security & surveillance

While offering vast opportunities for exercising and enhancing fundamental rights, the digital environment also offers both opportunities to commit new offences and to impose new restrictions on our online rights. Measures such as filtering, blocking and untargeted surveillance are often easy to implement and extremely difficult to rectify. EDRi therefore works to ensure that all security and surveillance measures are necessary, proportionate and implemented based on solid evidence.

15 Apr 2015

Net Neutrality: document pool II

By Maryant Fernández Pérez

On 4 March 2015, the Presidency of the Council of the European Union received the mandate from the Member States to start negotiations with the EU Parliament and the Commission on the “Telecommunications Single Market Regulation”, which includes provisions on net neutrality.

The trialogue discussions between the three institutions officially started on 23 March 2015. In order to explain the process, we will be publishing information and analysis in this document pool – complementary to our previous document pool. We’ll update this post as the negotiations advance.


Click here to download the infographics (PDF).

Do you want to help to Save the Internet? Visit http://savetheinternet.eu

For more information on how the EU works, read our Activist guide to the Brussels Maze.

Twitter_tweet_and_follow_banner

close
13 Apr 2015

NOW OR NEVER: European citizens stand up to save the internet

By Heini Järvinen

NN_STI_banner

Today, European civil society groups have relaunched “Save the Internet”, a European wide campaign aimed at defending net neutrality in Europe. The campaign calls on concerned internet users in Europe to contact their representatives in the European Parliament to ask them to maintain their strong position on net neutrality.

Internet users will lose the freedom to choose the internet services they want if the EU fails to guarantee real net neutrality. The European Commission and some large EU Member States want to adopt a Regulation that would allow Internet providers to charge extra for online services. Instead of the open Internet that has been such a boost for the economy and free speech worldwide, we would have a broken internet, with fast lanes and slow lanes. Internet providers should not be allowed to decide what content internet users can and cannot access.

It is remarkable that governments have been lobbied into experimenting recklessly with the functioning of the internet. The implications for the economy and society will be enormous,

said Joe McNamee, Executive Director of European Digital Rights, one of the civil rights organisations behind the “Save the Internet” campaign.

Over the coming weeks, closed-door meetings between representatives of the European Parliament, European Commission and Member States will be used to negotiate an agreement on this regulation. That agreement will then be formally approved by the Member States and the European Parliament. This is why it is important that internet users act now and ask their representatives to save the internet.

Please find out more on the “Save the Internet” campaign page:
https://savetheinternet.eu/

Twitter_tweet_and_follow_banner

close
08 Apr 2015

Marrakesh Treaty: EU must take action now

By Diego Naranjo

In April 2015, the European Union “celebrates” one year since the signature of the Marrakesh Treaty. This Treaty seeks to facilitate access to cultural content to for people who are blind, visually impaired or print disabled. This Treaty makes mandatory for contracting parties to provide exceptions or limitations in their national legislation to the right of reproduction and the right of distribution to “facilitate the availability of works in accessible format copies” on a non-profit basis and supplied in accessible formats exclusively to be used by those visually impaired, without requiring the authorization from the rightsholder. The Treaty also allows to those copies to be shared among the Parties to the Treaty. In addition to these mandatory exceptions, the Marrakesh Treaty adds as well an additional optional exception or limitation (“may also provide”) to the right of public performance.

Sadly, one year after the signature of the Treaty, there is no sign the European Union moving forward with ratification of the instrument, which is necessary to bring it into law.

Given the fact that in Europe only five percent of published books are available in an accessible format for visually impaired persons (in developing countries this rate is as low as one percent), the reform is not only common sense, but it calls for need of urgent implementation. Adding on top of this that the Treaty was watered down when the audio-visual materials were taken out from it, after intense lobbying by industry representatives such as the Motion Picture Association of America (MPAA), and that some of the provisions are not even mandatory, the question is why it is taking so long for the Treaty to enter into force.

Michel Barnier, then Vice-President of the European Commission, said that the EU could “help to improve access to books with equal conditions for all and contribute to the fight against the book famine”, and that the the Commission’s proposal was “a signal that Europe (was) ready to support the rapid entry into force of this important Treaty”. Finally, he called the Council and the European Parliament (EP) to “authorise the ratification as soon as possible.” 21 months after it was adopted, and almost one year after the EU signed it, the ratification is still pending. And there is no clear sign of this changing in the short term.

Even worse, the scenario resembles pretty much to what in lawyers’ jargon is called a “dilatory strategy”. On this regard David Hammerstein, member of the Trans-Atlantic Consumer Dialogue (TACD), expressed his dissatisfaction with the “lack of consensus building, technical commitment and political will on the part of both the Commission and EU member states”.

Despite the failure to respect its own commitments, there is hope in some ongoing initiatives in the Parliament that are dealing with the Marrakesh Treaty. At this moment for example the Draft Report on the implementation of the so-called InfoSoc Directive presents a positive approach. Different amendments to the Draft Opinion prepared by the Culture and Education Committee of the European Parliament include a mention on the necessity of having an exception in line with the treaty. However, it is clearly crucial that this does not become a call for the exception to be included in a future revision of the Directive, which may (based on the length of time it took to pass the current legislation) not enter into force until about the beginning of 2021 – or seven and a half years since the Treaty was finalised.

The Culture and Education Committee now needs to decide if it supports rapid ratification, or a huge delay.

Marrakesh Treaty to Facilitate Access to Published Works for Persons Who Are Blind, Visually Impaired, or Otherwise Print Disabled adopted by the Diplomatic Conference to Conclude a Treaty to Facilitate Access to Published Works by Visually Impaired Persons and Persons with Print Disabilities in Marrakesh (27.06.2013)
http://www.wipo.int/treaties/en/text.jsp?file_id=301016

European Commission proposes ratification of Marrakesh Treaty to facilitate access to books for visually impaired persons (21.10.2014)
http://europa.eu/rapid/press-release_IP-14-1185_en.htm

EDRi comments he Amendments presented at the CULT Committee on the Draft Report on the implementation of Directive 2001/29/EC of the European Parliament and of the Council of 22 May 2001 on the harmonisation of certain aspects of copyright and related rights in the information society (see amendments 65, 88 and 89)
https://edri.org/files/Reda/Reda_CULT_am_Adinolfi-EDRi-FINAL.pdf

EDRi comments on the amendments tabled to AFCO Draft Opinion on TTIP, European Digital Rights
https://edri.org/files/TTIP/TTIP-Ams_AFCO_EDRi.pdf

Document from the EU Council on guidances on the Proposal for a Council Decision on the conclusion, on behalf of the European Union, of the Marrakesh Treaty 20.03.2015
http://www.statewatch.org/news/2015/apr/eu-council-marrakesh-treaty-guidance-7321-15.pdf

(Contribution by Diego Naranjo, EDRi)

EDRi-gram_subscribe_banner

Twitter_tweet_and_follow_banner

close
08 Apr 2015

UPC Ireland trapped by its own ToS, has to introduce “three strikes”

By Joe McNamee

UPC Ireland, a largest Irish telecoms provider, has been obliged, by injunction, to introduce a “three strikes” disconnection strategy by the Irish High Court. UPC’s own terms of service are at least partly at fault.

In 2009, the former Irish monopoly telecoms provider, Eircom, entered into a voluntary arrangement with the music industry in order to introduce a “three-strikes” system for alleged unauthorised file-sharing. Under the scheme, a company collects IP addresses online, passes them to Eircom saying they were involved in unauthorised downloading. Eircom sends warnings and then disconnects the user’s internet connection, initially one week and then for a year. The approach has been shown to be a failure in several countries, but effectiveness and proportionality appear not to be priorities

UPC, having a generally impressive record in protecting its users’ rights both in Ireland and internationally, resisted demands to follow the same approach. As a result, a group of music industry giants took UPC to court in 2010, in a case that UPC ultimately won.

However, the judge’s ruling in the 2010 case was extremely activist, essentially demanding that the government pass legislation to impose injunctions of the kind requested in the case. He argued that this was necessary to implement EU law, even though no complaint (to EDRi’s knowledge) was ever made by the European Commission in this regard. The parties were invited to reapply for an injunction once the Irish government had passed the new law. Everyone then did what they were told – the law was passed and the new application was made.

As is typical in the internet sector, UPC’s terms of service are very extensive. Companies generally assume that this is the safest option, because it appears to allow them to act arbitrarily without the risk of being sued. The received wisdom is that this is all benefit and no cost. However, this is not true – because it implies that the company in question believes that such arbitrary behaviour is acceptable and creates the possibility, either through informal pressure or through law, that the internet provider will be pushed into undertaking the foreseen restrictions.

In the first case, the judge was particularly incensed by the fact that UPC’s (like almost all Irish internet providers’) terms of service allow them the possibility to unilaterally disconnect a customer for a variety of reasons. UPC’s terms of service explicitly include copyright infringement as a possible reason for unilaterally terminating a contract.

The judge in the 2010 case found it unacceptable that this part of the UPC contract not being exploited by the company. He complained that, even though it “is a matter of contract, and for a breach of this obligation by the customer, UPC can terminate the contract”, “it never does” nor, he added “do they have any interest in it”.

In the case that recently ended in the High Court, the judge pointed out that UPC regularly disconnects people for failing to pay their bills, without an appeals process. This specious argument was made extensively by music industry lobbyists during discussions on three-strikes at EU level. What EU policy-makers understood, that the High Court Judge did not, was that taking action against a subscriber for a prejudicial action (non-payment of a bill) against the company is fundamentally and obviously different for taking action against a subscriber for an alleged prejudicial action that harms a third party.

Finally, the Irish High Court ruled again (following a case looking only at this issue in 2010) that there is no data processing that falls under Ireland’s idiosyncratic reading of European data protection law when IP addresses are harvested by a company tasked with this activity and no personal data processing when these non-personal data – collected for the purpose of personally identifying individuals – are transferred to the internet provider. They are “publicly transmitted” data, in any event, according to the music industry and, for non-obvious reasons, therefore not entitled to protection. There is personal data processing when the internet provider writes to the end-user for purposes that are entirely outside the purpose of internet access provision because, of course, the activity is covered by the terms of service of UPC.

2015 High Court Ruling
Not yet published

2010 EMI Records vs UPC case
http://www.bailii.org/ie/cases/IEHC/2010/H377.html

2010 EMI Records vs Eircom case
http://www.bailii.org/ie/cases/IEHC/2010/H108.html

Human rights violations online (04.12.2014)
https://edri.org/files/EDRI_CoE.pdf

(Contribution by Joe McNamee, EDRi)

EDRi-gram_subscribe_banner

Twitter_tweet_and_follow_banner

close
08 Apr 2015

Spanish Citizens’ Security law: There is still some hope

By Maryant Fernández Pérez

Despite considerable global criticism, the Spanish Citizens’ Security law was passed on 26 March 2015, together with the reforms of the Criminal Code, which include punishment of badly-defined “terrorist crimes” online. The Citizens’ Security law was greatly opposed by political parties, but that was not enough against the majority in the Parliament of the Popular Party in Spain.

The EDRi-gram previously reported on the Spanish Citizens’ Security law and gave examples of the dangers that it presents to fundamental rights and freedoms of citizens. These include threats to data protection, privacy rights, freedom of expression, the right to information or the presumption of innocence. Yet, the Spanish government ignored the warnings of citizens, civil society, United Nations (UN) experts and Spanish and European members of the Parliament, among others.

The Citizens’ Security law is supposed to enter into force on 1 July 2015. However, the law may still be challenged at both national and EU level.

On the one hand, the Spanish socialists, the biggest opposition party in Spain, took the decision to challenge the law before the Spanish Constitutional Court. The appeal is likely to be open for contributions from other parliamentary groups and organisations. On the other hand, it is reliably reported that the European Commission is analysing the Spanish law in view of the concerns raised by civil society and the parliamentary questions received by some Members of the European Parliament (MEPs).

EDRi-gram: Spanish Citizens’ Security Bill: Many restrictions, few freedoms (28.01.2015)
https://edri.org/spanish-citizens-security-bill-many-restrictions-few-freedoms/

EDRi-gram: Spain: Why you should care about the Citizens’ Security Bill (30.07.2014)
https://edri.org/spain-citizens-security-bill/

Publication of the Criminal code reforms and the new Organic Law on the Protection of Citizens’ Security (in Spanish only, 31.03.2015)
http://www.abogacia.es/2015/03/31/el-boe-publica-la-ley-de-seguridad-ciudadana-y-la-reforma-del-codigo-penal-con-el-rechazo-de-la-abogacia/

Spain Accused of Bullying Protesters With New “Gagging Law” (27.03.2015)
http://www.newsweek.com/spain-accused-bullying-protesters-new-gagging-law-317360

“Two legal reform projects undermine the rights of assembly and expression in Spain” – UN experts (23.03.2015)
http://www.ohchr.org/EN/NewsEvents/Pages/DisplayNews.aspx?NewsID=15597&LangID=E

(Contribution by Maryant Fernández Pérez, EDRi)

EDRi-gram_subscribe_banner

Twitter_tweet_and_follow_banner

close
08 Apr 2015

Report says Facebook tracking breaches EU law

By Guest author

On 31 March 2015, researchers of the University of Leuven and Vrije Univeristeit Brussel, Belgium, issued a report claiming that Facebook tracks online activity both of its users and non-users. According to the report, which was commissioned by the Belgian Privacy Commission, this type of tracking contravenes EU online privacy laws.

Facebook uses a tracking cookie to trace its users online activity whenever visiting a web page belonging to a facebook.com domain. Furthermore, users are being tracked across websites even when they are logged out or do not use social plug-ins. This means that Facebook receives data whenever someone visits a website with the Facebook “Like button”, even if a person does not use this plug-in. What is more, people who do not have a Facebook account are being tracked with the help of a “datre” cookie. “Datre” cookie contains a unique identifier which is placed onto the browsers of people in Europe who are not Facebook users. When placed, it takes two years before it expires.

The report argues that this kind of behaviour is clearly in violation of the EU e-Privacy Directive. In order for a website to use a cookie or perform tracking via social plug-ins it must require a prior consent, unless it is needed to connect to the service network or is specifically requested by the user.

According to an opinion of the Article 29 Data Protection Working Party, issued in 2012, Facebook’s tracking practices have no legal basis in the EU. Social plug-ins must have a consent before placing a cookie, unless one of the exceptions applies. Since social plug-ins are by definition for the member of a social network, the e-privacy directive exception cannot apply to non-users. Furthermore, the report argues that it is not legal to trace even Facebook users who are logged out at the time of browsing. The Article 29 Working Party document explains that logged-in users cannot be served a “datre” cookie but only a “session cookie” which expires when logged out or when the browser is closed.

Therefore, Facebook default settings that allow it to gather information about people for advertising purposes contravenes EU privacy policy. As explained by Brendan Van Alsenoy, one of the authors of the report: “To be legally valid, an individual’s consent towards online behavioural advertising must be opt-in.”

Facebook spokesperson commented the report by Belgian academics claiming that it contains factual inaccuracies, however he not specifying what he was referring to, and stating that Facebook completely complies with the EU Data Protection Directive. On the other hand, the authors of the study claim the opposite, saying the users have very little control over the data Facebook tracks and are unaware how exactly their data is used for advertising purposes.

Facebook ”tracks all visitors, breaching EU law” (31.03.2015)
http://www.theguardian.com/technology/2015/mar/31/facebook-tracks-all-visitors-breaching-eu-law-report

Facebook tracking said to breach EU law (01.04.2015)
https://euobserver.com/justice/128223

Facebook “violates Euro data law” say Belgian data cops’ researchers (01.04.2015)
http://www.theregister.co.uk/2015/04/01/facebook_has_been_watching_you_browse_belgium/

ICRI/CIR and iMinds-SMIT advise Belgian Privacy Commission in Facebook investigation
http://www.law.kuleuven.be/icri/en/news/item/icri-cir-advises-belgian-privacy-commission-in-facebook-investigation

(Contribution by Morana Perušić, EDRi intern)

EDRi-gram_subscribe_banner

Twitter_tweet_and_follow_banner

close
08 Apr 2015

Social media platforms blocked again in Turkey

By Heini Järvinen

Turkish authorities ordered access to 166 websites, including Twitter, Facebook and YouTube, to be blocked after photos of a hostage crisis that ended with the death of a government prosecutor were circulated in the social media platforms.

On 31 March 2015, in Istanbul’s courthouse, two militants took Mehmet Selim Kiraz hostage. He was the prosecutor in the controversial case of the killing of a teenage boy, who died after being hit in the head by a teargas canister fired by the police during the 2013 Gezi Park protests. After the eight-hour hostage drama at a courthouse, and an intervention by special police forces, Kiraz was rescued but succumbed to his injuries later in hospital. The two captors, with alleged links to the outlawed far-left Revolutionary People’s Liberation Party-Front (DHKP-C), were killed by security forces.

Just hours after the kidnapping, photos of one of the militants holding a gun to the hostage’s head were posted to Twitter, allegedly by the captors, from an account that was suspended shortly thereafter. They began immediately circulating in the platform, and were also published by several Turkish newspapers and news sites.

During the incident, TV journalists reporting from outside the courthouse were forced by authorities to cease live reporting. The following day, on 1 April, several media organisations who had published the images were denied accreditation to the funeral of Kiraz. The government accused them for “spreading terrorist propaganda”.

On 6 April, access to Twitter, Facebook and YouTube, along with 163 other websites and specific links to the stories published by Turkish newspapers, was blocked in Turkey, on the basis of a court ruling. The ban on Facebook was lifted rapidly, supposedly because it complied with the ruling before the expiration of the four-hour deadline imposed by the court. By the evening of 6 April, also YouTube and Twitter were accessible again, as the platforms had removed the content that the court deemed illegal. The photos could still, however, easily be found online, and a number of international news sites had already published it in their articles talking about the hostage drama and online censorship.

In recent years, online censorship has frequently raised concerns in Turkey. In March 2014, Twitter and YouTube were blocked, after recordings that raised allegations of corruption towards the Prime Minister Recep Tayyip Erdogan and some of the members of his cabinet were posted to the social media platforms. The ban was lifted after the High Court ruled it unconstitutional.

Turkey blocks Twitter, YouTube, scores of websites after prosecutor’s killing (06.04.2015)
https://globalvoicesonline.org/2015/04/06/turkey-blocks-twitter-youtube-scores-of-websites-after-prosecutors-killing/

Turkey Twitter block lifted after image removed (06.04.2015)
http://www.bbc.com/news/technology-32194915

Turkey lifts ban on Twitter after it removes photos of slain prosecutor (07.04.2015)
http://www.euractiv.com/sections/enlargement/turkey-lifts-ban-twitter-after-it-removes-photos-slain-prosecutor-313563

Prosecutor dies of wounds after Istanbul hostage shootout (31.03.2015)
http://www.reuters.com/article/2015/03/31/us-turkey-hostage-idUSKBN0MR19T20150331?utm_source=twitter

EDRi-gram: Internet censorship and surveillance in Turkey (12.03.2014)
https://edri.org/internet-censorship-surveillance-turkey/

EDRi-gram: Turkey: Twitter ban lifted, YouTube still blocked
(07.05.2014)
https://edri.org/turkey-twitter-ban-lifted-youtube-still-blocked/

EDRi-gram_subscribe_banner

Twitter_tweet_and_follow_banner

close
08 Apr 2015

Data protection and privacy must be excluded from TTIP

By Maryant Fernández Pérez

Data protection is a contentious issue in the discussions about the Transatlantic Trade and Investment Partnership (TTIP) and other trade or investment agreements, such as the Trade in Services Agreement (TiSA). Now that the European Parliament is preparing to issue a non-legislative resolution on TTIP, various parliamentary committees are giving their input to the committee in charge, the Committee on International Trade (INTA).

The committee that takes the lead as regards fundamental rights and freedoms is the Committee on Civil Liberties, Justice and Home Affairs (LIBE). While everyone has one eye on the reform of data protection and one eye on TTIP developments, LIBE adopted a strong Opinion on 31 March 2015 for the European Commission to respect EU fundamental rights and freedoms, especially as regards data protection and privacy.

Led by its rapporteur, Member of the European Parliament (MEP) Jan Albrecht, the LIBE Opinion refers to the need for a binding and suspensive human rights clause; the exclusion of data protection and privacy; the respect of democracy and the rule of law; the fight against mass surveillance and the need for further transparency and accountability, among other important subjects.

Concerning data protection and privacy, the LIBE Committee asks the Commission to exclude these fundamental rights from both TTIP and TiSA negotiations. In fact, the EU and the United States are discussing data transfers and data protection in other fora, namely on the Safe Harbor and the Data Protection Umbrella Agreement. In relation to TiSA, the LIBE Committee rejects the draft chapter on e-commerce proposed by the US. When addressing data flows, LIBE asks for compliance of EU adequacy rules. This point is of particular importance since the European Commission “has conceded that it cannot guarantee EU citizens’ fundamental right to privacy when their data is transferred to the US”, as the Irish Times reported in relation to the case C-362/14, Schrems v Data Protection Commissioner.

Accordingly, one of the fundamental points of the Opinion is the inclusion of an enforceable horizontal clause based on Article XIV of the General Agreement on Trade in Services (GATS) to exempt “the existing and future EU legal framework for the protection of personal data from the agreement, without any condition that it must be consistent with other parts of the TTIP”.

The next round of the TTIP negotiations is going to take place in New York, between 20-24 April 2015. Now, it is crucial that the INTA committee takes the LIBE Opinion in full consideration for the Commission to follow Parliament’s advice.

TTIP Resolution: document pool (last update 08.04.2015)
https://edri.org/ttip-resolution-docpool/

TTIP: Trade agreements must not undermine EU data protection laws, say Civil Liberties MEPs (31.03.2015)
http://www.europarl.europa.eu/news/en/news-room/content/20150330IPR39308/html/TTIP-Trade-agreements-must-not-undermine-EU-data-protection-laws-say-MEPs

Do Facebook and the USA violate EU data protection law? The CJEU hearing in Schrems (29.03.2015)
http://eulawanalysis.blogspot.co.uk/2015/03/does-facebook-and-usa-violate-eu-data.html

EU cannot guarantee citizens’ privacy when transferring data to US, court told (25.03.2015)
http://www.irishtimes.com/business/technology/eu-cannot-guarantee-citizens-privacy-when-transferring-data-to-us-court-told-1.2152005

Documents of CJEU case C-362/14, Schrems v Data Protection Commissioner (25.03.2015)
https://twitter.com/maxschrems/status/580746629776543744

EDRi-gram: Revelations on Safe Harbour violations go to hearing at EU Court (11.03.2015)
https://edri.org/safe-harbour-violations-hearing-eu-court/

EDRi’s red lines on TTIP (13.01.2015)
https://edri.org/ttip_redlines/

(Contribution by Maryant Fernández Pérez, EDRi)

EDRi-gram_subscribe_banner

Twitter_tweet_and_follow_banner

close
02 Apr 2015

“We still need to watch you, really”: PNR back in the Parliament

By Diego Naranjo
fPNR

Sequence from “PNR, the Movie”

Despite the decision of the European Parliament to refer the EU-Canada PNR agreement to the Court of Justice of the European Union (CJEU) in December 2014, the urge to keep increasing surveillance citizens’ movements across Europe seems to be irrepressible. Timothy Kirkhope, Rapporteur (MEP in charge) of the Fight against terrorism and serious crime: use of passenger name record (PNR) data (procedure file 2011/0023(COD) ), is again launching the EU PNR proposal in the European Parliament, after it was rejected by the Parliament’s Civil Liberties Committee in 2013.

What is PNR?

Passenger Name Records (PNR) are data containing information provided by passengers and collected by air carriers for commercial purposes. This can contain several pieces of information such as dates, itinerary and contact details. All PNR data is stored in airlines’ databases.

What kind of information do they contain?

  • Date of the trip and complete itinerary,
  • Name and contact information,
  • Form of payment,
  • Frequent flyer information,
  • Meal preferences,
  • Medical information,
  • Disabilities,
  • Non-flight matters administered by the airline, such as hotel bookings, car rentals, train journeys, travel associates, etc.

Many of these types of data can be used and aggregated to build profiles. For instance, meal preference can provide information about religious affiliation, hotel reservations can indicate passengers’ personal relationships, etc. Mr Kirkhope suggests comparing the PNR database against other databases, presumably to generate such extra data.

How will this information be used under the proposed EU PNR Directive?

The passenger data of all flights from or to the European Union could be processed for the purposes of the prevention, investigation and prosecution of serious crime, serious transnational crime and terrorist offences. However, the definitions in the Directive are so unclear that Member States are given the option of excluding “minor offences” that they cover. All passenger data would be retained by specific Passenger Information Units (PIU) up to five years (or five and a half years, if being stored by the Australian authorities under the bilateral EU/Australian agreement… or 15 years, if being stored by the US authorities under the bilateral EU/US agreement). Moreover, the proposal foresees the possibility to broaden the scope of the PNR directive by including internal European flights, a measure that Mr Kirkhope wants to introduce immediately.

What are the main problems of the EU PNR proposal?

  • The ruling of the EU’s court, the Court of Justice concerning the invalidation of the Data Retention Directive: The analysis provided in that ruling makes it difficult to believe that the current PNR proposal would be considered lawful
  • Excessive Data Retention Period: Even if the retention of data in the PNR context was considered necessary and proportionate, the proposed storage period excessive and lacking any meaningful justification
  • Lack of concrete protections from arbitrariness: In the text,it is unclear how and when data will be processed (prevention of badly defined “serious crime”). There are existing measures (VIS, SIS and API) which already provide a great deal of information. There is no evidence another system would be needed.
  • Lack of evidence showing that these measures are effective, necessary and proportionate in the detention or prevention of serious crimes.From the European Commission impact assessment, there is no concrete evidence on the actual usefulness of PNR collection for the tackling of serious crime or terrorist offences. In this regard, it is particularly worrying that the European Commission states in its proposal that “PNR data is unverified information provided by passengers” while remaining convinced – despite questionable accuracy – it could be used in real time “to prevent a crime”.
  • Lack of proportionality: The Fundamental Rights Agency, the European Data Protection Supervisor, and the Article 29 Working party  (most recently here) agree on the lack of proportionality of the proposal. The proposed EU PNR system foresees data collection and analysis for all passengers on international flights without any sort of targeting.
  • Excessive costs: Transposing such Directive will bring significant costs for Member States. The high expenditure is confirmed by the controversial call for proposal of 50 million euros issued by the European Commission to build PNR systems in several Member States. These funds were made available even though the legislation has not been agreed.

We have sent a letter to members of LIBE, and prepared a briefing paper and an analysis of the proposal. It is time to call and write your MEPs and let them know why this proposal needs to be rejected again.

You can also support our crowdsourcing campaign to produce postcards that will be sent to MEPs in order to make them aware of the risks of this proposal for the fundamental rights of citizens.

PNR_postcards_20150324

Twitter_tweet_and_follow_banner

close
01 Apr 2015

French filesharers to be banned from flying?

By Joe McNamee

A proposed European Directive threatens the ability of French filesharers to use airlines. The problem is a new attempt to adopt a Directive on the collection and storage of “passenger name record” (PNR) data. The European Commission’s plan is for air travellers’ data to be used for profiling individuals, to guess if they are involved in “terrorist offences and serious online crime”. A “serious crime” is defined as punishable by imprisonment for a “maximum period of at least three years”. In France, filesharing (like manslaughter and death threats) can be punished by a period of up to three years in prison, and so falls under the Directive’s definition of “serious crime”.

In the European Parliament, the parliamentarian in charge, British MEP Timothy Kirkhope, has tabled an amendment to the Commission’s text, saying that it should be possible to compare the PNR databases against other “relevant” databases. France has a “three strikes” system of copyright enforcement, regulated by the so-called HADOPI authority. This involves the collection and storage of IP addresses of individuals accused of unauthorised filesharing, for the purpose of sending out repeated “warnings” that ultimately lead to the disconnection of the individual’s (or their family’s) internet connection.

The European Commission’s proposal borrows its definition of “serious crime” from a piece of legislation adopted 13 years ago. Mr Kirkhope, by contrast, has provided a list of specific crimes that should be covered by the Directive and some very non-specific offences such as “computer-related crime” that should also be covered. He implicitly recognises that the definitions are far too broad and suggests, as a safeguard, that Member States may opt not to include minor offences (that are subject to up to three years in prison) from the crimes that would fall under the definition of “serious transnational crime”. However, bearing in mind that France punishes filesharing in a similar way to the way it treats manslaughter, the idea that France might exclude filesharing in this situation may be excessively optimistic.

So, where does this leave the French filesharers? Well, the PNR data (plus its comparison with any other relevant databases) will be used to carry out “ an assessment of the passengers prior to their scheduled arrival or departure from the Member State in order to identify any persons who may be involved in a terrorist offence or serious transnational crime and who require further examination by the competent authorities”. Obviously, if you have been identified as a possible perpetrator of the serious transnational crime of filesharing and need to be further examined by the “competent authorities”, the chances of getting to your plane on time are somewhat limited.

Why did we publish this today? Well, we thought that most people reading this article would assume that it was an “april fool” joke. The joke is… everything you have just read is factually correct.

facepalm

Commission proposal
http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2011:0032:FIN:EN:PDF

French report – Legal punishment for filesharing as severe as manslaughter (29.08.2011)
http://www.zeropaid.com/news/95546/french-report-legal-punishment-for-filesharing-as-severe-as-manslaughter/

Kirkhope report
http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-%2f%2fEP%2f%2fNONSGML%2bCOMPARL%2bPE-549.223%2b01%2bDOC%2bPDF%2bV0%2f%2fEN

No mass surveillance of air passengers
http://igg.me/at/nopnr

PNR_postcards_20150324

Twitter_tweet_and_follow_banner

close