Thursday, 22 July 2010

Let's play privacy invaders: EU, ACTA and the Digital Economy Act

When I think of privacy I think of going about my business unhindered and unmonitored by the state.. or anyone else for that matter.  It's a right.. and curiously I expect the law to not only respect that right but also to protect it.  But expectations and reality don't always match up.

This week though these are some positive signs that privacy concerns are starting to be taken more seriously. 

First off, the Electronic Frontier Foundation reports that EU data protection officials have been looking into the EUs Data Retention Directive and how it has been applied in the member states.  Their findings are depressing reading ...
  • Service providers retain and hand over data in ways they shouldn't.
  • data retention often exceeds the maximum allowed under the directive - in some case by as much as eight years!
  • More data is being held than the directive allows - including in some cases message content and not just traffic data.
  • Callers locations are being monitored continuously under a call - contravening the directives provisions
They conclude that
"The provisions of the data retention directive are not respected and the lack of available sensible statistics hinders the assessment of whether the directive has achieved its objectives."

The good news is that it's not until abuses are visible that you can do something about it.  The timing here is also good as the directive is up for review and this can contribute to revision or repeal of the directive which, in my view, inherently is a gross violation of people's privacy.

Meanwhile, the same Article 29 committee has also raised concerns about the privacy implications of the ACTA agreement (see Michael Geist for excellent coverage on ACTA). 

"WP29 emphasizes that any form of large scale monitoring or systematic recording of data of EU citizens would be contrary to the provisions of Directive 95/46/EC since that would affect millions of individuals, regardless of whether or not they are under any suspicion."

After a critical look at other provisions - including making service providers hand over personal data to copyright holders they conclude:

"Copyright infringement needs to be dealt with on a global scale and requires international cooperation. However the way things stand now, several of the proposed measures are in the end bound to interfere with the private life of many citizens.
In the EU, any such interference is subject to EU fundamental rights and must be proportional. Given the aspects of ACTA currently under negotiation and outlined above, the WP29 remains to be convinced that this will be the case."

The third piece of good news is really a consequence of the above... or at least a supporting document from the European Data Protection Supervisor (EDPS) giving a full analysis of objections to the three strikes principle.  The Open Rights Group highlight that this expert opinion should have implications for the UK governments Digital Economy Act - at least the parts dealing with combating copyright infringement .

In the words of the EDPS:

"...the monitoring of Internet user's behaviour and further collection of their IP addresses amounts to an interference with their rights to respect for their private life and their correspondence; in other words, there is an interference with their right to private life. This view is in line with the case law of the European Court of Human Rights. "

The bottom line seems to be that letting copyright holders loose as private police with powers to request private details on anyone they choose is likely to end up the wrong side of EU rights legislation....  which would be a welcome victory for our collective privacy.

Piratpartiet and The Pirate Party -  Putting privacy first.

1 comment:

Affordable Dissertation said...

Some lines is confusing to me in this article, on the whole it is great article for me and may be everyone also,