I have often felt like David against Goliath in trying to stay the tide of civil rights violations through governmental digital sharing. All efforts have seemed like a handful of sand thrown into a typhoon.
For the first time, an EU agency has stood up for the civil right of privacy for EU citizens: someone has said NO to the bureaucrats. The USA National Security Agency has no right whatsoever to the private electronically held details of EU citizens (e.g. medical records, credit card purchases, political affiliation, your electric bill, tax status etc.) UNLESS A CRIME HAS BEEN COMMITTED. And there is proper oversight and applications for such information on those residing in the EU.
Pre-emptive data sharing violates the right to privacy and endangers individuals by making personal information available to the USA government and other authorities WITHOUT accountability. Pre-emptive has become the watch word of our century...wars, surveillance, arrests...it's not a pretty start to the new millenium.
This means, if they make a mistake, tough titty. There is no supervision of this unprecedented access to EU citizen details by a foreign power, the USA. And no recourse. Why more Europeans are not concerned with this is a mystery to me. For those who just don't give a dam, we will all lose our freedoms for the benefit of blissful ignorance. I am delighted by this decision to stay the data-sharing of EU citizens with the USA National Security Agency.
I am not a criminal or a 'terrorist'; and I do not have to prove it! Do you?
transatlantic police plan
not so caring
Friday, 14 November 2008
EUROPE'S DATA chief has told Washington and Brussels to put the brakes on a plan to share police and other government data across the Atlantic. The "unprecedented" US/EU plans are being thrown together so hastily that they risk giving police and government agencies carte blanche to share whatever and as much data as they liked, in disregard of human rights, and even drawing on private sector databases, said Peter Hustinx, the European Data Protection Supervisor (EDPS), in an official report yesterday. "The EDPS calls for more transparency", he said in the report, and "any haste in the elaboration of the principles should be avoided as it would only lead to unsatisfactory solutions".
The proposals, laid out in June by the High Level Contact Group on information sharing and privacy, fall short of the minimum standard of data protection already established in European human rights law. Hustinx called for "more clarity and concrete provisions" because the scope of the plan was vague, it left no room for oversight, did not ensure that data given to US authorities would be treated with adequate care, and gave insufficient recourse for European's to challenge US abuses of their data in a court of law.
This was particularly problematic because police and government data sharing plans were developing too fast: "The request of enforcement authorities of third countries for personal information is constantly widening, and... also extends from traditional government databases to other types of files, in particular files of data collected by the private sector," he said. At least the authorities were discussing data protection, said Hustinx, but they should give it greater credence: "[It] could legitimise massive data transfers in a field - law enforcement - where the impact on individuals is particularly serious, and where strict and reliable safeguards and guarantees are all the more needed".
He called on the High Level Contact Group (HLCG) to carefully define the scope - the limits - of its data sharing plans so that police and government agencies do not use it for data transfers in breach of people's human rights. He wanted any agreement to specify precisely who would be able to share data, what data they would share and for what purposes. The authorities must also come clean about the wider context of the proposals, known as the "global transatlantic security area", which is a US initiative to create a common electronic border system with allies such as the EU, Australia and Canada that could be used for security, immigration control, public health and other unspecified functions.
The fact that the plans were so loosely defined made it possible for them to grow through function creep: "Is it also meant to allow for the exchange of data for other public interests such as possibly public health risks?" asked Hustinx. Hustinx, the official responsible for ensuring that public authorities' data systems do not abuse human rights, said transatlantic data sharing should only be allowed between countries when it is "absolutely necessary for a specific purpose" decided "on a case by case basis". "The EDPS recommends to restrict the purpose to precisely identified data processing, and to justify the policy choices leading to such definition of purpose," he said, adding a plea for a loophole that would allow the "transfer of personal data between private and public parties" to be closed.
The plans would give US police and government authorities such wide remit to access EU data that Hustinx even had to ask whether they would have access to " other databases such as tax databases".
Would spooks get access too, he asked. Were they seeking free access? And, he warned, US demands under the agreement would lead to copy cat demands between EU member states, as it had for airline passenger data. US access to details of the world's financial transactions, held by the EU-based Swift, would be legitimised by the agreement and that might prompt EU authorities to seek such routine access themselves.
To make matters worse, EU law wasn't even prepared for such proposals. " Halt," he said, "and prepare the ground first". He proposed the HLCG wait until the EU Lisbon Treaty came into force, though that is not even certain. But he feared that the plan would be slipped in under a coming law that provided weak protections for data transfers to third countries (data protection in the third pillar legal framework, to be introduced imminently).
Preparing the ground first would give people basic protections from abuse by the state - protections that had not been provided in the proposals. The agreement should be binding on authorities, rather than casual as similar such agreements have been. In particular, the US should be held to account by EU standards of civil rights. Basically, the HLCG had proposed an all-encompassing data protection regime that would provide inadequate protection but would be applied to all transatlantic data transfers, said Hustinx.
The group should rather implement some protections as a minimum standard, and then, taking each instance of official data sharing on a case by case basis, design specific protections for each. The authorities should be held to account for their data sharing, he said. The current proposals would not enforce that as they stood.