger website, 27 released documents on 'Project dataretentie' (only
in Dutch)
https://rejo.zenger.nl/inzicht/project-dataretentie-ministerie-van-justitie

NOS Journaal, 'Justitie wil bankgegevens sneller' (only in Dutch, 9.11.2010)
http://nos.nl/video/197409-justitie-wil-bankgegevens-sneller.html

Bits of Freedom, 'Nederland Europees koploper opvragen telecomgegevens'
(only in Dutch, 10.11.2010)
https://www.bof.nl/2010/11/11/persbericht-nederland-europees-koploper-opvragingen-telecomgegevens/

Bits of Freedom, 'Meteen succes: landelijke zoekmachine bankgegevens van
de baan (only in Dutch, 11.11.2010)
https://www.bof.nl/2010/11/12/meteen-succes-landelijke-zoekmachine-bankgegevens-van-de-baan/

Bits of Freedom, 'Opsporingsdiensten negeren privacyregels stelselmatig'
(only in Dutch, 26.07.2010)
https://www.bof.nl/2010/07/26/persbericht-opsporingsdiensten-negeren-privacyregels-telecomdatabank-stelselmatig/

(Contribution by Axel Arnbak - EDRi-member Bits of Freedom)

============================================================
7. EP and Article 29 WP opinions on PNR transfers to third countries
============================================================

As negotiations continue between EU and USA on the issue of air passenger
data (PNR) transfer, so is the debate on the issue between the European
Commission and the other EU bodies.

The European Parliament (EP) issued on 11 November 2010 a resolution on the
matter. While reaffirming its determination to fight terrorism and organised
crime, and welcoming the Commission's recent communication on the global
approach to transfers of PNR data to third countries, the EP re-emphasizes
the firm belief that that civil liberties and fundamental rights must be
protected, "including the rights to privacy, informational
self-determination and data protection".

As proportionality remains a key issue for the EP, the resolution asks from
the Commission to give "factual evidence that the collection, storage, and
processing of PNR data is necessary for each of the stated purposes".

As it has a veto right, the EP requires to be fully informed on any PNR
developments related to "bilateral agreements and memorandums of
understanding between Member States and the USA concerning the exchange of
law-enforcement data and participation in the US Visa Waiver Programme, as
well as the One-Stop Security programme". On this occasion, it reminds us
that "bilateral memorandums of understanding between Member States and the
USA, alongside negotiations between the EU and the USA, are contrary to the
principle of loyal cooperation between the EU institutions".

In October, European Data Protection Supervisor Peter Hustinx also
expressed his concerns regarding the necessity and legitimacy of PNR
collection schemes and called for better safeguards in international PNR
agreements. "The conditions for collection and processing of PNR data should
be considerably restricted. I am particularly concerned about the use of PNR
schemes for risk assessment or profiling," he said.

He also criticised the Commission for doing its work in reverse order,
dealing with international PNR agreements before having any kind of system
within the EU. An intra-EU equivalent scheme is not scheduled until 2012.

"We have PNR (agreements) with the US and the EU. It is a lack of logic that
we are not sharing (PNR) in the EU," said Home Affairs Commissioner Cecilia
Malmstrvm who added that all the state members had required such an
agreement.

On 15 November, Article 29 Data Protection Working Party (WP) issued an
opinion stating that the European data protection authorities belonging to
the WP remained critical on the exchange of PNR data with countries outside
the EU.

In its opinion, issued as a reaction to the European Commission
communication on the global approach to PNR transfers of 21 September 2010,
Article 29 WP questions "the necessity of large-scale profiling for law
enforcement purposes on the basis of passengers' data."

Article 29 WP believes there still is no objective proof or statistics
showing that PNR data are valuable in combating transnational crime and
terrorism.

The data protection authorities consider that although the Commission has
made some movements in the right direction there is still room for
improvement such as the standards referring to onward transfer of collected
data where "the principle of purpose limitation should apply, which means
that the collected data may not be used by other government authorities in
the receiving country for purposes not related to the combating of
transnational serious crime and terrorism."

European Parliament resolution of 11 November 2010 on the global approach to
transfers of passenger name record (PNR) data to third countries, and on the
recommendations from the Commission to the Council to authorise the opening
of negotiations between the European Union and Australia, Canada and the
United States (11.11.2010)
http://www.europarl.europa.eu/sides/getDoc.do?type=TA&reference=P7-TA-2010-0397&format=XML&language=EN

Article 29 Data Protection Working Party - PRESS RELEASE - 'Data Protection
Authorities Critical on sharing passengers' data' (15.11.2010)
http://ec.europa.eu/justice/policies/privacy/news/docs/pr_15_11_10_en.pdf

EU to revive debate over air passenger data (12.11.2010)
http://www.euractiv.com/en/justice/eu-revive-debate-over-air-passenger-data-news-499618

EC Communication -  On the global approach to transfers of Passenger Name
Record (PNR) data to third countries (21.09.2010)
http://ec.europa.eu/commission_2010-2014/malmstrom/archive/COMM_NATIVE_COM_2010_0492_F_EN_COMMUNICATION.pdf

Opinion 7/2010 on European Commission's Communication on the global approach
to transfers of Passenger Name Record (PNR) data to third countries
(12.11.2010)
http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2010/wp178_en.pdf

============================================================
8. Czech 2010 Big Brother Awards
============================================================

The sixth edition of the Czech Big Brother Awards has recently been
organised by EDRi member Iuridicum Remedium in Prague BIO eye where an
expert jury selected the winners for 2010 from more than 140 nominations.

The Czech police received the Big Brother award in the long-term
spying category, for having violated people's privacy by "their serious and
long-term interference in people's privacy, mainly for archiving photographs
of cars and its drivers from camera-monitoring systems," as the organiser
explained. The police was also criticised for its overuse of applications
for access to sensitive data from mobile phones.

For the second year in a row, Facebook received the mock award as
the largest corporate spy, for pushing users to enable anybody to
have access to private data by its deceptive strategy and technical
parameters. Facebook gets the maximum information from personal profiles,
increasing their commercial potential.

The Interior Ministry was given the award in the category of the biggest
official spying, for having hindered the preparation of the legislation for
the improvement of personal data protection from camera monitoring systems,
wiretapping and DNA databases.

Even the European Union received an award, at spying among nations category,
for the negotiations in the Anti-Counterfeiting Trade Agreement (ACTA) and
for funding the INDECT project aimed at developing computer programmes to
detect "abnormal behaviour". The project will research the use of CCTV
systems in combination with audio recordings in urban areas. For the
surveillance of citizens on the Internet, the system focuses on monitoring
forums, blogs and social networks. The end users of the system will be a
European police force.

The winner in the category of "The Big Brother's statement" was "Facebook
father" Mark Zuckerberg for his statement that the right to privacy is
simply a social norm developing over time and that people are now satisfied
with eliminating privacy. In his opinion, "the age of privacy is over."

ACTA got the award at the legal standard category for disregarding human
rights in favour of the industry.

The positive award for privacy protection was obtained by the citizens in
Vir nad Svratkou, South Moravia, for having stood up against the
installation of a camera monitoring system in their village.

Police receive mock award for violating privacy (11.11.2010)
http://www.praguemonitor.com/2010/11/11/police-receive-mock-award-violating-privacy

Big Brother Awards, Award for long-term  spying gained Police (only in
Czech, 10.11.2010)
http://www.slidilove.cz/content/cenu-big-brother-awards-za-dlouhodobe-slideni-ziskala-policie-cr

============================================================
9. Macedonia: New copyright law
============================================================

Prison sentences of up to five years for copyright infringement are
projected in the new Law on Copyright and Related Rights adopted in
September 2010 in Macedonia.

With this law, which in addition to authors' and artists' rights also
regulates the rights of film and stage producers, radio and television
organizations, as well as the rights of publishers and database developers,
copyright infringement is actually becoming a crime.

With these changes to the law that was being prepared for four years,
Macedonia now formally has the same copyright protection standards as the EU
member states. However, the general impression is that the formal progress
is far from significant, as copies of film and music works are being sold on
the side walks of the busiest intersections in the capital, and some of the
film festivals are still screening films using DVDs.

Representatives of agencies working in the IP field and fighting infringers
of the Law on Copyright and Related Rights say that major violations of this
Law are taking place in Macedonia, and no sphere is an exception; from the
textile, pharmaceutical, to the tobacco and automotive industry.

We're seeing counterfeited material, copies of registered trademarks in
every area - says Mite Kostov, chairman of the Coordination Body for
Intellectual Property. He added that a great number of DVD stores across the
country were closed as part of a copyright protection campaign. In Strumica,
for example, out of 22 DVD stores, only a few remained in business, and only
seven out of thirty in Tetovo, i.e. the ones that legally exist - Kostov
said.

The common impression of experts in this sphere is that the biggest problem
regarding the sanctioning of offenders is in the courts. This was also noted
in the latest EU 2010 Progress Report on Macedonia, stating that only 23 out
of 98 court procedures on copyright have been completed - Pepeljugovski
said.

New Macedonian Copyright law (only in Macedonian)
http://sobranie.mk/ext/materialdetails.aspx?Id=34e7be57-9c83-4398-b75d-426e569c191d

Macedonia: Up to five years in prison for piracy (only in Macedonian,
12.11.2010)
http://www.metamorphosis.org.mk/makedonija/za-piratite-kazna-i-do-pet-godini-zatvor.html

(Contribution by EDRi-member Metamorphosis - Macedonia)

============================================================
10. ENDitorial: Net neutrality - wait and see the end of the open Internet
============================================================

At the joint European Parliament and European Commission net neutrality
summit in Brussels on 11 November there was a clear political message - that
interference with Internet traffic is permissible as long as companies tell
their consumers that it is happening.

The Commission will "wait and see" if such interferences cause problems for
the market and will consider taking action if this is the case.  In a whole
day of discussions, the fundamental rights aspects of the interference by
private companies with citizens' communications were only questioned by
Jeremie Zimmermann from La Quadrature du Net and Jan Albrecht MEP
(Greens/EFA, Germany).

Anyone who has been active in telecoms regulation in Brussels for the past
decade would have been forgiven for suffering from a severe bout of "dij`
vu". The large operators were out in force explaining that the market is
very competitive and they could not afford any regulatory interventions. No
regulatory intervention is needed, they explained, because the market will
take care of all problems. Catherine Trautmann MEP (S+D, France) demanded a
Commission Recommendation which, while not binding, would at least create a
methodological framework adaptable for binding legislation after it fails.
Her arguments were insightful, forceful and apparently ignored by the
Commission.

The European Commission has heard the large operators' arguments before and
was convinced to delay urgent regulatory interventions. In 1999/2000, there
was an urgent need to open the "last mile" of telecoms infrastructure to
competition, in order to boost Internet access in Europe. The Commission
decided against the legislation and opted to "wait and see". When nothing
happened, they proposed a Recommendation on opening the market. When this
also failed, they proposed a Regulation which was implemented well in some
countries and badly in others, partly due to the rushed nature of the
legislative intervention. "Wait and see" had failed European citizens.

The European Commission heard those arguments again when it started asking
questions about the huge cost of mobile phone roaming. After initially
waiting to see the scale of the issue, it started investigating the problem
at the end of 2004 and a Regulation entered into force in June 2007. It
took a further three years to deal with data roaming. The cost of this "wait
and see" delay was the loss of millions of Euro for European businesses and
European citizens. "Wait and see" had failed European citizens again.

And now, when developing policy to address interferences with private
communications, when developing a policy which deals with a core element of
modern democracy, the Commission has decided to "wait and see". This time,
however, the Commission will not be able to intervene once all other options
have failed.

Once Internet intermediaries start interfering more overtly with
communications, they will find it more and more difficult to argue that they
should be entitled to do this for their own benefit, but not for other
vested interests. Already, access providers are being asked to block peer to
peer communications (see the Scarlet/Sabam case) and to block certain
websites for the vested interests of the copyright industry, to block
gambling websites for the benefit of vested interests of national gambling
monopolies (in France, Italy and elsewhere) and to block websites accused of
containing child abuse material, to hide the inadequacy of national
administrations that are unwilling to make the effort to have the crime
scenes taken offline and to prosecute the criminals behind them.

When the Commission finally decided to act in relation to unbundling and
roaming, it just had to face the lobbying power of the telecoms companies.
With the non-neutral Internet, however, things will be very different.  It
will face the opposition not just of the large telecom providers, but also
every company and organisation with a vested interest in restricting access
to communication. It will also face the opposition of organisations arguing
for policing of the net by access providers. The OECD is currently
discussing how Internet intermediaries can police the Internet to achieve
public policy objectives, the Council of Europe has asked for "reflection"
on the liability of intermediaries in relation to online intellectual
property infringements, the ACTA Agreement (which the EU is currently
finalising) calls for the cooperation of Internet intermediaries in
combating online intellectual property infringements, the UN has called for
their cooperation to protect children online, the OSCE is discussing how
they can cooperate to address hate speech. The list is endless.

Once the Commission has waited and seen that regulatory intervention is
needed, it will be too late. Just wait and see.

The "Sabam vs Scarlet"-case will be continued before the European Court of
Justice (7.02.2010)
http://www.timelex.eu/en/blog/p/detail/the-sabam-vs-scarlet-case-will-be-continued-before-the-european-court-of-justice

OSCE - Role of the Internet industry in addressing hate on
the Internet (10.05.2010)
http://www.osce.org/documents/odihr/2010/05/44808_en.pdf

OECD - The Economic and Social Role of Internet Intermediaries (16.06.2010)
http://www.oecd.org/dataoecd/8/59/45997042.pdf

UN (Tunis Agenda) (18.11.2005)
http://www.itu.int/wsis/docs2/tunis/off/6rev1.html

ACTA (15.11.2010)
http://trade.ec.europa.eu/doclib/docs/2010/november/tradoc_147002.pdf

(Contribution by Joe McNamee - EDRi)

============================================================
11. Recommended Reading
============================================================

Action on Rights for Children (ARCH) Policy on Internet Blocking - Letter to
MEPs (15.11.2010)
http://www.archrights.org.uk/index.php?option=com_phocadownload&view=category&download=22&id=10&Itemid=23

LOPPSI2: Childhood protection - the Trojan horse of generalized Internet
filtering? (only in French, 15.11.2010)
http://www.ange-bleu.com/article.php?type=actualites&origine=juriactu&id=112

Access to Knowledge for Consumers - Reports of Campaigns and Research
2008-2010
http://www.soros.org/initiatives/information/focus/access/articles_publications/publications/ci-survey-20100920/ci-survey-20100910.pdf

============================================================
12. Agenda
============================================================

18-19 November 2010, London, UK
Open Government Data Camp
http://opengovernmentdata.org/camp2010/

3 December 2010, Brussels, Belgium
Taking on the data retention directive
http://www.dataretention2010.net/init.xhtml?event=31

27-30 December 2010, Berlin, Germany
27th Chaos Communication Congress (27C3)
http://events.ccc.de/congress/2010

25-28 January 2011, Brussels, Belgium
The annual Conference Computers, Privacy & Data Protection CPDP 2011
European Data Protection: In Good Health?
http://www.cpdpconferences.org/

1 April 2011, Bielefeld, Germany
Big Brother Awards Germany
Nominations open until 31 Dec 2010
http://www.bigbrotherawards.de/index_html-en

============================================================
13. About
============================================================

EDRI-gram is a biweekly newsletter about digital civil rights in Europe.
Currently EDRI has 27 members based or with offices in 17 different
countries in Europe. European Digital Rights takes an active interest in
developments in the EU accession countries and wants to share knowledge and
awareness through the EDRI-grams.

All contributions, suggestions for content, corrections or agenda-tips are
most welcome. Errors are corrected as soon as possible and are visible on
the
EDRI website.

Except where otherwise noted, this newsletter is licensed under the
Creative Commons Attribution 3.0 License. See the full text at
http://creativecommons.org/licenses/by/3.0/

Newsletter editor: Bogdan Manolea <edrigram at edri.org>

Information about EDRI and its members:
http://www.edri.org/

European Digital Rights needs your help in upholding digital rights in the
EU. If you wish to help us promote digital rights, please consider making a
private donation.
http://www.edri.org/about/sponsoring

- EDRI-gram subscription information

subscribe by e-mail
To: edri-news-request at edri.org
Subject: subscribe

You will receive an automated e-mail asking to confirm your request.
Unsubscribe by e-mail
To: edri-news-request at edri.org
Subject: unsubscribe

- EDRI-gram in Macedonian

EDRI-gram is also available partly in Macedonian, with delay. Translations
are provided by Metamorphosis
http://www.metamorphosis.org.mk/edri/2.html

- EDRI-gram in German

EDRI-gram is also available in German, with delay. Translations are provided
Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for
Internet Users
http://www.unwatched.org/

- Newsletter archive

Back issues are available at:
http://www.edri.org/edrigram

- Help
Please ask <edrigram at edri.org> if you have any problems with subscribing or
unsubscribing.

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

More information about the cypherpunks-legacy mailing list