Commissioner Malmström sets out her agenda to the European Parliament

By EDRi · September 22, 2010

This article is also available in:
Deutsch: [Kommissarin Malmström stellt ihre Agenda vor |]

In a Committee meeting last week and in the Parliament’s plenary session
this week, Commissioner Malmström has set out her vision on various upcoming
issues in her portfolio.

In the Committee, Malmström drew attention to the Communications on
information sharing instruments and legislative instruments on terrorism and
said that the analysis contained therein can be used for the development of
future policy.

On the exchange of airline passenger name records, she said that a new
Communication would be proposed in the plenary session of the Parliament.

The internal security strategy will be launched in November and will build
on the Stockholm Programme. It will look at cybercrime, organised crime,
terrorism etc. and specify some strategic objectives. Also, a proposal on
attacks against computer systems (“Lisbonising” and updating an existing
Framework Directive) will be proposed this month. Oddly enough, the
Commissioner chose not to mention the problematic review of the data
retention directive in her speech to the Committee.

In the Committee discussion, several insightful interventions were made
by parliamentarians about web blocking, data retention and the
implementation of the TFTP (SWIFT) agreement.

At the plenary session of the Parliament, the Commissioner presented her
Communication on transfer of PNR data to third countries. This consists of
two parts, one on the general principles that must always be followed in
negotiations on this topic. The second part is on procedures in relation to
the three countries that the EU already has agreements with, namely the USA,
Australia and Canada. EU PNR data will be the subject of a legislative
proposal, for which an impact assessment will need to be prepared.

One interesting aspect of this is that the Commission is quite clear that
the data should only be used for “serious international crime” and proposes
that this term should be defined. This, at least, indicates a small step
forward in the coherence of the Commission’s approach to such issues. The
data retention Directive is also theoretically limited to “serious crime”,
but with no harmonised standard, with some countries having no definition at
all, rendering the “limitation” entirely meaningless.

On the other hand, the headlong rush of the Commission to develop more and
more ways of exporting personal data to third countries remains worrying.
Commissioner Malmström’s reference to the need for coherence between the
“usefulness” of keeping the data and legal certainty is particularly
worrying. There is vast potential for exported data to be “useful” for one
reason or another. Whether it is necessary and proportionate and, therefore,
legal, appears to be less of an immediate concern.

Finally, in the press conference, she was asked (see the video linked
below – minute 7.00) about the Amadeus server, where the US Department of
Homeland Security has (according to the FT Deutschland journalist asking the
question) almost unlimited access to EU PNR data. After initially appearing
to be unaware of this issue, Commissioner Malmström said that this would
fall under the new agreement with the USA.

Communication on information sharing: EU information management instruments

Communication on legislative instruments on terrorism (20.07.2010)

PNR Principles(21.09.2010)

Recording of Commissioner Malmström’s press conference(21.09.2010)

(contrubution by Joe McNamee – EDRi)