ORG policy update/2015-w40
This is ORG's Policy Update for the week beginning 28/09/2015
If you are reading this online, you can also subscribe to the email version.
National Developments
Digital Economy Inquiry accepting submissions
The Business, Innovation and Skills Committee's Digital Economy Inquiry is accepting written submissions. Its scope includes intellectual property and “potentially disruptive technologies”. The inquiry is exploring challenges and barriers for businesses in the digital economy and how government actions could help overcome them. Written submissions can be made online and the deadline is 29 October 2015.
EU
European Data Protection Supervisor raises concerns over EU Passenger Name Record plans
The European Data Protection Supervisor (EDPS), Giovanni Buttarelli, has released an Opinion which criticises the current EU Passenger Name Record (PNR) proposal. The EDPS's role includes advising EU institutions and bodies on data protection policy issues relating to new legislative proposals; the Opinion, while not binding, acts as an instrument to achieve this. PNRs are used for operational purposes by the travel industry to manage reservations and therefore hold sensitive personal data. The EU PNR scheme plans to collect this data for all passengers travelling by air through EU member states. The EU already holds agreements to share passenger data with Canada, Australia and the US, although the Canada agreement has been referred by MEPs to the CJEU for a judgment on its legality.
Discussions about an EU PNR scheme began in 2007 but stalled following the inability of the European Commission and the European Parliament's LIBE Committee to reach an agreement. Talks recommenced following the terrorist attacks in Paris in early 2015 and in July 2015 LIBE agreed to enter negotiations, submitting a new Proposal for the scheme. Buttarelli looks at this Proposal in his Opinion with particular reference to the Digital Rights Ireland case.
Buttarelli criticises the current Proposal for failing to meet the standards required under Articles 7, 8 and 52 of the European Charter, Article 8 of the ECHR and Article 15 of the Treaty on the Functioning of the European Union. He highlights that the proposal lacks transparency, and fails to demonstrate that the scheme is necessary or proportionate. Warning that it could constitute a “move towards a surveillance society”, he raises concerns over the proposed bulk and indiscriminate collection of data, the data retention period and the lack of clear purpose limitation and questions the compatibility of these elements of the scheme with the CJEU ruling in Digital Rights Ireland. He further suggests that the Council should await the CJEU's decision on the legality of the EU-Canada PNR agreement and the current data protection reforms being negotiated in European Parliament currently.
US Mission to EU rejects CJEU Attorney General's Opinion on Safe Harbor scheme
The US Mission to the EU has responded to last week's Opinion from CJEU Advocate General Yves Bot declaring the EU-US [Safe Harbor] data protection agreement invalid by issuing a statement clarifying that “[t]he United States does not and has not engaged in indiscriminate surveillance of anyone, including ordinary European citizens”. The Advocate General's Opinion is not binding, however such Opinions are usually highly influential on CJEU judgments. The court ruling is due on Tuesday 6 October.
In its coverage of the story, Ars Technica highlights that there are no safeguards against US surveillance for foreign nationals and that all foreigners thus fall into the “valid foreign intelligence targets” category. The Mission's statement also asserts that the Safe Harbor framework is a living document so the current negotiations between the Commission and the US over its improvement are not an indication of its invalidity and that the “Attorney General's reasoning would undercut the ability of other countries, businesses and citizens to rely upon negotiated arrangements with the European Commission”. Ars Technica reports that this seems to be arguing that the courts should not overrule politicians when they make legally incorrect decisions and offers a tentative link between the argument here and the current TTIP negotiations over the investor-state dispute settlement (ISDS) mechanisms.
Council of Europe report raises concerns over mass surveillance in Germany
The Council of Europe Commissioner for Human Rights has published a report on Germany, part of which looks at the country's mass surveillance practices. The report identifies several issues relating to democratic control, accountability and oversight of the intelligence services, particularly the “lack of resources and expertise, the scope of the oversight of telecommunications, problems of coordination, as well as the absence of effective remedies for persons affected by surveillance of their telecommunications”.
International Developments
France approves sweeping surveillance bill on international digital communication
France's National Assembly voted through the “Surveillance des Communications Electroniques Internationales' Bill on 1 October.
The Bill accompanies the domestic mass surveillance law that was passed in June 2015. The provisions for international surveillance in the Bill were originally in the June law however were struck down by the French Constitutional Court due to the lack of oversight and proportionality of the measures they introduced. The Bill allows French intelligence agencies to collect metadata and content from all international internet traffic without judicial authorisation and gives them broad surveillance capabilities.
Before the vote, rights organisations from around the globe issued an open letter condemning the Bill and urging lawmakers to reject the proposal. Amnesty International additionally raised concerns about the broad and ill-defined scope of the powers granted by the law as well as the length of the retention period. EFF highlighted the similarities between the new French powers and NSA surveillance abilities, particularly the impossibility of distinguishing between nationals and non-nationals when using dragnets and of protecting privileged communications of journalists, judges and lawyers.
Save Crypto petition launches
A number of rights organisations, including Access and EFF, have joined up to launch the Save Crypto petition requesting that Obama supports strong encryption. The petition comes in response to calls from the FBI, the Department of Justice and other lawmakers for government to be able to access encrypted data. The petition argues that measures such as security vulnerabilities and "golden keys" jeopardise personal data and technology security.
Thailand considers implementing “Great Firewall”
The Thai Government have been criticised after plans to implement a single internet gateway initiative similar to China's “Great Firewall” have surfaced. The Deputy Prime Minister responded by stating the plans were still under consideration and the aim was cost-saving and security rather than censorship, however it has been noted that the initiative would facilitate increased censorship and monitoring, as well as data interception. Critics have also highlighted that a single gateway initiative could have undesirable technical consequences, including slow connection speeds and an increased risk of total service outage.
German copyright arbitration board reject copyright collection organisation's 6% request under “Google Tax” law
The German Patent Trademark Office (DPMA) has rejected the proposal from VG media for Google to pay 6% to rights-holders under the ancillary copyright tax law as too high. The ancillary copyright tax law, often referred to as the “Google Tax” law, requires news aggregators to pay royalties for using excerpts from stories in their listings. While the law does apply to Google, the board decided that the excepts must be more than seven words (excluding the search term) long for payment to be due.
Spain also introduced a similar Google Tax law in 2014, which resulted in Google News withdrawing from the country. News publishers are now requesting that the law be repealed as their web traffic has slowed.
ORG Media coverage
See ORG Press Coverage for full details.
- 2015-10-01 – Computer Weekly - Facebook court judgement threatens Safe Harbour data-sharing agreement with US
- Author: Kevin Cahill
- Summary: Jim Killock quoted on the ineffectiveness of the EU-US Safe Harbor framework.
- 2015-09-25 – International Business Times - Karma Police: From Facebook to porn, GCHQ surveillance tool tracked browsing history of every web user
- Author: Anthony Cuthbertson
- Summary: Javier Ruiz quoted on the new reports of mass surveillance practices by GCHQ, arguing for legal reform to protect privacy against state surveillance.