EU Data Protection: National
- On 30 May, the European Commission asked Belgium to change its data retention laws to comply with the provisions of the European legislation. TheData Retention Directive, adopted in 2006, requires the telecom companies and ISPs to store telecommunications traffic and location data (excluding content of the communications) for law enforcement purposes. Belgium has failed to fully transpose the Directive, particularly with regards to the requirements on data retention period with appropriate data protection and security measures. Should Belgium not comply, the Commission could refer the case to the EU’s Court of Justice.
- A German draft plan calling for data privacy in the EU to be ensured via regulated self-regulation was rejected by the Council of the European Union. The proposal aimed at giving companies incentives to create and adhere to voluntary privacy rules. Nevertheless, the Irish EU Presidency confirmed that the private sector is still called to participate in the development of the EU regulatory framework.
EU Data Protection: Article 29 WP and EDPS
- The Article 29 Working Party (WP), which gathers the heads of European Data Protection Authorities, has published a press release calling for clear limits to profiling, as “profiling constitutes one of the biggest challenges to privacy”. The press release stresses that the current wording of the proposed General Data Protection Regulation should be broadened in order to include the collection and creation of profiles as such.
On 29 May, Peter Hustinx, the European Data Protection Supervisor (EDPS) presented the 2012 Annual report of his office.
- With regards to the responsibilities of ISPs, the Supervisor highlighted that in order to ensure an open Internet and net neutrality, the ISPs should ‘improve transparency of their internet traffic management practices for end users, in particular by providing information about more intrusive forms of processing and on how end users may withdraw consent in cases where it is relied upon as a legal basis for the processing’.
- As for Child safety online, the report underlined the need to strike a balance between the fight against illegal content and the means to achieve it. Measures such as telecommunication networks surveillance should remain within the law enforcement agencies prerogatives, stressed the report.
- In a recent debate in the European Parliament’s Civil Liberties Committee Hustinx also warned that the data protection overhaul could be delayed, due to what he called ‘excessive lobbying.’ The proposed right to be forgotten was highlighted as the main target of lobbyists.
CDT supports greater use of pseudonymous data
- The Centre for Democracy & Technology (CDT) has published a position paper on the use of pseudonymous data. Overall, the paper supports the stance adopted by EU Justice Commissioner Reding.
- In the paper, CDT argued that the proposed Data Protection Regulation should provide companies with incentives to keep data in less identifiable forms. Also, processing of pseudonymous data should be subjected to specific obligations.
- According to CDT, the key to define pseudonymous data should be the ease with which the data can be tied to a real-world identity. The obligation of data breach notification should be based on the same principle, added CDT.
Open Internet/Net neutrality
Commissioner Kroes calls for single telecoms market guaranteeing net neutrality
- In a speech delivered on 30 May in the European Parliament’s Internal Market Committee, EU Digital Agenda Commissioner Kroes called for the MEPS to quickly ensure the citizens right to access an open Internet, by guaranteeing net neutrality.
- This should be achieved by the implementation of a single European telecoms market before the next elections to the European Parliament that will take place in May 2014.
Member States question Commission’s approach to network security
- Ahead of the meeting of the EU Telecoms Council (scheduled for 6 June), a note from the Irish Presidency has shown several Member States’ concerns with regards to the proposal for a Network and Information Security Directive.
- With regards to the Impact assessment, it stresses that several Member States consider that the document does not sufficiently specify why specific sectors (e.g. enablers of information services) have been included. Also, while the implementation costs are deemed high, Commission’s assessment is also said to fall short on describing the potential benefits of this proposal.
- Furthermore, according to the note, the scope of the Directive is not properly defined, considering especially the non-exhaustive list of market operators.
- Some of the Member States want to hold discussion whether EU companies and companies operating in the EU should be required to implement higher standards than companies in other parts of the world,
- Finally, several Member States stressed that the way the proposed Directive will fit with other forthcoming legislation (e.g. Data Protection Regulation) should also be further addressed.
Copyright infringement/Internet governance
France: Internet access to become fundamental right
- In a recent speech, Fleur Pellerin, French Minister in charge of the Digital Agenda, stated that the French government is to reform one of the provisions of the so-called Hadopi framework (controlling the protection of online copyrighted materials and Internet rights) that allows the authorities to deny Internet access to users repeatedly committing infringement.
- The recently published Rapport Lescure also proposed for this provision of the Hadopi to be cancelled, calling for wide implementation of a graduate dissuasion approach.
- Minister Pellerin seems to support this approach, while promoting an Internet users’ code of conduct.
- According to some analysts, Pellerin is preparing the way for the Internet access to be considered as a fundamental right.
EU-US trade negotiations to be launched soon
- According to the latest insights the negotiations on the Transatlantic Trade and Investment Partnership (TTIP) are likely to start on 8 July.
- Negotiations of the chapter on ICT are expected to cause difficulties because of the different data protection standards in the EU and US. The Commission’s draft negotiating mandate, now under discussion in Council, also calls for the partners to address significant intellectual property rights issues.