22 Apr 2015

Big Brother Awards Germany 2015

By Guest author

On 17 April 2015, EDRi member Digitalcourage held its annual Big Brother Awards gala in Bielefeld, Germany. Just two days earlier, politicians in Berlin had provided a very poignant context when the German Justice Minister Heiko Maas’ “grand coalition” had published “guidelines” for a draft bill to reintroduce telecommunications data retention in Germany.

At the gala itself, the plans for telecommunications data retention could not be reflected in one of the “core” awards, as these had been based on nominations received over the previous year. However, the “Newspeak” award for shifts in terminology covered the latest attempt to push ahead mass surveillance of communications data, as the Justice and Interior Ministers had “garnished” their new proposals with yet another new euphemistic term.

The award in the “Technology” category was given to the “Hello Barbie” doll and its makers Mattel and Toytalk (a new company specialising in language recognition for children). The doll comes with a microphone, speaker and Wi-Fi capability. It records conversations at the push of a button and sends the recordings to “the cloud”, where they are processed and stored – primarily to produce meaningful responses in subsequent conversations. This means that children are made to disclose their concerns to a server farm, and parents are let into their children’s secrets by means of a daily or weekly protocol that Mattel will send them via email.

The “Authorities and Administration” award went to Germany’s foreign intelligence agency, the Bundesnachrichtendienst (BND), for its entanglement with the US National Security Agency’s (NSA’s) surveillance network, for its surveillance activities of cross-border communications, for sharing vast amounts of constitutionally protected data with foreign partner agencies, and for obstructing the work of the German Parliament’s commission of inquiry which was set up after the Snowden revelations. However, the BND’s budget and competences are set to be given a further boost, as there are plans to increase its budget by 300 million Euros and give it further surveillance tasks, such as monitoring social networks.

The “Business” award went to two “crowdworking” or “crowdsourcing” platforms, Amazon Mechanical Turk and Elance-oDesk. These platforms parcel out work commissions submitted by clients to registered workers. The laudation detailed how these platforms try to portray the work model they create in a false sense of freedom, while any actual freedom is mainly in the sense of being “set free“: It’s low-paid work at short notice, with no reliability or (social) security. As a “bonus”, Elance-oDesk workers are being put under intrusive surveillance. Moreover, a frequent use of Amazon Mechanical Turk’s “workforce” is to add manipulated content in Internet forums, product reviews etc.

Amazon was pinpointed a second time in the “Workplace” category, this time for the way they treat their own employees in their German distribution centres. At least two Amazon subsidiaries in Germany ask their workers to sign declarations of consent that allow Amazon to store and process personal data, including health data. Also, storage and processing takes place in the US, but the declaration does not contain any information on how European data protection standards might be followed. These rules clearly break the limits set by German privacy and industrial legislation as well as the constitutionally protected principle of patient–physician confidentiality.

The “Consumer Protection” award was centred on Germany’s electronic health card. This project was given a Big Brother Award already in 2004, but the health card was only introduced in 2014, and it was time to take a broader view on the implementing “electronic health act” and the underlying developments. Digital data processing is getting more and more widely used in the health sector, and in the process, principles of medical secrecy are quietly undermined, and health budgets are being shifted from the actual provision of public health to private companies that provide electronic infrastructure or own hospital chains or pharmaceutical companies.

In the “Politics” category, the current German Interior Minister Thomas de Maizière and his predecessor Hans-Peter Friedrich were jointly awarded for systematically and fundamentally sabotaging the EU’s planned General Data Protection Regulation. The award speech was given by Austrian jury guest Max Schrems (known for his “Europe vs Facebook” lawsuit). His speech also raised the issue of entanglement between German ministry officials involved in the negotiations with industry lobbyists, quoting extracts from emails that point to a scandalous level of collusion between the two parties.

The Audience Award, in which the gala’s guests were asked to vote on which of the “winners” they found especially “impressive, surprising, shocking, or outrageous”, was won by the “Politics” award, slightly ahead of a fairly evenly placed “field” of almost all the other categories.

BigBrotherAwards 2015 “winners” (in English, full translations of the award speeches)

BigBrotherAwards 2015 media reactions (only in German)

EDRi-gram: In Germany, data retention refuses to die (25.03.2015)

(Contribution by Sebastian Lisken, EDRi member Digitalcourage, Germany)



22 Apr 2015

Hungarian data retention case: ORG, PI & scholars file amicus briefs

By Guest author

EDRi member Open Rights Group (ORG), Privacy International and a group of internationally acknowledged experts filed amicus curiae briefs with the Hungarian Constitutional Court. The case has been brought by the Hungarian Civil Liberties Union (HCLU) against two major service providers, in an attempt to force the Hungarian Constitutional Court to repeal the Hungarian Electronic Communications Act.

“A year ago, the Court of Justice of the European Union (CJEU) ruled that blanket data retention interferes with our fundamental rights to privacy and the protection of our personal data. ORG has already intervened in a case challenging data retention in the UK and hope to see other European countries repeal national legislation that forces companies to keep everyone’s personal communications data,”

said Elizabeth Knight, Legal Director of Open Rights Group.

The submissions focus on the importance of EU law and why the Hungarian law does not comply with it. Open Rights Group and Privacy International emphasise in particular in their submission the need for carefully calibrated EU rules in the field of surveillance and data protection, the significance of the retention of ”communications data” or “metadata”, the seriousness of data retention as an interference with human rights, and the need for effective remedies in national legal systems to address breaches of EU law.

The final ruling of the Hungarian Constitutional Court is expected in one month.

The amicus curiae submissions of Open Rights Group and Privacy International (08.04.2015)

The amicus curiae submissions of the group of international scholars (15.03.2015)

HCLU litigates Hungarian service providers to terminate data retention (13.10.2014)

Press Release: Open Rights Group files amicus brief in Hungarian data retention case

EDRi-gram: Hungarian Data Retention Law – challenged at the Constitutional Court (04.06.2008)

(Contribution by EDRi member Open Rights Group, United Kingdom)



22 Apr 2015

Net Neutrality: Save The Internet relaunch

By Heini Järvinen

On 23 March 2015, the “trialogue” discussions between the Council of the European Union, the European Commission and the European Parliament on the “Telecommunications Single Market Regulation”, began. The negotiations cover proposals on net neutrality. To ensure that citizens’ concerns about the future of the open Internet are heard by the decision-makers involved in the negotiations, civil society groups relaunched “Save the Internet” campaign on 13 April 2015.

Save the Internet is a Europe-wide campaign aimed at defending net neutrality in the European Union. The campaign calls on concerned internet users to contact their representatives in the European Parliament to ask them to maintain their strong position on net neutrality.

The campaign was originally launched in January 2014, and it encouraged people to call their Members of the European Parliament to express their support for net neutrality. At the same time, EDRi, together with other civil society groups, successfully campaigned for the adoption of crucial amendments in the European Parliament.

In October 2014 EDRi, together with several NGOs, consumer groups and industry representatives, sent an open letter to the Council of the European Union, calling on Telecoms Ministers to support strong net neutrality rules in the EU. followed by a letter in January 2015, which sent to Member State Ambassadors.

Over the coming weeks, closed-door meetings between representatives of the European Parliament, European Commission and Member States will be used to negotiate an agreement on this regulation. That agreement will then be formally approved by the Member States and the European Parliament. This is why it is important that internet users act now and ask their representatives to save the internet.

Save the Internet

Net Neutrality: document pool II (15.04.2015)

Net Neutrality: primary document pool (10.02.2014)

Net neutrality trialogues infographics

Net neutrality: NGOs and industry join forces in an open letter to EU ministers (01.10.2014)

Press Release: Civil society urges the Council to adopt real Net Neutrality (26.11.2014)

Press release – Help us save the Internet! (20.01.2015)



22 Apr 2015

Legal Affairs Committee: ISDS and IPR must be excluded from TTIP

By Guest author

The Transatlantic Trade and Investment Partnership (TTIP) resolution in the European Parliament is coming to a conclusion. 16 April 2015 was the deadline for European Parliament committees to submit their opinions to the leading committee, the International Trade committee (INTA). EDRi-gram previously reported about the positive vote of the Civil Liberties Justice and Home Affairs committee (LIBE), mainly on data protection and privacy. Today, we report about the Legal Affairs committee (JURI) Opinion.

JURI Members of the European Parliament (MEPs) adopted an Opinion against investor-state dispute settlement (ISDS) and the inclusion of “Intellectual Property Rights”, such as copyright, patents and trademarks, in the TTIP negotiations. The Opinion adopted in JURI also asks for more transparency and defends the right to regulate, among other subjects.

First, the adopted Opinion text clearly states that “there is no need for any private investor state dispute settlement mechanisms in this agreement” and calls the Commission to take into account the big majority (97%) of the responses to the public consultation, which opposed ISDS. In fact, the protection of foreign investors can be achieved without ISDS. As a joint analysis by EDRi and EDRi member Vrijschrift stated, “major international investments are almost always accompanied by contracts negotiated between governments and the investor, which often include their own dispute settlement mechanism and are tailored to the situation, and therefore do not create excessive risks for states. Furthermore, investors may take out political risk insurance and, overall, local courts and state to state arbitration complement the abovementioned negotiated contracts.”

Secondly, the JURI opinion requested the Commission not to negotiate on copyright, patents or trademarks.

Thirdly, the JURI committee calls for more transparency in the TTIP negotiations, endorsing the European Ombudsman’s decision of 6 January 2015 on transparency in TTIP – which includes the publication of all consolidated texts in its recommendations. Also, the Opinion points out that, according to the EU Treaties, “decisions shall be taken as openly and as closely as possible to the citizen”.

Regarding the right to regulate, the opinion asks the Commission to ensure that “any procedures in the context of regulatory cooperation fully respect the legislative competences of the European Parliament and the Council in strict accordance with the EU Treaties”.

In sum, this Opinion represents a victory for the rights of European citizens, because it completely overturned the draft Opinion proposed by the MEP in charge of the file, Axel Voss. The amendments approved changed the text of the Opinion, to the point that Mr Voss withdrew his name from it. Now, the Opinion carries the name of the shadow rapporteur Dietmar Kösner.

What’s next? INTA should take the Committee Opinions submitted into consideration before adopting the final text to be voted on by the full parliament. The INTA Rapporteur, Bernd Lange, received 898 amendments to his draft report, which forced postponement of the vote in the committee to 28 May 2015. Consequently, the vote by all MEPs in plenary was also postponed to 8-11 June 2015.

In the meantime, the European Commission seems to keep ignoring the results of the public consultation it conducted. Instead of opposing ISDS, it seems to be willing to put pressure on the European Parliament, and plans to presenting its “new ISDS” on 7 May 2015. We will know in the next months if the European Parliament will be able, on the contrary, to adopt a strong position against ISDS, as six Parliamentary committees have already done.

TTIP Resolution: document pool

Opinion of the Committee on Legal Affairs (JURI) on TTIP (17.04.2015)

EDRi-gram: Data protection and privacy must be excluded from TTIP (08.04.2015)

EDRi-gram: ISDS – one month after the results of the public consultation (11.02.2015)

EDRi-gram: European Ombudsman does not see sufficient transparency in TTIP (16.04.2015)

EDRi’s red lines on TTIP (13.01.2015)

(Contribution by Aldo Sghirinzetti, EDRi intern)



22 Apr 2015

French surveillance bill pushed ahead despite massive criticism

By Guest author

On 19 March 2015, France proposed a new bill that would allow intelligence services to collect vast amounts of data, to tap phones and emails without permission from judges.

  • The scope of application of the draft bill is extremely broad and covers the following ill-defined areas:
  • National independence, territorial integrity and national defence
  • Foreign policy and prevention of all forms of foreign interference
  • Important French economic, industrial and scientific interests
  • Prevention of terrorism
  • Prevention of harm to the republican institutions and prevention of collective violence threatening the national security
  • Prevention of organised crime
  • Prevention of the proliferation of weapons of mass destruction

One of the most worrying aspects of the bill are the provisions empowering French intelligence services to install mass monitoring technologies onto Internet Service Providers’ networks and server infrastructures. Such equipment would allow French spies to scan the traffic of all internet users and then use algorithms to search for patterns in the name of detecting terrorist threats. The bill grants unprecedented powers to the Prime Minister, who would become head of the intelligence services. While the bill creates a new oversight agency, its a priori control will only consist in issuing recommendations that the Prime minister can choose to ignore.

In many respects, the French bill is directly inspired by by British and US laws and hence the practices of the US National Security Agency (NSA) and the British Government Communications Headquarters (GCHQ). For instance, the provision on “international surveillance” echoes section 702 of the US Foreign Intelligence Surveillance Act of 1978 (FISA).

According to the bill, data collected would be stored indefinitely until they are processed, analysed and used by the agencies. The bill also gives intelligence services total immunity for conducting hacking operations and attacks carried out beyond the French borders. Finally, the bill circumvents fair trial guarantees for legal challenges brought against mass surveillance, drawing inspiration from the much-criticised “Closed-Material-Procedures” established in the UK through the Justice and Security Act of 2013. This would create special procedures with closed-door hearings undermining the rights of the defence.

Despite massive opposition by civil society, human rights NGOs, jugdes, lawyers unions, the industry and many others, the government of Prime Minister Manuel Valls wants to pass the law through a fast-track procedure. The final vote in the National Assembly will take place on 5 May.

The Verge: France wants to fight terrorism by spying on everyone (17.04.2015)

La Quadrature du Net: Unacceptable Surveillance of French Citizens soon to be Adopted! (17.04.2015)

La Quadrature du Net: French Intelligence Bill: French President Hollande to shut down public debate (20.04.2015)

(Contribution by La Quadrature du Net, France)



22 Apr 2015

New Danish PNR system will rival the EU PNR Directive

By Guest author

For the second time in the parliamentary year 2014-15, the Danish government has made a legislative proposal for increased access to Passenger Name Records (PNR). The draft law, currently in public consultation, also sheds new light on the use of PNR data by Danish customs authorities. So far, the PNR discussion in Europe has mainly focused on police and intelligence services.

The main purpose of the new law is to give the Danish Security and Intelligence Service (PET) access to PNR data collected by the Danish Customs and Tax Administration (SKAT). Under Section 17 of the Danish Customs Act, SKAT can collect passenger information from airlines. Currently, SKAT is collecting all nineteen PNR elements in the Annex of the proposed PNR Directive, except the Advance Passenger Information (API) data in item 18. The new law will amend Section 17 so that SKAT has a legal basis to collect PNR data from airlines for itself as well as for the PET, and this can be done even if SKAT does not need the specific PNR data for its own operations.

The amended Section 17 will make it mandatory for airlines with flights to and from Denmark to provide PNR data (all 19 elements in the Annex, if available) to SKAT, which can use the data for customs purposes and share the data with PET for an entirely different purpose, namely prevention and prosecution of offences under Chapters 12 and 13 of the Danish Penal Code (mainly related to terrorism). Moreover, airlines will be required to provide the data in digital form to a new IT system under development by SKAT. The PNR data can be retained for up to two years by SKAT.

From the comments of the draft law, it appears that SKAT is already collecting PNR data from all airlines with flights to and from Denmark, including intra-EU flights. This is either done through information received from airlines on paper forms or direct access to booking systems. No airlines are named in the comments of the draft law, but a Danish Institute for International Studies (DIIS) report from 2011 about counter-terrorism in Denmark since 9/11 mentions that Scandinavian Airlines is giving SKAT free access to their database for customs control. SKAT is using the PNR information to actively profile all passengers, so that targeted customs checks can be performed at the gate before passengers leave the plane. The main objective is to find passengers smuggling narcotics and other illegal goods. The new IT system and mandatory digital transmission of PNR data will expand and streamline the PNR profiling done by SKAT.

Moreover, PET gets direct access to the PNR data collected by SKAT. PET is exempted from the Danish Data Protection Act, and PET can generally collect any information unless it can be completely ruled out beforehand that the information will be irrelevant to PET. This extremely vague criterion also applies to PNR data obtained from SKAT. PET can process the PNR data for as long as PET believes that the data is relevant for possible terrorist offences. This includes profiling of citizens’ travel patterns and data mining for unknown terrorist suspects. PET can also share the PNR data with the Danish Defence Intelligence Service (DDIS), and since DDIS is completely free to exchange data with other intelligence services, European PNR data collected by Danish customs authorities could end up in the hands of the United States National Security Agency (NSA).

The joint PNR operation of SKAT and PET is described as the Danish PNR system, and it shares many similarities with the highly controversial proposed EU PNR Directive. Currently, Denmark will not automatically be covered by the proposed EU PNR Directive due to an opt-out from EU Justice and Home Affairs (JHA) legislation, but this is likely to change in 2016 after a referendum on the JHA opt-out. The Danish government strongly supports adoption of the PNR Directive, but the excessive Danish PNR demands go much further than the PNR Directive; this indicates that the special Danish PNR system is meant to co-exist along with the EU PNR system.

For European citizens, the Danish PNR plans should be a cause for concern. The data protection safeguards of the proposed PNR Directive are quite weak, but they are even weaker in the Danish PNR system. For example, there is no right to access or rectification for PNR data held by PET. Furthermore, there is no maximum retention period or limitation on use for PNR data held by PET. The use of PNR data for customs profiling (by SKAT) is clearly incompatible with the principle of purpose limitation.

The draft law contains an interesting discussion of whether a national PNR law is subject to the EU Charter of Fundamental Rights. The Danish government argues that this is the case because the national PNR law regulates the freedom to provide services in the EU, which is guaranteed by Article 56 of the Treaty on the Functioning of the EU. The comments also mention the data retention judgment by the Court of Justice of the European Union (CJEU). However, the Danish government argues that the blanket collection of PNR data is much more limited in scope, and of a different character, than telecom metadata, and accordingly, the PNR provisions are necessary and proportionate. With respect to the legal basis in the Data Protection Directive 1995/46/EC, the proposed Danish PNR system relies on a combination of the public interest exemption in Article 7(e) for the initial collection by SKAT from airlines, and the general national security exemption for the subsequent data transfer to PET.

Draft law to amend the Customs Act and PET Act with PNR provisions (only in Danish, 10.04.2015)

Procedure file for 2011/0023(COD), EU PNR Directive

EDRi-gram: Denmark plans to use PNR data for increased Schengen border control (19.11.2014)

Counter-terrorism in Denmark since 11 September 2001, Danish Institute for International Studies, DIIS REPORT 2011:12 (only in Danish, 20.11.2011)

(Contribution by Jesper Lund, EDRi member IT-Pol, Denmark)



22 Apr 2015

Non-US Twitter accounts now subject to EU Data Protection rules

By Guest author

On 17 April 2015, Twitter revised its privacy policy, explaining that it will change the location of processing of the account information of users outside the United States. On its website Twitter announced that the services for non-US users are now provided by its subsidiary based in Dublin, Ireland. Therefore, these accounts will no more be subject to the United States law but to EU privacy and data protection rules The updated privacy policy will become effective as of 18 May 2015.

In the past, Ireland has often been criticised for its soft approach to data protection. Indeed, Dublin has become a very attractive place for Internet companies operating outside of Europe, as a base for their international and European operations, due to its very corporation-friendly tax regime. Another reason is the country’s rather small office of the Data Protection Commissioner which is faced with the challenging task to regulate and supervise both domestic and international companies.

Nevertheless, this change in Twitter’s privacy policy is rather significant since it provides greater privacy protections to users outside the US. Europe’s data protection regime puts far more pressure on Internet companies, whereas the US imposes fewer restrictions regarding the sharing of personal data. Moreover, the Court of Justice of the European Union (CJEU) “right to be forgotten” ruling against Spain opened the door for privacy regulators, even outside Spain, to enforce EU privacy laws. Accordingly, IT companies which base their European operations in Ireland, are now also under the scrutiny of privacy regulators in other European Member States.

In addition, Twitter made some clarifications in its privacy policy. For example, the company clarified that it is possible to sign up for Twitter services using a pseudonym, or using a phone number as contact information.

Twitter accounts outside of the US now fall under EU data protection rules (20.04.2015.)

Twitter Help center – Privacy updates

Twitter provides greater privacy protection to users in Europe, but not the US (19.04.2015.)

Twitter updates privacy policy for non-US accounts, moving jurisdiction to Ireland (19.04.2015.)

(Contribution by Morana Perušić, EDRi intern)



22 Apr 2015

Italy: Anti-terrorism decree to strengthen government surveillance

By Guest author

On 15 April 2015, the Italian Senate adopted a Government decree concerning, among other issues, “urgent measures to combat terrorism” (DDL 2893/R), as amended by the Parliament on its first reading on 31 March.

Before the vote in the Parliament, the government decided to exclude from the voting list the most controversial amendment on preventive interception of electronic communications. This happened after member of the Parliament (MP) Stefano Quintarelli raised the issue on his blog, thereby attracting public attention to the measure. Nevertheless, the adopted text still contains problematic provisions as regards data retention, blocking measures and data protection issues.

The decree, proposed following the terrorist attacks in France and Denmark in January and February 2015, amends laws and norms of the “Criminal Code” and of the “Code of Criminal Procedure”, aiming at combating terrorism and, in particular, the phenomenon of the so-called “foreign fighters”. In the forewords, the Government stresses the “extraordinary need and urgency” of the action being undertaken and states the intent of pursuing these goals “even through the simplification of the procedures needed for the processing of personal data by police forces”.

As to the content of the text, the first articles of the decree amend various provisions of the Criminal Code, for violations related to terrorism activities such as recruitment of terrorists, and endorsing or inciting to terrorism, if “committed by means of computer or telematic tools”.

Paragraphs 2, 3 and 4 of Article 2 provide measures for the blocking and taking down of terrorism-related websites. A unit of the Ministry of the Interior is empowered to generate and update a list of websites used for “subversive” and “terrorist” activities, in a similar way as already provided for child abuse websites. Also, Internet Service Providers (ISPs) can be requested to filter or to take down the websites on the list if asked by a Public Prosecutor.

Article 7 of the decree substitutes article 53 of the Italian “Data Protection Code”. As explained by the Senate’s briefing document, the new article allows the Code to be circumvented not only when police data processing is provided for by law, but also when it is foreseen in a regulation, lowering legal guarantees.

The most debated provision on preventive interception, as already mentioned, was the amendment on preventive wiretapping, presented by the Committee in charge of the file in the Italian Parliament just a few days before the first reading vote. The proposed amendment modified the “Code of Criminal Procedure” introducing the possibility of using “informatics tools and software to remotely acquire data and communications of computer system”. In his blog post, MP Stefano Quintarelli claimed: “with this amendment Italy become, as far as I know, the first European country to explicitly, and in a generalised way, legalise ‘remote computer searches’ and the use of ‘software for covert data collection’”.

This provision constitutes a direct threat to constitutional rights and freedom – namely articles 13 and 15 of the Italian constitution, as Quintarelli pointed out – and, as it seems not to be necessary nor proportionate, it is in clear violation of the Charter of Fundamental rights of the European Union and the European Convention on Human Rights.

Also, the Italian Data Protection Supervisor, Antonello Soro, expressed his great concern with regard to the proposed amendment, since “the relation between data protection and needs for investigation activities seem to be unbalanced,” particularly because the provision for preventive wiretapping covered not only terrorism-related crimes but also “crimes generally committed on-line or with computer tools”.

Another amendment to the original text, which in fact remained untouched in the final text and is now law, covers data retention. Article 4-bis extends data retention periods for internet traffic metadata to 24 months, the same that is provided for telephone traffic by the “Data Protection Code”. Also, missed calls data will be stored for the same amount of time by service providers.

The Italian Data Protection Supervisor complained that these new provisions are not in line with the ruling of the European Court of Justice (CJEU) on data retention, which on 8 April 2014 decided that the data retention Directive contravened EU law.

After Senate’s vote, the text entered into force on 21 April. Even if the most worrying amendment on preventive interception was cut out, the overall results is nevertheless a reduction of citizens’ guarantees against state surveillance. Not to mention the dangerous approach of discriminating online and offline crimes: promoting terrorist content or recruiting terrorists online is worse than doing it in the offline world, it seems.

As France and Denmark, another European country reacted to the fear caused by terrorist attacks in the most simplistic way, which is also the most detrimental for its citizens. Instead of defending and expanding European values and liberties, governments’ answer to these attacks seems to be an abandonment of the rule of law.

Text of the Italian “Antiterrorism decree” (only in Italian, 15.04.2015)

A significant oversight in antiterrorism measure (only in Italian, 24.03.2015)

Soro: great concerns for the amendments approved to the antiterrorism decree (only in Italian, 24.03.2015)

EDRi-gram: Patriot Act à la française: France to legalise unlawful surveillance (25.03.2015)

EDRi-gram: Danish anti-terror proposal expands surveillance (11.03.2015)

(Contribution by Aldo Sghirinzetti, EDRi intern)



21 Apr 2015

Citizens’ groups from around the world call on EC to defend privacy

By Joe McNamee

The institutions of the European Union are completing a reform of Europe’s Data Protection framework. Recognising the huge significance of the reform, the European Commission made an unequivocal promise when it launched the process. As an “absolute red line”, the level of protection of individuals’ data would not fall below existing levels. However, leaks show that this promise is not being kept.

Sixty-six NGOs from the European Union, North, Central and South America, Africa, Asia and Australia have joined forces to ask for a confirmation from European Commission President Jean-Claude Juncker that the promise will be respected.

“Without leadership from President Juncker, the right to privacy, not just in Europe but around the globe will be undermined”, said Joe McNamee, Executive Director of European Digital Rights, the organisation that initiated the letter. “We hope and expect that the Commission President will uphold the integrity and independence of his institution. We expect a short, rapid response to our question.”

In 2012, the European Commission made an initial legislative proposal to modernise and reform European privacy legislation. The proposal was amended by the European Parliament in 2014. This update is urgently needed, due to the challenges of new technology, the need to harmonise the law and ensure its effective enforcement in Europe. Faced with profiling, digitisation of health data and online tracking, every corner of our lives is increasingly being invaded by “big data”. Due to the amount of data being collected, businesses and governments increasingly know more about us than we know about ourselves – about our preferences, our health, our relationships and our politics. Without credible regulation citizens lose, businesses lose, society loses.

Read the letter here (PDF):

 21 April 2015

By email:
CC: First Vice-President Timmermans, Vice-President Ansip

Dear President Juncker,

The undersigned organisations, NGOs from the European Union and around the globe are deeply concerned at the changes to the data protection reform package being made in the Council of the European Union. Europe’s data protection framework is not just important for the protection of European citizens, it is not just important for building trust in European businesses, it is also crucial as an international gold standard for data protection and privacy on a global level.

On behalf of the College of Commissioners, former European Commission Vice-President Viviane Reding promised European citizens and businesses stronger, unified data protection rules, “bringing them into the digital age without compromising the high level of data protection which has been in place in Europe since 1995″. Dropping below the levels of protection in the 1995 Directive would be an “absolute red line” for the Commission, she promised. The Council has retreated beyond this line and is disappearing into the distance, as our recently published analysis demonstrates.

A failure of the European Commission to maintain levels of data protection in the 1995 Directive would be a breach of the promise made by the European Commission, it would be a breach of the promise of treaty-level protection of the right to personal data enshrined in Article 8 of the Charter of Fundamental Rights and it would be a crushing breach of trust for this, in your words, “last chance” Commission.

We write this letter with one simple question – will you take responsibility for ensuring that the Commission’s legal and political promise will be kept?

We look forward to your timely answer, before the Council completes its discussions ahead of the trialogue negotiations on this proposal.

Yours sincerely,
Joe McNamee
European Digital Rights – EDRi (Europe)
20 Rue Belliard, 1040 Brussels, Belgium

Access (International)
Association for Progressive Communications – APC (International)
Privacy International (International)
World Wide Web Foundation (International)

ALES – Alumni of European Studies (Croatia)
Aktion Freiheit statt Angst e.V. (Germany)
AKVorrat.at – Arbeitskreis Vorratsdaten Österreich (Austria)
Arbeitskreis Vorratsdatenspeicherung (Germany)
Asociatia pentru Tehnologie si Internet – ApTI (Romania)
BEUC – The European Consumer Organisation (Europe)
Bits of Freedom (Netherlands)
Consumentenbond (Netherlands)
Danish Consumer Council (Denmark)
Deutsche Vereinigung für Datenschutz e.V. (Germany)
DFRI (Sweden)
Digitalcourage (Germany)
Digitale Gesellschaft e.V. (Germany)
EU-Logos Athèna (Belgium)
European Information Society Institute – EISi (Slovakia)
FIfF – Forum InformatikerInnen für Frieden und gesellschaftliche Verantwortung e.V. (Germany)
Forum Datenschutz (Austria)
Fundamental Rights European Experts Group – FREE (Europe)
GeneWatch UK (United Kingdom)
GreenNet (United Kingdom)
Hungarian Civil Liberties Union (HCLU)
Initiative für Netzfreiheit (Austria)
International Modern Media Institute (Iceland)
Iuridicum Remedium (Czech Republic)
IT-Pol (Denmark)
Liberty – NCCL (United Kingdom)
medConfidential (United Kingdom)
Norwegian Consumer Council (Norway)
One World Platform (Bosnia Herzegovina)
Open Rights Group (United Kingdom)
Panoptykon Foundation (Poland)
SHARE Foundation (Serbia)
#StopWatchingUs Cologne (Germany)
VZBV – Federation of German Consumer Organisations (Germany)
VIBE – Verein für Internet-Benutzer Österreichs (Austria)

JONCTION (Senegal)
KICTANet (Kenya)
Unwanted Witness Uganda (Uganda)

Bytes for All (Pakistan)
CIS India (India)
Digital Rights Foundation (Pakistan)
Foundation for Media Alternatives (Philippines)

Australian Privacy Foundation (Australia)

Asociación para una Ciudadanía Participativa – ACI-Participa (Honduras)
Fundación Acceso (Costa Rica)
IPANDETEC – Instituto Panameño de Derecho y Nuevas Tecnologías (Panama)

British Columbia Civil Liberties Association (Canada)
Center for Digital Democracy (United States)
Consumer Federation of America (United States)
Consumer Watchdog (United States)
Electronic Privacy Information Center – EPIC (United States)
Horizontal (Mexico)
Open Government Project (Canada)
Red en Defensa de los Derechos Digitales – R3D (Mexico)
Samuelson-Glushko Canadian Internet Policy & Public Interest Clinic – CIPPIC (Canada)

ADC – Asociación por los Derechos Civiles (Argentina)
DATA (Uruguay)
Fundacion Karisma (Colombia)
Fundación Vía Libre (Argentina)
Hiperderecho (Peru)
TEDIC (Paraguay)


15 Apr 2015

Net Neutrality: document pool II

By Maryant Fernández Pérez

On 4 March 2015, the Presidency of the Council of the European Union received the mandate from the Member States to start negotiations with the EU Parliament and the Commission on the “Telecommunications Single Market Regulation”, which includes provisions on net neutrality.

The trialogue discussions between the three institutions officially started on 23 March 2015. In order to explain the process, we will be publishing information and analysis in this document pool – complementary to our previous document pool. We’ll update this post as the negotiations advance.

Click here to download the infographics (PDF).

Do you want to help to Save the Internet? Visit http://savetheinternet.eu

For more information on how the EU works, read our Activist guide to the Brussels Maze.