Thursday, January 15, 2009

News you WANT to read - Data Sharing on Hold

I have often felt like David against Goliath in trying to stay the tide of civil rights violations through governmental digital sharing. All efforts have seemed like a handful of sand thrown into a typhoon.

For the first time, an EU agency has stood up for the civil right of privacy for EU citizens: someone has said NO to the bureaucrats.
The USA National Security Agency has no right whatsoever to the private electronically held details of EU citizens (e.g. medical records, credit card purchases, political affiliation, your electric bill, tax status etc.) UNLESS A CRIME HAS BEEN COMMITTED. And there is proper oversight and applications for such information on those residing in the EU.

Pre-emptive data sharing violates the right to privacy and endangers individuals by making personal information available to the USA government and other authorities WITHOUT accountability. Pre-emptive has become the watch word of our century...wars, surveillance,'s not a pretty start to the new millenium.

This means, if they make a mistake, tough titty. There is no supervision of this unprecedented access to EU citizen details by a foreign power, the USA. And no recourse.
Why more Europeans are not concerned with this is a mystery to me. For those who just don't give a dam, we will all lose our freedoms for the benefit of blissful ignorance. I am delighted by this decision to stay the data-sharing of EU citizens with the USA National Security Agency.

I am not a criminal or a 'terrorist'; and I do not have to prove it! Do you?

Data chief attacks
transatlantic police plan

"Unprecedented" data sharing
not so caring

By Mark Ballard
Friday, 14 November 2008

EUROPE'S DATA chief has told Washington and Brussels to put the brakes on a plan to share police and other government data across the Atlantic. The "unprecedented" US/EU plans are being thrown together so hastily that they risk giving police and government agencies carte blanche to share whatever and as much data as they liked, in disregard of human rights, and even drawing on private sector databases, said Peter Hustinx, the European Data Protection Supervisor (EDPS), in an official report yesterday. "The EDPS calls for more transparency", he said in the report, and "any haste in the elaboration of the principles should be avoided as it would only lead to unsatisfactory solutions".

The proposals, laid out in June by the High Level Contact Group on information sharing and privacy, fall short of the minimum standard of data protection already established in European human rights law.
Hustinx called for "more clarity and concrete provisions" because the scope of the plan was vague, it left no room for oversight, did not ensure that data given to US authorities would be treated with adequate care, and gave insufficient recourse for European's to challenge US abuses of their data in a court of law.

This was particularly problematic because police and government data sharing plans were developing too fast: "The request of enforcement authorities of third countries for personal information is constantly widening, and... also extends from traditional government databases to other types of files, in particular files of data collected by the private sector," he said.
At least the authorities were discussing data protection, said Hustinx, but they should give it greater credence: "[It] could legitimise massive data transfers in a field - law enforcement - where the impact on individuals is particularly serious, and where strict and reliable safeguards and guarantees are all the more needed".

He called on the High Level Contact Group (HLCG) to carefully define the scope - the limits - of its data sharing plans so that police and government agencies do not use it for data transfers in breach of people's human rights.
He wanted any agreement to specify precisely who would be able to share data, what data they would share and for what purposes. The authorities must also come clean about the wider context of the proposals, known as the "global transatlantic security area", which is a US initiative to create a common electronic border system with allies such as the EU, Australia and Canada that could be used for security, immigration control, public health and other unspecified functions.

The fact that the plans were so loosely defined made it possible for them to grow through function creep: "Is it also meant to allow for the exchange of data for other public interests such as possibly public health risks?" asked Hustinx. Hustinx, the official responsible for ensuring that public authorities' data systems do not abuse human rights, said transatlantic data sharing should only be allowed between countries when it is "absolutely necessary for a specific purpose" decided "on a case by case basis". "The EDPS recommends to restrict the purpose to precisely identified data processing, and to justify the policy choices leading to such definition of purpose," he said, adding a plea for a loophole that would allow the "transfer of personal data between private and public parties" to be closed.

The plans would give US police and government authorities such wide remit to access EU data that Hustinx even had to ask whether they would have access to " other databases such as tax databases".

Would spooks get access too, he asked. Were they seeking free access? And, he warned, US demands under the agreement would lead to copy cat demands between EU member states, as it had for airline passenger data. US access to details of the world's financial transactions, held by the EU-based Swift, would be legitimised by the agreement and that might prompt EU authorities to seek such routine access themselves.

To make matters worse, EU law wasn't even prepared for such proposals. " Halt," he said, "and prepare the ground first". He proposed the HLCG wait until the EU Lisbon Treaty came into force, though that is not even certain. But he feared that the plan would be slipped in under a coming law that provided weak protections for data transfers to third countries (data protection in the third pillar legal framework, to be introduced imminently).

Preparing the ground first would give people basic protections from abuse by the state - protections that had not been provided in the proposals. The agreement should be binding on authorities, rather than casual as similar such agreements have been. In particular, the US should be held to account by EU standards of civil rights.
Basically, the HLCG had proposed an all-encompassing data protection regime that would provide inadequate protection but would be applied to all transatlantic data transfers, said Hustinx.

The group should rather implement some protections as a minimum standard, and then, taking each instance of official data sharing on a case by case basis, design specific protections for each.
The authorities should be held to account for their data sharing, he said. The current proposals would not enforce that as they stood.


JD Hays said...

Thanks for this post. You remind me that the Orwellian impulse driving governments to strip away personal privacy is more of a global movement. Thank goodness we still have folks who are in position to apply the brakes to such behavior.

Sheilanagig said...

Nice comment JD. Thank you. I sometimes feel like no one is listening.

Together we are stronger...and I hope we shall be strong enough to contain the plans of those who think of us as demographic control issues.


ps. I am also afraid of the Orwellian future if we do nothing about this.


All blogs are really just small snapshots of a person's mind, heart and soul as they evolve together through life....

Small bits of the thread of life we weave together into the fabric of ourselves, in the hope we will make sense of our existence, individual and collective.

On this page, is the cloak I have fashioned from my fabric to warm myself in a universe which often makes little sense.

Inside my cloak, it is warm enough to face the blistering cold winds of the insane world in which I find myself.

If you find some a bit of 'the good stuff' here, it has been my pleasure.