Navigation

Should the US Patriot Act have precedence over EU data protection?

By on May 26, 2016 in Big Data, Data Protection, EU, Privacy, US

Today the European Parliament has voted on a resolution concerning the “EU-US Privacy Shield”. This is a mess.

Transfer of personal data from the EU to the US used to be regulated under the so-called Safe Harbour Agreement, aiming at protecting our data when transferred to the US. But actually, this agreement was too vague, rather pointless and possible to circumvent. Finally, the European Court of Justice (ECJ) invalidated it, finding that it violated citizens right to privacy.

So work started to replace Safe Harbour with the EU-US Privacy Shield. In the process, the EU has stated that there is a new agreement, even though we are nowhere close to a final document. The EU and the US are very eager to push for this new agreement, to benefit Big Data in the US. But the concern is that this new agreement will not treat EU citizens personal data in a responsible way, disregard our right to privacy and that it might be Safe Harbour all over again.

One core question is if the US Patriot Act and the new USA Freedom Act should have precedence over EU data protection.

Today the European Parliament had a say, in a non-binding resolution. The press release:

In the resolution, passed by 501 votes to 119 with 31 abstentions, MEPs welcome the efforts of the Commission and the US administration to achieve “substantial improvements” in the Privacy Shield compared to the Safe Harbour decision which it is to replace.

However, they also voice concern about “deficiencies” in the proposed new arrangement negotiated by the Commission, notably:

• the US authorities’ access to data transferred under the Privacy Shield,

• the possibility of collecting bulk data, in some cases, which does not meet the criteria of “necessity” and “proportionality” laid down in the EU Charter of Fundamental Rights,

• the proposed US ombudsperson, a new institution that MEPs accept is a step forward, but believe to be neither “sufficiently independent”, nor “vested with adequate powers to effectively exercise and enforce its duty”, and

• the complexity of the redress mechanism, which the Commission and US administration need to make more “user-friendly and effective”, MEPs say.

Parliament stresses that the Privacy Shield framework gives EU member state’s data protection agencies a prominent role in examining data protection claims and notes their power to suspend data transfers. It also notes the obligation placed upon the US Department of Commerce to resolve such complaints.

Finally, MEPs call on the Commission to conduct periodic “robust reviews” of its decision that Privacy Shield protection is adequate, particularly in the light of experience with the new EU data protection rules which are to take effect in two years.

In other words, the EU and the US are far from a complete and acceptable agreement.

Green home affairs and data protection spokesperson Jan Philipp Albrecht said:

The proposed ‘Privacy Shield’ framework does not seem like a viable long-term solution. It seems highly questionable that this new framework addresses the concerns outlined by the European Court of Justice in ruling the Safe Harbour decision illegal. The European Commission cannot issue a blank check for the transfer of European citizens’ data to the US. Instead, it has to continue to insist on improvements to the level of data protection.

At the same time the centre-right group, EPP, is impatient to have a new agreement in place – seemingly without having the same concerns over privacy and data protection.

The EPP Group’s Spokesman on the issue, Axel Voss MEP, warned against any attempt to torpedo the finalisation of the Privacy Shield, listing benefits to European consumers and SMEs alike: “Free cross-border data flows between the EU and the US are of paramount importance for our economies, trade and investment. Data flows are a key element for the competitiveness of business. Therefore the EPP Group welcomes the conclusion of the negotiations between the EU and the US on this topic.”

Now, we will have to wait to see what the European Commission makes of this.

/ HAX

Links:
• European Parliament: EU-US “Privacy Shield” for data transfers: further improvements needed, MEPs say »
• Greens-EFA: EU-US ‘Privacy Shield’ data exchange »
• EPP: EU-US data flows: urgent implementation of Privacy Shield needed »
• Ars Technica: EU data protection chief: We have serious concerns about Privacy Shield »

Previous posts on The EU-US Privacy Shield: 1 | 2 | 3 | 4 | 5

See an interview with Max Scherms, who took Safe Harbour to the European Court of Justice »

0

EDRi: Next year, you’ll complain about the Terrorism Directive

By on May 26, 2016 in Big Brother, Censorship, Civil liberties, EU, Human rights, War on Terror

Next year, when your Member State starts blocking websites, without quite knowing why, when it starts imposing restrictions on Tor and proxy servers, without quite knowing why, when unaccountable, unclear legislation leads to arbitrary and discriminatory enforcement, and your government says that it is “EU law that it is obliged to implement” and you wonder why the press never reported on it, when you search in vain for who is accountable for a weak and dangerous text, come back and read this again.

EDRi: Next year, you’ll complain about the Terrorism Directive »

0

EU:s EPP group calls for Internet censorship

By on May 24, 2016 in Big Brother, Censorship, Civil liberties, Democracy, EU, Freedom of Speech, Human rights, Internet, War on Terror

The centre-right group in the European Parliament, EPP, just released an article on its’ website: The Fight Against Online Radicalisation »

Let me copy paste a few passages…

This would mean limiting the internet reach that ISIS and other extremist groups have on our social media networks. To ban them completely would be impossible as it is difficult enough to figure out who is an extremist recruiter and who isn’t on Facebook and Twitter, but we can certainly limit and delete their Facebook pages and bar their accounts. (…)

It has been agreed that Europol is to obtain greater powers to deal with the tackling of the terrorist threat online. New specialist units, monitored by an European Data Protection Supervisor and a Joint Parliamentary Scrutiny Group, will be set up that will be able to contact social network providers (Facebook, Twitter etc.) directly to ask that pages and accounts run by ISIS are shut down as fast as possible.

Obviously, we need to make a stand against radical Islamism and others who advocate violence and who do not respect human rights and civil liberties. But is censorship really the right way to do it?

Either you have freedom of speech or you don’t. If you restrict free speech, e.g. by censoring Internet content, per definition you have lost it.

The only acceptable exception would be clearly expressed, substantial threats directed against other people’s life, security or property.

It is true that radical Islamism is a murderous ideology. But so is Communism and Fascism. Banning all bad and dangerous doctrines would have far-reaching implications. And who is to decide what to censor?

If we introduce far-reaching online censorship you can be absolutely sure that it will be extended beyond its’ original purpose.

Actually, we are already there. In many countries, xenophobic and anti-immigration Internet activities are prohibited, censored and can lead to prosecution. What is considered to be acceptable opinions or banned hate speech is a matter of definition. And once again, who is to decide?

The irony of it all is that the same set of rules are used to silence radical Islamism as anti-Muslim, anti-immigration rants.

Radical Islamism aiming at limiting other people’s freedom, human rights and/or civil rights must be opposed. Strongly. But it must be done in a frank debate and by good examples.

You simply cannot defend a free and open society by limiting people’s human and civil rights (such as freedom of speech).

/ HAX

1

European Parliament to tackle virtual currencies and Blockchain

By on May 23, 2016 in Big Government, Bitcoin, Blockchain, Economics, EU

This week, the European Parliament will debate (Wednesday) and vote (Thursday) on a report on virtual currencies.

First of all, this is a report – not legislation. But it will be handed over to the European Commission for consideration.

It is interesting to see how the EP seems to think that virtual currencies can be regulated and incorporated in existing regulations and legal frameworks. Of course, a new virtual currency can do that. But when it comes to Bitcoin and other existing currencies – I cannot understand how this is supposed to be done. (And it shouldn’t.)

The EP also seems to believe that virtual currencies have some sort of governing bodies, that could be held accountable in front of the EU and national authorities.

On the positive side, the report states that no special legislation for virtual currencies is needed – for the time being. (More tailor-made legislation might be needed.”)

Here are some parts of the report that might be of interest. (VC = virtual currencies. DLT = distributed ledger technology = Blockchain.)

19. Welcomes the Commission’s suggestions for including VC exchange platforms in the Anti-Money-Laundering Directive (AMLD) in order to end the anonymity associated with such platforms; expects that any proposal in this regard will be targeted, justified by means of a full analysis of the risks associated with VCs, and based on a thorough impact assessment;

20. Recommends that the Commission draw up a comprehensive analysis of VCs and, on the basis of this assessment, consider, if appropriate, revising the relevant EU legislation on payments, including the Payment Accounts Directive (PAD), the Payment Services Directive (PSD) and the Electronic Money Directive (EMD), in light of the new possibilities afforded by new technological developments including VCs and DLT, with a view to further enhancing competition and lowering transaction costs, including by means of enhanced interoperability and possibly also via the promotion of a universal and non-proprietary electronic wallet;

21. Observes that several virtual local currencies have been created in Europe, not least as a response to the financial crises and the related credit crunch problems; urges particular caution when defining virtual currencies, in the context of any future legislative proposals, with a view to taking proper account of the existence of ‘local currencies’ of a not-for-profit nature, often having limited fungibility and providing significant social and environmental benefits, and to preventing disproportionate regulation in this area, as long as taxation is neither avoided nor circumvented;

22.Calls for the creation of a horizontal Task Force DLT (TF DLT) led by the Commission, consisting of technical and regulatory experts, in order to:

i) provide the necessary technical and regulatory expertise across the various sectors of pertinent DLT applications, bring together stakeholders and support the relevant public actors at EU and Member State level in their efforts to monitor DLT use at the European level and globally;

ii) foster awareness and analyse the benefits and risks – including to end-users – of DLT applications in order to make best use of their potential, including by aiming to identify a core set of attributes of DLT schemes conducive to the general interest, such as non-proprietary open standards, and by identifying standards for best practice where such standards are emerging;

iii) support a timely, well-informed and proportionate response to the new opportunities and challenges arising with the introduction of significant DLT applications, including by means of a roadmap for future steps at EU and Member State level which would include an assessment of existing European regulation, with a view to updating it in response to significant and systemic DLT use where appropriate, also addressing consumer protection and systemic challenges;

iv) develop stress tests for all relevant aspects of VCs and other DLT schemes that reach a level of use that would make them systemically important for stability;

23. Stresses the importance of consumer awareness, transparency and trust when using VCs; calls on the Commission to develop, in cooperation with the Member States and the VC industry, guidelines with the aim of guaranteeing that correct, clear and complete information is provided for existing and future VC users, to allow them to make a fully informed choice and thus enhance the transparency of VC schemes in terms of how they are organised and operated and how they distinguish themselves from regulated and supervised payment systems in terms of consumer protection;

The devil is in the details. (My emphasis above.)

Apparently the EP has found something new to regulate. The fact that its’ members don’t seem to grasp the concept of virtual currencies and Blockchain will not stop them. And that is not an unusual approach when it comes to EP reports…

At best this report is a waste of time. But it can be used by the Commission to justify future legislation.

/ HAX

• The report, 2016/2007(INI) »
• As PDF »
• EP summary »

4

UN and free speech

By on May 22, 2016 in Uncategorized

The United Nations Security Council wants a global “framework” for censoring the Internet, as well as for using government propaganda to “counter” what its apparatchiks call “online propaganda,” “hateful ideologies,” and “digital terrorism.” To that end, the UN Security Council this week ordered the UN “Counter-Terrorism Committee” — yes, that is a real bureaucracy — to draw up a plan by next year. From the Obama administration to the brutal Communist Chinese regime, everybody agreed that it was time for a UN-led crackdown on freedom of speech and thought online — all under the guise of fighting the transparently bogus terror war.

Zerohedge: UN Plots War On Free Speech To Stop “Extremism” Online »

0

Europol, Facebook & Twitter

By on May 20, 2016 in Big Brother, Big Data, Data Protection, Europol, Facebook, Privacy, surveillance

Will the European Police Office’s (Europol’s) database soon include innocent people reported by Facebook or Twitter? The Europol Regulation, which has been approved on 11 May 2016, not only provides a comprehensive new framework for the police agency, but it also allows Europol to share data with private companies like Facebook and Twitter.

EDRi – Europol: Non-transparent cooperation with IT companies »

0

What the Police really wants to know

By on May 19, 2016 in Big Brother, Data Retention, File Sharing, Intellectual Property, Privacy

For the first time, an ISP publishes statistics of what crimes the Police are investigating when requesting the release of internet subscriber identities. The so-called Data Retention, which is a governmental requirement to store data about everybody’s communications in order to use it against them in the future, was originally justified as necessary for fighting organized crime and terrorism – but is now being used against ordinary sharing of music and movies, according to the ISP.

“We want to publish these statistics in order to show the Police are violating people’s privacy and spending resources on pointless trifles”, says Jon Karlung, CEO of Bahnhof.

Falkvinge: For first time, an ISP reveals why Police demand internet subscriber identities: ordinary file sharing is the most investigated “crime” »

0