Statement on the general concept of the European Union towards Data Protection by Aktion Freiheit statt Angst e.v.; EU Register ID 17019643006-45



Similar documents
29 October 2015 Conference of the Independent Data Protection Authorities of the Federation and the Federal States

Civil Rights, Security and Consumer Protection in the EU

LIMITE EN COUNCIL OF THE EUROPEAN UNION. Brussels, 3 February /12 LIMITE JAI 53 USA 2 DATAPROTECT 13 RELEX 76

LIMITE EN. Background

Section 1: Development of the EU s competence in the field of police and judicial cooperation in criminal matters

Minister Shatter presents Presidency priorities in the JHA area to European Parliament

PROTECTION, ASSISTANCE AND SUPPORT OF CHILD VICTIMS

Procedural Safeguards in Criminal Justice: the EU s Roadmap. prof. Raimundas Jurka

Position Paper: Berlin, 31 March Legislative intentions to increase IT Security

Economic Impact of PRISM on Cloud Services & Safe Harbor

2. Europol's cooperation agreements with third countries and international organisations (Art. 31);

BCS, The Chartered Institute for IT Consultation Response to:

Council of the European Union Brussels, 12 September 2014 (OR. en)

COUNCIL OF EUROPE COMMITTEE OF MINISTERS

Mr President, Ladies and Gentlemen Members of the Court, Mr Advocate. Thank you for inviting the European Data Protection Supervisor today.

PUBLIC COUNCIL OF THE EUROPEAN UNION. Brussels, 8 July /05 LIMITE CRIMORG 67 ENFOPOL 88

EUROPEAN DATA PROTECTION SUPERVISOR. Inventory A strategic approach to legislative consultation

COMMISSION OF THE EUROPEAN COMMUNITIES. Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

Opinion of the International Juvenile Justice Observatory

COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS

ARTICLE 29 DATA PROTECTION WORKING PARTY

DER HESSISCHE DATENSCHUTZBEAUFTRAGTE

(Legislative acts) DIRECTIVES

Cyber Crime and Data Retention

Client Update A New Ruling by the French Data Protection Authority: Is the Right to Be Forgotten Crossing the Atlantic to the U.S.?

Global Alliance Against Child Sexual Abuse Online 2014 Reporting Form

Honourable members of the National Parliaments of the EU member states and candidate countries,

CEAS ANALYSIS. of the Law on Amendments of the Law on the Security Intelligence Agency

Privacy & Data Security: The Future of the US-EU Safe Harbor

Privacy Policy & Terms of Use Effective: 12/13/2011. Terms and Conditions. Changes in this Privacy Policy. Internet Privacy & Security

Assise de la Justice Brussels, 21 & 22 November Presentation by Maura McGowan QC Chairman of the Bar Council of England and Wales

Smart Borders and Law Enforcement Access: Legitimacy, Effectiveness, and Proportionality

Version 56 (29/11/2011)

Protocol 36 to the Treaty of Lisbon on transitional provision: the position of the United Kingdom

SCREENING CHAPTER 24 JUSTICE, FREEDOM AND SECURITY AGENDA ITEM 7A: ORGANISED CRIME

Privacy Policy. February, 2015 Page: 1

China s Anti-Spam Works

10227/13 GS/np 1 DG D 2B

Data, Privacy, Cookies and the FTC in Kevin Stark - ExactTarget Maltie Maraj - ExactTarget Nicholas Merker - Ice Miller

White paper. The Essential Guide to the EU Data Law Changes. your technology, expertly marketed

How To Regulate Data Protection In European Union

5. The Model Strategies and Practical Measures are aimed at providing de jure and de

Discussion paper criminal law

COMMISSION OF THE EUROPEAN COMMUNITIES GREEN PAPER

Committee on Migrant Workers General Discussion Day. Workplace exploitation of migrants

Mediation in Juvenile Criminal Cases - The Case of Catalonia Jaime Martín - José Dapena

(COSAC) CONTRIBUTION OF THE XLI COSAC

Migration/ Asylum. Co-operation in the field of drugs

Surveying with CustomerGauge - Legal Considerations:

TITLE III JUSTICE, FREEDOM AND SECURITY

Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

The Council is invited to approve the draft Conclusions on Counter-Terrorism, as set out in the annex.

Ford & Thomas Insurance Agency

Legal English terminology in a national and European context 8-11 December Programme

Minor Interpellation tabled by Bundestag Member Andrej Hunko and others and The Left parliamentary group.

AlixPartners, LLP. General Data Protection Statement

Overview of Employment and Employee Privacy Laws and Key Trends in Austria

J O I N T D E C L A R A T I O N

5957/1/10 REV 1 GS/np 1 DG H 2 B LIMITE EN

San Juan County Abstract & Title Company 111 North Orchard Avenue Farmington, NM (505) FAX (505)

Ordinary Legislative Procedure

Making European Criminal Justice work Assessments and Perspectives one year after the Lisbon Treaty

Eurojust s Multi-annual. Strategic Plan Organisational developments. Centre of expertise. Operational work. Partners

Nugg A.S.A.Nugg A.S.P.E.A A.Nugg A.S.P.P.A.Data Security

Law enforcement in the clouds - challenges

ESOMAR PRACTICAL GUIDE ON COOKIES JULY 2012

We Must Comply with International Requirements! Introducing Biometric ID Cards in France

A clean and open Internet: Public consultation on procedures for notifying and acting on illegal content hosted by online intermediaries

Key-Practitioners' Report of

FACEBOOK STATEMENT RICHARD ALLAN NOVEMBER 11, My name is Richard Allan, and I am the Director of Public Policy

Council of the European Union Brussels, 26 January 2016 (OR. en) Delegations Draft Council conclusions on migrant smuggling

GREEK ACTION PLAN ON ASYLUM AND MIGRATION MANAGEMENT EXECUTIVE SUMMARY

Online Security, Traffic Data and IP Addresses. Review of the Regulatory Framework for Electronic Communications

Work programme

Table of contents. Frame of the cards: identical structure for each country

Data retention current state of UK and EU legislation. Dr. Ian Brown, UCL

SARASOTA COUNTY GOVERNMENT EMPLOYEE MEDICAL BENEFIT PLAN HIPAA PRIVACY POLICY

Privacy Rules for Customer, Supplier and Business Partner Data. Directive 7.08 Protection of Personal Data

The codification of criminal law and current questions of prison matters

Federal Act on Data Protection (FADP) Aim, Scope and Definitions

MEMORANDUM INFORMATION TECHNOLOGY SERVICES DEPARTMENT

HIPAA Employee Training Guide. Revision Date: April 11, 2015

Declaration of Internet Rights Preamble

10128/16 LB/dk 1 DGD 1C

Public consultation on the European Small Claims Procedure

I. Background information

Recommendations to eliminate illegal killing and taking of birds. Legal perspective

Global Information Society Watch 2014

PROGRAMME "PREVENTION OF AND FIGHT AGAINST CRIME" CALL FOR PROPOSALS 2012 RESTRICTED TO FRAMEWORK PARTNERS

Information Sharing and Data Protection in the Area of Freedom, Security and Justice

COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL

Be it enacted by the People of the State of Illinois,

European Privacy Reporter

Council Conclusions on a Concerted Work Strategy and Practical Measures Against Cybercrime

COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL. Rebuilding Trust in EU-US Data Flows

Good practices and tools for use in case management, including by front-line law enforcement authorities responding to trafficking in persons

Adaptive Business Management Systems Privacy Policy

8674/15 MC/pf 1 DGD 1B

Data Protection Policy.

Final (RUSSIA-EU VISA DIALOGUE) GENERAL FRAMEWORK

Transcription:

Berlin, 10. Januar 2011 Aktion Freiheit statt Angst Rochstr. 3 Directorate-General Justice Unit C3 Data protection European Commission B - 1049 Brussels Statement on the general concept of the European Union towards Data Protection by ; EU Register ID 17019643006-45 Ladies and Gentlemen, this will give our opinion on the general concept of the European Union towards Data Protection. About us (action alliance Freedom Not Fear ) is a registered nonprofit organization. For more than two years now we stand up for the enforcement of civil rights and privacy, and fight against surveillance undertaken by public authorities and private companies. During this time we did various campaigns for data protection, published many press statements, gave lectures and organized workshops, sometimes in close collaboration with other European NGOs. For example, in Germany we became active against the introduction of the data retention law by supporting the complaint against this policy filed at the Federal Constitutional Court and by doing further actions. On our web site 1) a report of our recent activities is shown. In the following we want to draw your attention to some points in your concept. To our mind these points need to be carefully considered and treated with special attention. Importance of the EU Directive on Data Protection The EU directive on data protection has already played an important role in the creation of a common minimum European standard of data protection. This will be true for the future. But just as now there will be states in Europe which see from their national characteristics the need for advanced data protection standards. For further time the directive should allow this, and should in no way define an upper limit for data protection in Europe. Inspired by local needs, only then new ideas can be tested and flow into a further European regulation. Seite: 1 / 5

The right to be forgotten on the Internet Strengthening the interests and rights of consumers, we support all measures that create and promote the "right to be forgotten" on the internet. This includes: No transfer or sale of the customer s data Deletion of data after the termination of a business relationship Automatic deletion of personal traffic data (IP addresses, cookies,...) as soon as it is no longer needed for technical purposes No linking of data from different business relationships (see notes on strict earmarking) Investigation of new technological possibilities for "temporary data" (automatic deletion after a specified TTL, access to data only throughout time codes. No silent consent to data storage Unfortunately in the draft submitted by the Commission the Opt-Out process is being propagated. Thus a person is usually not asked in advance whether his data should be stored or not. If the customer does not want the data to be stored he or she must be active on his or her own. At this point change is absolutely necessary. Only an Opt-In process can ensure that personal data is stored only with the actual/real agreement of both parties concerned. In this context we would like to emphasize that special attention needs to be paid to the voluntary nature of an agreement for the storage of a customer s data. As stated in the concept (p. 9), we see major differences in the regulations of the European states and we think that they have to be unified in the direction of a "guarantee for the need of the customer s agreement without any forced compliances and with a complete knowledge of the facts". In any case this rule has to provide sanctions for violations against it. On the other hand, an obligation with respect to inform the customer about the stored data and the purposes the data will be used, should be enforced from the data base owners. Of course the information about the customer s data needs to be for free and easily understood. Strict earmarking The processing of personal data always requires a well-defined purpose. This purpose has to be set before the first recording of the data is done and has to be announced to the persons concerned. Only under these circumstances the person can agree "in knowledge of the facts" (see above). Furthermore the stored data has to be reprocessed for this (!) agreed purpose only. Most important is that it should not be allowed to combine the data with data collected from other purposes. Data Mining Due to our position to strict earmarking, we also think that the use of personal data in data mining processes must be prohibited. As the German Datenschutzbeauftragten von Bund und Ländern (privacy officers of the Federation and German federal countries) have already stated in March 2000, 2) personal data should never be linked with other databases or other data than the one that Seite: 2 / 5

was agreed on by the customer when the data was stored. In a resolution at that time they underlined the following: "According to the fundamental rights of earmarking, personal data can only be processed within the limits of the purposes authorized by law or mutual agreement. The storage of personal data in a general-purpose data warehouse detaches it from its original purpose and means a storage on hoard without earmarking". This especially affects the customer s data within the private sector. However this also counts for the data processed by governmental agencies. On this principle an agreement across Europe has to be reached and this solution should be established within the European data protection law. No differential treatment of police data (europol, eurojust) In Chapter 2.3 you have correctly pointed out that the data protection regulations of the various European States according to the police and judicial cooperation vary widely. In addition, the existing European regulations have so far failed to achieve an improvement of data protection in this area. With the introduction of the Lisbon Treaty there now is a possibility to enforce a common solution. Therefore the following tasks are urgent: The contents of the Framework Decision 2008/977/JHA 3) have to be valid to the data processing within the individual countries, too and not only for the data exchange. The agreed content has to be developed beyond the existing minimum standards. Especially, within the work of the police and judicial authorities the principles of strict earmarking have to be applied (see above). There must be a strict separation between the data of certain groups (offenders, suspects, witnesses, victims). It has to be guaranteed that their data is only used for well defined purposes. Also for the retention of police data time limits for the period of storage should be established. It should be understood that the compliance of the EU privacy policy within the security sector has to be controlled by the EU data protection officer and/or by the different privacy officers of the European countries. In addition, under a European directive on freedom of information it has to be guaranteed that citizens can also get information about the actions of police and security agencies. Narrow-minded exceptions, as occurred in the German Freedom of Information Act must not be repeated at European level. With the introduction of the Lisbon Treaty common European regulations within the security sector are now possible. Therefore we would call to adapt the "sector-specific EU regulations on police and judicial cooperation regarding criminal matters" not(!) "on long term" but as quickly as possible to the new European data protection regulations (p.17). Further Remarks In the following we want to confirm some of your claims/findings from our point of view and hope that they will be found in the new privacy law regulations as well. Seite: 3 / 5

- Cloud Computing We also see a risk in Cloud Computing. The user does not have an overview of who comes into possession of his data, what happens to them and in which countries they might be transferred. It should be controlled whether the work of European providers of such services accompanies with the European Data Protection Directive and especially which data will be processed outside Europe. On the other hand, the dangers of cloud computing should be pointed out to the consumers as well. In this context we welcome the intention of the "co-financing of educational activities about data protection by the EU budget" (p. 9). In many of our practical workshops on data security and privacy on the PC and on the Internet we noticed a widespread lack of technical background knowledge within the population. Thus there is a non-observance of mostly simple ways for more privacy (deleting cookies, installing virus protection and firewalls,...). - Notes on privacy violation It is necessary to require that any private company and any public body shall be obliged to inform the owner of data if they notice a violation of personal data. - IP addresses are identifiable personal data Of course, IP addresses are personal data because together with the provider s database one can trace down the IP address to a direct person at any time. - Genetic data are sensitive data We also believe that genetic data are sensitive data and thus should be carefully treated and especially protected. - Independence of the Data Protection Officer Of course, a data protection officer must act independently. For privacy officers in companies and governmental agencies it must be ensured that they can work independently and without the influence of their employers. For data protection officers working for companies as well as for public agencies it must be guaranteed that they have the means to fulfil necessary inspections to a level he or she considers as necessary. Links 1 ; www.aktion-freiheitstattangst.org/de/aktivitaeten-anews/aktivitaetenliste 2 Resolution of the 59. Conference of Data Protection Supervisor Bund/Länder,March 14./15. 2000; http://www.datenschutz-mv.de/dschutz/beschlue/ent59.html 3 Framework Decision 2008/977/JI of the Council, Nov. 27. 2008 on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters (ABl. L 350 of Dec 30. 2008, p. 60) Seite: 4 / 5

We hope that our contribution to the amendment will help us to improve data privacy and civil rights for all people in the European Union. Best regards Ricardo Cristof Remmert-Fontes, Rainer Hammerschmidt (Members of the board) Seite: 5 / 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information