24 Nov 2014

Draft Commission Work Programme 2015: huge challenges for digital rights

By Kirsten Fiedler

EDRi has obtained a copy of the draft Commission Work Programme 2015. For those who have followed the nomination hearings of the Commissioners, this draft programme does not contain any major surprises. However, it does show the huge number of proposals and initiatives that will have a direct impact on our fundamental rights and freedoms in the coming years. Juncker’s aim is to adopt the Work Programme on 16 December in Strasbourg.

In a letter to the Commissioners, he explains that the draft Commission Work Programme consists of new initiatives, pending proposals and withdrawals of legislation – all with the aim of achieving his ten-point plan for Europe. In addition to the key list of initiatives and proposals, he invites all Commissioners to propose additional items – or to review the necessity of pending proposals – in light of the mission letters that were sent out along with the nominations in September.

Among the new initiatives in the draft list for 2015, in the work area of the “Connected Digital Single Market”, the document lists a “plan on cyber-security” and the already-announced reform of the E-Privacy Directive (once there is an agreement on the data protection reform).

Among the new major new initiatives that were initially proposed by the Secretariat General, the Commission announces a Digital Single Market Package (Q2 2015) and a proposal on copyright reform (2015). As we have pointed out on many occasions, copyright rules are no longer fit for the digital age and a move away from failed repressive measure towards a comprehensive reform would be more than welcome.

Furthermore, the document mentions a “possible amended proposal for Telecoms package” – which might include yet another effort at undermining net neutrality rules. Currently, the EU Member States (in the Council) is discussing the Telecoms Single Market Regulation and may delete some of the pro-net neutrality rules adopted by the European Parliament (EP). If the Regulation is amended to weaken those rules, we will have to work hard to ensure that the EP stands behind its decision and its defence of an open Internet.

Furthermore, the Commission announces its work on a “reasonable and balanced” Free Trade Agreement with the US (TTIP) – a peculiarly defensive wording. Why refer to the need for TTIP to be “reasonable and balanced” other than because the risk of this not being the case? This will be certainly one of the most important dossiers for digital civil rights that EDRi will be dealing with in the coming year. This is not only true for general concerns regarding the transparency of the negotiations but also with regard to the possible inclusion of data protection, protections for vigilantism by internet companies and copyright provisions.

In the area of Justice and Fundamental Rights, the Commission announces the long awaited accession to the European Convention on Human Rights (ECHR) and the conclusion of negotiations on a comprehensive data protection agreement with the US. Conclusion of these two sets of negotiations would market the end of a long process. Accession of the European Commission to the ECHR would be an historical step and is an important re-affirmation that any kind of restriction of fundamental rights needs to be “prescribed by law” (Article 10(2) ECHR).

Lastly, we welcome the announcement of Commission’s work aimed at increasing transparency of the institutions. The draft programme mentions the introduction of an Inter-Institutional Agreement (IIA) to create a mandatory lobby register for the EP, the Council and the Commission. This step is certainly long overdue. The previous Commission developed some atrocious habits on transparency, making access to documents unnecessarily bureaucratic and difficult – we would welcome any moves to consign this approach to history.

There is more than enough work for European Digital Rights in this new legislature. While the Commission is finalising its work programme, European Digital Rights started working on a public fundraising campaign which will be launched in the coming weeks. Now more than ever, EDRi needs your support to continue defending and promoting your rights and freedoms at EU level.

Draft Commission Work Programme 2015: https://edri.org/wp-content/uploads/2013/09/CWP-2015-en.pdf

Print

close
19 Nov 2014

UN calls for balance between privacy and security

By Heini Järvinen

In a special discussion at the Human Rights Council in Geneva, Flavia Pansieri, the United Nations (UN) Deputy High Commissioner for Human Rights, expressed her concern about increasing mass surveillance programs conducted by states and private corporations. Ms. Pansieri highlighted the importance of demonstrating that interferences with an individual’s right to privacy are both necessary and proportionate to address the specific identified security risk.

“Mandatory third-party data retention – where telephone companies and internet service providers are required to store metadata about communications by their customers, for subsequent access by law enforcement and intelligence agencies – appears neither necessary nor proportionate,” she said.

Ms. Pansieri’s call is one of the several attempts by the UN to tackle the issue. In June 2014, the High Commissioner for Human Rights published a report “The right to privacy in the digital age”, to respond to the global concern at certain surveillance practices and the threat they pose for human rights. The report gives examples of digital surveillance used to target political opponents or dissidents, and cases in which governments have demanded the access to traffic on the networks of telecom companies, threatening to otherwise ban their services. It recognises the necessity for surveillance of electronic communications, conducted in compliance with the law, for legitimate law enforcement or intelligence reasons, but points out that mass surveillance programs “raise questions around the extent to which such measures are consistent with international legal standards and whether stronger surveillance safeguards are needed”.

Another report, published in September 2014, focuses on the implications of mass digital surveillance for counter-terrorism purposes to the right to privacy. Ben Emmerson, the Special Rapporteur on the promotion and protection of human rights and fundamental freedoms while countering terrorism, presented the report in the UN General Assembly on 23 September, saying that

“states need to squarely confront the fact that mass surveillance programmes effectively do away with the right to online privacy altogether”.

In the report Mr. Emmerson draws attention to the fact that states are able to easily maintain an overview of Internet activity of specific individuals or organisations, and that it’s possible without any prior suspicion related to them. He reminded that this kind of surveillance “amounts to a systematic interference with the right to respect the privacy of communications and requires a correspondingly compelling justification”. The report concludes that “merely to assert – without particularisation – that mass surveillance technology can contribute to the suppression and prosecution of acts of terrorism does not provide an adequate human rights law justification for its use”.

In 2013, the UN General Assembly adopted a resolution (68/167) on the right to privacy in the digital age. The final report prepared by the High Commissioner for Human Rights is expected to be presented at the UN General Assembly in 2015. It will be contributing to the development of an international convention on surveillance issues by giving recommendations and clarifying principles, standards and best practices to allow states to defend their safety respecting the international human right laws.

UN against mass surveillance on the Internet (only in French, 17.11.2014)
http://www.numerama.com/magazine/31291-l-onu-contre-la-surveillance-massive-sur-internet.html

Mass surveillance: exceptional measure or dangerous habit? (13.11.2014)
http://www.ohchr.org/EN/NewsEvents/Pages/MassSurveillance.aspx

UN General Assembly: Promotion and protection of human rights and fundamental freedoms while countering terrorism (23.09.2014)
https://docs.google.com/document/d/18U1aHmKx9jfDQjCZeAUYZdRjl6iF4QjuS_aJO2Uy7NY/edit?pli=1

The right to privacy in the digital age – Report of the Office of the United Nations High Commissioner for Human Rights (30.06.2014)
http://www.ohchr.org/EN/HRBodies/HRC/RegularSessions/Session27/Documents/A.HRC.27.37_en.pdf

UN special rapporteur slams US, UK spying on Internet users (24.10.2014)
http://www.presstv.ir/detail/2014/10/24/383415/un-slams-west-spying-on-internet-users/

Right to online privacy at risk as governments engage in mass surveillance – UN expert (23.10.2014)
http://www.un.org/apps/news/story.asp?NewsID=49156

EDRi-gram_subscribe_banner

Twitter_tweet_and_follow_banner

close
22 Oct 2014

Balancing rights (unless we are talking about copyright)

By Diego Naranjo

Recently Google was asked (spiced up with a threat of a 100 million dollar lawsuit) by an attorney representing “over a dozen” celebrities to take down pictures of his clients which had been hacked from their respective iCloud accounts and published in different websites.

Google quickly reacted removing those pictures from its blogging and social media services, although the attorney still complained saying it took too long and that the delay had led to Google making millions “profiting from the victimisation of women”. It is to be noted that Google’s explanation to remove the pictures was because of the “community guidelines and policy violations (e.g. nudity and privacy violation) on YouTube, Blogger and Google+”. In reality, nothing really matters except copyright – because Google will always automatically delete content, if they receive a valid notice under US law. Unsurprisingly, therefore, Google added that, concerning the search engine, they remove images when they receive “valid copyright (DMCA) notices”.

When a copyright complaint was made about illegally copied naked pictures of celebrities, Google, consistent with its policy, rapidly de-indexed the content in question. When Google received a Tweet indicating that a trade-mark was the subject of an unfair search result in Google image search, it resolved the problem within 59 minutes. When Mario Costeja González reported an unfair search result, it took over four years and appeals to the highest EU court before Google could be persuaded to take action.

Sadly, the concept is spreading that, if you cannot assert their rights through copyright or trademark rights, you are a second class citizen. The current Italian Presidency of the Council of the European Union also follows this logic. A “paper” sent by the Presidency on 11 September to Member States on enforcement of copyright and other rights suggested various measures that could be imposed by intermediaries – such as “know your customer”, “follow the money” and a more expansive use of injunctions. So, when such measures are used to enforce copyright, they are acceptable and collateral damage to fundamental rights of citizens can be ignored.

But the Italian Presidency decided to follow Groucho Marx’ famous statement “these are my principles; if you don’t like them I have others”. In a subsequent communication from 29 September, the Italian Presidency urged a balancing of rights when dealing with Data Protection matters in the so-called “right to be forgotten”. Delegations worried, it explained, that the “interest of the public at large to have access to information may end up being “underweighted” in the balancing process by the controller in particular where the latter is a search engine”. It is definitely important to ensure that fundamental rights are not “underweighted”, but it is important that this happen in relation to all fundamental rights. Otherwise when laws need to be enforced in the EU we would end up with two different categories of rights.

Enforcement of intellectual property rights – Presidency paper (11.09.2014)
http://register.consilium.europa.eu/doc/srv?l=EN&f=ST%2013076%202014%20INIT

Comments from the Italian Presidency on the right to be forgotten and the Google judgment (29.09.2014)
http://register.consilium.europa.eu/doc/srv?l=EN&f=ST%2013619%202014%20INIT

EDRi-gram_subscribe_banner

Twitter_tweet_and_follow_banner

close
08 Oct 2014

Despite compromising document, Malmström is here to stay

By Guest author

On 29 September the public hearing on Cecilia Malmström, the EU Commissioner-designate for Trade took place. The day before, Der Spiegel published an article revealing an email exchange indicating that Malmström and/or her cabinet had been covertly working with the US at an early stage in the development of the European Commission’s General Proposal for Data Protection Regulation – even before a draft had been officially communicated to any elected European politician.

According to the document in question, Malmström’s private office was subverting data protection reform from within the Commission, sharing with the US information about internal procedures and appropriate times to push for the publication of a US lobbying paper. The claims were brought up three times by Members of the European Parliament (MEP) during the hearing. Malström initially dismissed the claims as “false allegations” or “lies” based on “leaked emails,” even though the document in question had been acquired by Access through a formal Freedom of Information Act request. The morning after the hearing, Access sent an open letter to Malmström asking the Commissioner-designate to clarify her stance on the authenticity of the document. In response, she recognised the document as legitimate, but didn’t address its implications or acknowledge the need for an investigation. Her relaxed approach to evidence that, at the very least, one of her most senior staff was conspiring against the European Commission is baffling.

The content of this email raises serious concerns regarding Malmström’s suitability as Trade Commissioner. As Home Affairs Commissioner, she had already curtailed an investigation into the US’s unlawful usage of the SWIFT banking database as part of the Terrorist Finance Tracking Program. After it was made explicit that data pulled by the US was being used for coercion outside of terrorist investigations (like blocking a Germany-to-Cuba private transaction), the Parliament called for an inquiry; Malmström halted the probe based only on “written reassurance” by the US that the data was used for legitimate purposes. As Trade Commissioner, she would be in charge of the Transatlantic Trade and Investment Partnership (TTIP) negotiations, an already controversial and completely non-transparent process. Potentially the world’s biggest trade agreement, the TTIP could likewise impact multiple industries and strongly affect the rights of the EU citizens. In this context, concerns about Malmström’s extreme deference to the US is frightening.

Despite those concerns, after receiving a letter from the future Commissioner asserting that she had never shared information with the US during the development of the Data Protection Regulation and that “to her knowledge” no-one in her cabinet did either, the International Trade Committee of the European Parliament decided to confirm Malmström as Commissioner for Trade on 30 September.

Response to Access’ Freedom of Information Act request
https://www.accessnow.org/page/-/docs/foia/JN656%20–%20Released%20to%20Requester.pdf

Big brother’s little helper inside the European Commission (27.09.2014)
https://www.accessnow.org/blog/2014/09/27/big-brothers-little-helper-inside-the-european-commission

Malmstrom’s response to the INTA committee (30.09.2014)
https://www.accessnow.org/page/-/Commissioner%20Malmstr%C3%B6m%20letter%20to%20the%20INTA%20Committee.PDF

Access’ open letter to Commissioner-designate for Trade, Cecilia Malmström (30.09.2014)
https://www.accessnow.org/page/-/docs/Open_letter_to_Commissioner_Malmstrm.pdf

Malmström’s answer to Access’ open letter (30.09.2014)
http://ec.europa.eu/carol/index-iframe.cfm?fuseaction=download&documentId=090166e59a03255c&title=reply_to%20access.pdf

S&Ds accept Malmström nomination but call on Juncker to clarify his stand on ISDS (30.09.2014)
http://www.socialistsanddemocrats.eu/newsroom/sds-accept-malmstr%C3%B6m-nomination-call-juncker-clarify-his-stand-isds

(Contribution by Alix Ladent, EDRi-member Access, International)

EDRi-gram_subscribe_banner

Twitter_tweet_and_follow_banner

close
24 Sep 2014

Romania: Mandatory prepaid SIM registration ruled unconstitutional

By Guest author

The Romanian Constitutional Court (CCR) ruled on 16 September 2014 that a law that required the mandatory registration of all prepaid SIM cards and free WiFi users, is unconstitutional, as a whole.

The Court reviewed the law as a result of the Romanian Ombudsman’s objection concerning its possible unconstitutionality. Several human rights NGOs asked the Ombudsman in July 2014 to notify the CCR regarding the law which had been recently adopted, and to ask the Court to rule on the law’s constitutionality before its promulgation by the President.

Also, on 15 September 2014, a Romanian association for the defence of human rights APADOR-CH and EDRi-member ApTI submitted an amicus curiae requesting the CCR to rule the law unconstitutional, as it breaches the right to privacy.

The Court ruled that

“the law’s provisions are not precise and predictable, and the manner in which the necessary data regarding the registration of prepaid SIM cards and WiFi hotspot users is retained and stored does not provide sufficient means to guarantee the necessary efficient protections for these personal data against abuse or any other kind of unlawful access to and use of these data.”

The full argumentation on this case will be published in approximately one month in the Official Journal.

This is the second important ruling of the CCR on privacy issues, after its decision from 8 July 2014 that declared the second data retention law unconstitutional.

The decisions triggered quick and aggressive reactions in the media from the Romanian Intelligence Service (SRI), Romanian Ministry of Internal Affairs, and politicians from the Committees supervising the SRI activity, all claiming that the CCR decisions have made a “legal vacuum” and now the terrorists will flood Romania to buy prepaid SIM cards.

In an unprecedented move, the CCR issued a press release counterattacking those arguments and reiterating the legal arguments used in their decisions. The SRI came back the following day with a press release with more allegations that in these circumstances the institution may not defend the national security and that now anonymity is allowed in communications.

But one should not be fooled by the smoke, as all this “security-forces-alleged-drama” has some real interests behind it.

First, as the full argumentation behind the unconstitutionality of the prepaid law was not published yet, it is meant to pressure the CCR to water down the decision, so that another law could be initiated.

Secondly, the security institutions in Romania want to push a new data retention law and another attempt (it would be the fifth one now) for mandatory prepaid SIM cards as quick as possible.

Thirdly, all this talk hides the interests on another draft law – on cybersecurity – that was quietly adopted by the Chamber of Deputies and received just two days prior to the debate in the Senate (which is the decisive chamber for this law). As reported earlier in EDRi-gram, that law will give the right for SRI and other nine public institutions to have access to the computer data held by those companies, at a simple “motivated request” from these institutions in their own attributions.

Romania: The law mandating the registration of prepaid SIM cards has been ruled unconstitutional (19.09.2014)
http://thesponge.eu/index.php?idT=4&idC=5&idRec=1115&recType=story

SRI Press release on the legal vaccum created by the CCR decisions (only in Romanian, 20.09.2014)
http://www.sri.ro/comunicat-de-presa-20-09-2014-17-06.html

CCR press release on the decision on law on the pre-pay cards (only in Romanian, 16.09.2014)
http://www.ccr.ro/noutati/COMUNICAT-DE-PRES-103

CCR press release answering the SRI allegations (only in Romanian, 18.09.2014)
http://www.ccr.ro/noutati/COMUNICAT-DE-PRES-106

EDRi-gram: Romania: No communication without registration (02.07.2014)
http://edri.org/romania-no-communication-without-registration/

ApTI: Amicus Curiae to the CCR (only in Romanian, 15.09.2014)
http://apti.ro/interventie-la-curtea-constitutionala-impotriva-inregistrarii-cartelelor-prepay

(Contribution by Bogdan Manolea, EDRi-member ApTI, Romania)

EDRi-gram_subscribe_banner

Twitter_tweet_and_follow_banner

close
15 Sep 2014

FNF 2014: Brussels privacy advocates summit to tackle surveillance, censorship, net discrimination

By Kirsten Fiedler

header-fnf14Between 26 and 29 September, the annual Freedom not Fear (FNF) conference and barcamp will take place in Brussels. As every year, the action days are challenging the false dichotomy that better security comes at a price: the abandonment of our privacy rights.

On Friday evening, the event will be kicked off with a keynote speech by Simon Davies, publisher of the Privacy Surgeon and founder of Privacy International, who recently released the first global analysis of the impact of the Snowden revelations. He will be joined by Paul Nemitz, Director at DG Justice of the European Commission, for a discussion of the data protection reform and the future of the EU-US umbrella and Safe Harbor agreements.

During the weekend, there will be speakers and workshops on a wide range of topics including Glyn Moody on the Trans-Atlantic Trade Agreement (TTIP/TAFTA) and Jillian York on surveillance. The barcamp style event will allow participants to propose additional ad-hoc presentations or workshops in an open environment. On Sunday evening, there will be a screening of the documentary “The Internet’s Own Boy: The Story of Aaron Swartz”. See the full schedule .

On Monday, participants of the conference will have the possibility to experience EU policy-making first-hand with a visit of the European Parliament. On that day, the Parliament will be very busy with the first hearings of the “Juncker team” and a meeting of the Civil Liberties, Justice and Home Affairs committee.

Supporters of this year’s Freedom not Fear are, among many others, European Digital Rights, the Electronic Frontier Foundation, Digitale Gesellschaft, Access, NURPA, digitalcourage…

Download the poster (PDF):

FNF14_posterA4_thumbnail

close
10 Sep 2014

Open letter to Google’s Advisory Council on the “right to be forgotten”

By Kirsten Fiedler

On 9 September, European and international civil rights organisations submitted an open letter (pdf) to Google’s Advisory Council on their assessment of the so-called “right to be forgotten”.

The groups urge the Council’s members to avoid inadvertently delaying the adoption of the data protection reform package. They remind the members of the urgent need for legal safeguards in cases where courts place unclear obligations on internet intermediaries to interfere with online communications (which cannot be replaced by the Council’s findings) and call on them to shed more light on the mission and objectives of this European tour.

As the ruling has been largely misrepresented by parts of the press, the letter first clarifies some of the misunderstandings that have circulated about the context and scope of the ruling:

When the CJEU ruled on the case, the press reported the decision as an example of a new “right to be forgotten,” even though such a right is not articulated in the legislation on which the ruling is based. The media coverage created the mistaken impression that Google would have to start deleting information from the internet (or its own index) whenever an EU citizens asked the search engine to do so, if information was irrelevant, inaccurate, outdated or excessive. The court specified that search results based on a person’s name are to be removed if the request meets the criteria laid out in the ruling. However, not only will the information remain on the internet, but it will remain in Google’s index.

The civil rights organisations then emphasise the need for a quick conclusion of the current data protection reform, not least because the Snowden revelations have shown that strong and reliable rules are crucial for citizens’ rights to privacy and data protection:

This need has been acknowledged by several companies, including Google, through their participation in the movement for global government surveillance reform. This movement recognises the need for governments to take action in order to protect their citizens’ safety and security and advises for the review of current laws and practices.

The full letter can be accessed here: https://edri.org/wp-content/uploads/2013/09/Open-Letter-to-Google-Advisory-Council.pdf

Signatories:
Access
ApTI
Bits of Freedom
Chaos Computer Club (CCC)
Digitalcourage
Digitale Gesellschaft
European Digital Rights (EDRi)
Initiative für Netzfreiheit
IT-Pol
Panoptykon Foundation
Vrijschrift

EDRi: Google’s right to be forgotten – industrial scale misinformation? (09.06.2014)
https://edri.org/forgotten/

EDRi: Google and the right to be forgotten – the truth is out there (02.07.2014)
https://edri.org/google-right-forgotten-truth/

EDRi: Good Lord! Lords forget their own right to be forgotten analysis (31.07.2014)
https://edri.org/good-lord-lords-forget-right-forgotten-analysis/

EDRi: Google now supports AND opposes the “right to be forgotten” (27.08.2014)
https://edri.org/google-now-supports-and-opposes-right-forgotten/

EDRi-gram_subscribe_banner

Twitter_tweet_and_follow_banner

close
27 Aug 2014

Europe vs. Facebook class action attracts over 60 000 plaintiffs

By Guest author

Privacy activist Max Schrems, founder of the “Europe-v-Facebook” initiative, is known for his battles involving Internet social network giant Facebook. However, all the lawsuits he filed in Ireland haven’t led to meaningful outcomes, so far.

Therefore, Mr. Schrems now takes a different approach, by suing Facebook Ireland Ltd. This time he has filed suit in front of a court in his home country, Austria, and he asked the public to join him: it was possible for any Facebook user of age who is not located in the USA or Canada to join the legal battle against Facebook’s numerous alleged violations of European privacy laws. This is due to the fact that every Facebook user worldwide, living outside of the US or Canada, has a contract with Facebook Ireland Ltd. Mr. Schrems is claiming 500 Euro in symbolic damages per contributing joint plaintiff for alleged privacy violations such as Facebook contributing to NSA´s PRISM program, Graph Search, the Facebook app or third party tracking via “Like Buttons”.

Within just a few days, more than 25 000 people signed up at www.fbclaim.com in order to participate in the class action suit. This turned the initiative, almost overnight, into the largest privacy class action throughout Europe. It also forced Europe-v-Facebook to close the registration early, as every joint plaintiff has to be reviewed separately. However, one can still register as an interested person. Max Schrems and his team may later decide to add more registered users to the class action. Also, an increasing number of people who indicate they want to take part in the class action may strengthen the public position of Mr. Schrems and his team.

On 21 August, the group took their first successful step in the legal proceedings: the Vienna Regional Court ordered Facebook Ireland to respond to the class action within four weeks, with a possibility that thedeadline could get extended by four further weeks.

At the time as the court order was announced, already more than 35 000 additional individuals had registered at www.fbclaim.com.

Facebook class action: Registration for interested parties
https://www.fbclaim.com/ui/register

Class action against Facebook attracts 60,000 users (21.08.2014)
http://www.reuters.com/article/2014/08/21/us-facebook-europe-claim-idUSKBN0GL1I420140821

Facebook needs to defend Austrian privacy violation case (22.08.2014)
http://www.theregister.co.uk/2014/08/22/facebook_needs_to_defend_austrian_privacy_violation_case/?mt=1408733441009

Press Announcment: Class Action: Facebook ordered to submit counterstatement (21.08.2014)
http://www.europe-v-facebook.org/PA_KB_mx.pdf

Vienna Regional Court: Request for Facebook to respond (19.08.2014)
http://www.europe-v-facebook.org/AuftragKB.pdf

Facebook class action – FAQ
https://www.fbclaim.com/ui/page/faqs?lang=en

(Contribution by Josef Irnberger, EDRi-member Initiative für Netzfreiheit, Austria)

EDRi-gram_subscribe_banner

Twitter_tweet_and_follow_banner

close
16 Jul 2014

Slovenia: Data retention unconstitutional, deletion of data ordered

By Guest author

The Constitutional Court of the Republic of Slovenia abrogated the data retention provisions of the Act on Electronic Communications (ZEKom-1) in its judgement U-I-65/13-19 of 3 July 2014 following the constitutional request lodged by the Information Commissioner in March 2013 and ECJ judgment of 8 April 2014 in Joined Cases C-293/12 and C-594/12.

The Court abrogated ZEKom-1 articles 162, 163, 164, 165, 166, 167, 168 in 169 and instructed operators of electronic communications to delete retained data immediately after the judgment is published in the Official Gazette. The Court holds data retention as disproportionate for the following reasons:

  • unselective retention of data iconstitutes a breach of rights of a large proportion of population that did not provide any reason tj justify such this; – blanket data retention does not provide for anonymous use of communications, which is particularly important in cases where untraceable use is necessary (e.g. calling for help in mental distress);
  • arguments for the selected retention periods (8 months for internet related and 14 months for telephony related data) were not provided nor explained in the legislative preparatory documents;
  • the use of retained data was not limited to serious crime.

The Slovenian Information Commissioner Nataša Pirc Musar welcomed the ruling and sees it as an important step in protection of the right to privacy and data protection. The Court recognised the importance of personal data protection in relation to the use of modern information and communication technologies, particularly when used by law enforcement as repressive bodies of the state.

The Commissioner has been regularly warning about the problems of major breaches of privacy by law enforcement created by introduction of surveillance technologies. These tend to be used indiscriminately on large proportions of population, thereby encroaching on their right to privacy and data protection. The availability of new technologies such as drones, IMSI catchers and similar has, in several cases, led to requests by the police to the Ministry of Justice to legislate their use and to provide legal grounds enabling their deployment. Unfortunately these requests have often not been backed by sufficient assessments as regards their impact on human rights. In order to allow for transparency and to ensure that new law enforcement powers respect the principles of necessity and proportionality, the Commissioner has issued guidelines on privacy impact assessments (PIA) for the introduction of new police measures, representing a methodological framework for a prudent, reasonable and legitimate introduction of new measures.

The Information Commissioner Pirc Musar emphasised that this is one of her most important achievements during her 10-year mandate which is now ending. The decision of the Court represents an important part in the debate about the necessity and proportionality of the use of surveillance measures and technologies in the context of law enforcement and intelligence agencies.

Request to the Constitutional Court (only in Slovenian)
https://www.ip-rs.si/fileadmin/user_upload/Pdf/ocene_ustavnosti/ZEKom_-_Zahteva_za_oceno_ustavnosti__data_retention_.pdf

Decision of the Constitutional Court (only in Slovenian, 03.07.2014)
https://www.ip-rs.si/fileadmin/user_upload/Pdf/sodbe/US_RS_ZEKom-1_3julij2014.tif

Electronic Communications Act (ZEKom-1)
http://www.akos-rs.si/acts

Information Commissioner of the Republic of Slovenia (only in Slovenian)
https://www.ip-rs.si/

Privacy Impact Assessment (PIA) Guidelines for the Introduction of new Police Powers
https://www.ip-rs.si/fileadmin/user_upload/Pdf/smernice/PIA_guideliness_for_introduction_of_new_police_powers_english.pdf

(Contribution by Andrej Tomšič, Deputy Information Commissioner, Information Commissioner, Republic of Slovenia)

 

EDRi-gram_subscribe_banner

Twitter_tweet_and_follow_banner

close
16 Jul 2014

Code Red, global initiative to support a reform of security services

By Heini Järvinen

More than two-dozen civil society activists from fourteen countries have joined the steering group of an ambitious global initiative to accelerate police and security services accountability.

The project, Code Red, was conceived during the preparation of a report “A Crisis of Accountability” that was published in June 2014 on developments in the twelve months since the start of Edward Snowden’s disclosures. The report concluded that despite a substantial and potent response from civil society, there was also a clear need for greater strategic support, resources and communication between activists working in different disciplines.

The steering group includes many well-known figures in civil society, among them MI5 whistleblower Annie Machon, former Wikimedia General Counsel Mike Godwin, Sunil Abraham head of CIS India Sunil Abraham, OpenMedia Canada’s David Christopher, Access Now’s Raegan McDonald, the Electronic Frontier Foundation’s International Rights Director Katitza Rodriguez and the former editor of Index on Censorship Judith Vidal-Hall. Also influential figures in the tech sector, including Jacob Appelbaum, the celebrated hacker who works at the core of Wikileaks, the Tor project and the Snowden disclosures, Whitfield Diffie, one of the pioneers of public key cryptography, and Bruce Schneier, possibly the world’s most influential security expert, have joined in. It’s expected that more people will join the group over the next two weeks.

In mid July 2014, Code Red kicked off a four-month global consultation to identify options for its objectives and structure. Currently the working group members have an open mind on how the initiative may develop, but the overriding view is that it should aim to be a clearinghouse and resource centre for groups working on security reform.

In the UK, civil right groups such as Privacy International and Big Brother Watch have launched legal challenges that have forced the government to make unprecedented disclosures about security activities. Code Red aims to support and promote such actions through a global communications and resource platform.

The initiative was founded by EDRi observer Simon Davies, who is regarded as one of the pioneers of the international privacy arena. Davies has wide experience of founding successful global initiatives, including the Big Brother Awards and Privacy International. In a summary of the initiative posted on Davies’ Privacy Surgeon blog on 10 July, he emphasised the need for cross-border and cross-disciplinary relationships, and declared: “It’s time to raise the stakes for secretive agencies that refuse to embrace accountability – and to do so fearlessly and relentlessly.”

“The many communities involved in this struggle – free speech, whistleblowing, anti-censorship, law reformers, policy reformers, privacy and the tech communities – must find a way to work together. A bridge of some sort should also be attempted with companies that are genuinely working to improve privacy and security,”

Davies told to EDRi-gram, highlighting that his intention was not to create a new NGO, but to help support a “platform that supports a network of networks”.

Accoring to Davies, many people involved in the initial dialogue around Code Red felt that the Snowden disclosures are just the tip of the iceberg. The involvement of law enforcement agencies, the military, international police organisations and other government authorities is largely unknown. “Snowden told us what security agencies do, but not what happens to this mass of information, which organisations use it or for what purposes. Police use of information – and international disclosure of that information – has largely escaped scrutiny in most countries. How civil society finds the means to counter this vast activity is a crucial challenge.”

“My personal view is that we need to look beyond the security services to understand the bottom-feeders in the data chain. We already have adequate evidence that police services are immersed in corrupt and unlawful practices, as evidenced by the use by Dutch police of “Stealth SMS” technology to circumvent legal safeguards, and the unlawful disclosure of personal information to journalists by London’s Metropolitan Police, uncovered during the News of the World phone hacking inquiries,” Davies added.

The steering group membership will be published in full on the privacysurgeon.org website in the fourth week of July 2014.

Global security analysis reveals widespread government apathy following Snowden disclosures (10.06.2014)
http://www.privacysurgeon.org/blog/incision/global-security-analysis-reveals-widespread-government-apathy-following-snowden-disclosures/

UK intelligence forced to reveal secret policy for mass surveillance of residents’ Facebook and Google use (17.06.2014)
https://www.privacyinternational.org/press-releases/uk-intelligence-forced-to-reveal-secret-policy-for-mass-surveillance-of-residents

Code Red, a global initiative to support national security reform (10.07.2014)
http://www.privacysurgeon.org/blog/events-2/

Dutch parliament wants clarification on using “Stealth” SMS in espial (21.08.2013)
http://www.zdnet.be/nieuws/151230/nederlands-parlement-wil-opheldering-over-gebruik-stealth-sms-bij-opsporing-/

Metropolitan Police role in the news media phone hacking scandal
http://en.wikipedia.org/wiki/Metropolitan_Police_role_in_the_news_media_phone_hacking_scandal#Illegal_payments_to_officers

 

EDRi-gram_subscribe_banner

Twitter_tweet_and_follow_banner

close