EU law requiring storage of e-communications traffic data seriously interferes with citizens’ fundamental right to privacy and should be suspended until it’s fixed, said European Court of Justice (ECJ) Advocate General (AG) Pedro Cruz Villalón Thursday in an opinion (http://bit.ly/18nKR2G). The ECJ isn’t bound by its advisors’ opinions but generally follows them. The case involves challenges in Ireland and Austria to those countries’ versions of the EU data retention directive, which their respective high courts referred to the ECJ. Taken as whole, the measure is incompatible with the requirement in the EU Charter of Fundamental Rights that any limitation on the exercise of such a right must be provided for by law, the AG said. Use of retained data could make it possible to create a faithful map of much of a person’s conduct or even a complete picture of his private identity, and it could also increase the risk that the data may be used for unlawful purposes, he said. The directive doesn’t require that the data be retained in the territory of an EU country, so it could be held anywhere in cyberspace, he said. Given its serious impact on privacy rights, the legislation should have defined the fundamental principles on which access to the data collected and held would be based, instead of leaving that task to each individual country, he said. Another problem is that the law requires EU members to ensure that data is kept for up to two years when evidence showed here’s insufficient justification for such a long period, the AG said. Instead of advising the ECJ to strike down the law, however, he recommended that it be suspended until the EU remedies the problems. Digital Rights Ireland (DRI), which brought one of the challenges, said it’s happy with the opinion but would have preferred that the AG find the directive unlawful in principle, which he didn’t do, Chairman TJ McIntyre told us. If the ECJ upholds the opinion, it will strike down the directive, he said. The AG wants governments to have a grace period in which to change their laws, but DRI hopes that, given the political climate surrounding former U.S. NSA contractor Edward Snowden’s revelations, there’s enough political opposition to data retention for the law to die, he said. When DRI launched its challenge seven years ago data storage wasn’t a big issue, but the political scene is different now, he said.
Dugie Standeford
Dugie Standeford, European Correspondent, Communications Daily and Privacy Daily, is a former lawyer. She joined Warren Communications News in 2000 to report on internet policy and regulation. In 2003 she moved to the U.K. and since then has covered European telecommunications issues. She previously covered the U.S. Occupational Safety and Health Administration and intellectual property law matters. She has a degree in psychology from Duke University and a law degree from the University of Tulsa College of Law.
Negotiations on a treaty to update protection of copyrighted broadcast signals are set to resume Dec. 16 in the World Intellectual Property Organization Standing Committee on Copyright and Related Rights (SCCR). Before delegates get to the meat of the agreement, however, an extraordinary Dec. 10-12 WIPO General Assembly (GA) meeting must decide what the SCCR will work on this year, a question left hanging after its October meeting. One proposal floated by central European and Baltic countries is to prioritize the broadcast treaty, a position backed by broadcasters, observers said. Talks on the actual language of the controversial treaty were supposed to take place in July but were postponed.
The European Parliament inquiry into U.S. mass surveillance appears headed toward a wishy-washy conclusion, said several lawmakers Monday at another in a series of webcast hearings by the Civil Liberties, Justice and Home Affairs (LIBE) Committee. A co-author of the final report discussed a working document on U.S. surveillance activities regarding EU data and its possible legal implications for existing trans-Atlantic agreements and cooperation. There’s no proof now that the U.S. has abused the Terrorist Finance Tracking Program (TFTP) or Passenger Name Record (PNR) system, said co-rapporteur Axel Voss, of the European People’s Party and Germany, and it’s unclear what would replace them if they're revoked. The few LIBE members present slammed the document for being too deferential to the U.S. and European Commission. Friday, the Centre for European Policy Studies issued policy recommendations it said could help the Parliament fully exercise its duty to safeguard citizens’ privacy rights.
The European Commission sees broad convergence among stakeholders on the net neutrality provisions of its proposal for digital-single-market regulation, DG Connect Deputy Director General Roberto Viola said Thursday at a webcast hearing of the European Parliament Industry, Research and Energy (ITRE) Committee. There’s much less agreement on what to do about excessive mobile roaming charges, however, with rapporteur Pilar del Castillo, of the European People’s Party and Spain, calling for an end to roaming fees altogether, and the EC seeking to tackle the problem through voluntary operator deals. Viola promised the EC will be “open and flexible” in finding compromise.
Internet users should have a legislated right to open access, but some aspects of net neutrality remain hard to pin down, speakers said Wednesday at a webcast hearing of the European Parliament Internal Market and Consumer Protection (IMCO) Committee. It’s one of the committees vetting the European Commission proposal for digital-single-market regulation, which includes provisions allowing companies to provide differentiated services as long as they don’t interfere with Internet speeds promised to other customers (CD Sept 12 p7). IMCO’s response makes some changes to the EC version to “clarify and improve the text,” rapporteur Malcolm Harbour, of the European People’s Party and the U.K., wrote in his report (http://bit.ly/1aYRFSg). But questions about what “specialized services” are and how regulators should monitor net neutrality remain open, panelists said.
The European Commission Wednesday pressed for stronger U.S. privacy protections to restore trust in trans-Atlantic data flows badly shaken by revelations of massive surveillance and ineffective compliance with the safe harbor agreement. It has a “clear agenda” for rebuilding trust with Europe and assuring Europeans their privacy will be safeguarded, said Home Affairs Commissioner Cecilia Malmström. The EC criticized compliance by companies, and lax oversight by the U.S. FTC and the Department of Commerce, of safe harbor, which allows businesses to transfer Europeans’ personal data to the U.S. In turn, civil society groups said the EC recommendations for improving safe harbor don’t go far enough, and one European Parliament member accused the EC of a whitewash.
IPv6 is making “steady progress, nothing spectacular,” said Alain Fiocco, senior director of Cisco’s IPv6 program, in an interview. By October, 16 months after the June 2012 world IPv6 launch, the number of access networks that managed measurable IPv6 traffic toward the measurers at Google, Facebook and Yahoo had jumped from 69 to 197, Internet Society Chief Internet Technology Officer Leslie Daigle told us. That 1.5-2 percent of Internet users now use the technology is “significant growth in relative terms” over the past year, but “in absolute terms it’s still 1 in 50,” said Geoff Huston, chief scientist at the Asia Pacific Network Information Center. Whether the business case for IPv6 has finally been made remains to be seen, he said.
The U.S. National Security Agency has “weakened, misconstrued and ignored” civil liberties protections that Congress built into the Patriot Act, but the USA Freedom Act would fix that, Jim Sensenbrenner, chairman of the House Judiciary Committee Subcommittee on Crime, Terrorism, Homeland Security and Investigations, told the European Parliament Civil Liberties, Justice and Home Affairs (LIBE) Committee Monday. The legislation would deliver “real reform” by ending the NSA dragnet of information from Europeans and Americans, he said. Google, Microsoft and Facebook, meanwhile, denied they give intelligence agencies back-door access to users’ data, sparking skepticism from Parliament members (MEPs).
EU efforts to toughen personal data protection rules have encountered a level of lobbying rarely, if ever, seen in Brussels, said industry, civil society and EU representatives in recent interviews. But lobbying in Europe isn’t necessarily becoming more American-style because of major differences in money flows and the political setup, they said. The European Parliament and European Commission have complained about pressure from U.S. companies affected by the proposed data protection regulation, but one law firm lobbyist said American companies are being unfairly accused of wanting to weaken privacy rules.
European negotiators meeting in Wednesday with U.S. counterparts to discuss mass surveillance and data protection issues focused on a wide range of issues, some of which may take a long time to resolve or may remain unanswered, the European Commission told the European Parliament Civil Liberties, Justice and Home Affairs (LIBE) Committee at a hearing Thursday. The question of whether European citizens should have redress for breaches by the U.S. National Security Agency of their privacy rights is one that may have to be solved in steps, said Reinhard Priebe, director-internal security in the Home Affairs Directorate. The trans-Atlantic experts working group hopes to have a joint report ready by year’s end, said Fundamental Rights and Citizenship Director Paul Nemitz. The LIBE hearing focused on how best to ensure that unfettered spying never happens again