From: [log in to unmask] [mailto:[log in to unmask]]
Sent: 12 March 2004 11:03
To: [log in to unmask]
Subject: EDRi-news Digest, Vol 12, Issue 1


Send EDRi-news mailing list submissions to
        [log in to unmask]

To subscribe or unsubscribe via the World Wide Web, visit
        http://www.edri.org/cgi-bin/mailman/listinfo/edri-news
or, via email, send a message with subject or body 'help' to
        [log in to unmask]

You can reach the person managing the list at
        [log in to unmask]

When replying, please edit your Subject line so it is more specific
than "Re: Contents of EDRi-news digest..."


Today's Topics:

   1. EDRI-gram Newsletter - Number 2.5, 11 March 2004
      (EDRI-gram newsletter)


----------------------------------------------------------------------

Message: 1
Date: Thu, 11 Mar 2004 21:45:12 +0100 (CET)
From: "EDRI-gram newsletter" <[log in to unmask]>
Subject: EDRI-gram Newsletter - Number 2.5, 11 March 2004
To: [log in to unmask]
Message-ID:
        <[log in to unmask]>
Content-Type: text/plain;charset=iso-8859-1


==================================================================

                            EDRI-gram

    bi-weekly newsletter about digital civil rights in Europe

                    Number 2.5, 11 March 2004

==================================================================
CONTENTS
==================================================================

1. EU adopts contested IPR Enforcement Directive
2. German government rejects data retention
3. Austrian court demands control military snooping powers
4. Privacy-penalty for French Scientology critic
5. Proposal EU Parliament to reject PNR transfer
6. Cappato report about privacy adopted
7. New EU-plans to promote broadband access
8. Recommended reading: access to EU documents
9. Agenda
10. About

===================================================
1. EU ADOPTS CONTESTED IPR ENFORCEMENT DIRECTIVE
===================================================

On 9 March the European Parliament finally adopted the Directive on the
Enforcement of Intellectual Property Rights. The Strasbourg Plenary passed
the text, which had previously been agreed behind closed doors by a
handful of MEPs in no less than 11 informal meetings with the Council,
without any amendment. Although majorities were much thinner than the
rapporteur, French Conservative Janelly Fourtou, would have had them -
only 277 MEPs voted down the line for the so-called compromise of the
rapporteur, while 240 wanted to amend it one way or another -, the
Directive is now more than likely to pass in the First Reading procedure,
which is foreseen for uncontroversial reports.

The Directive applies indiscriminately to all infringements of all
intellectual property rights, including patents. A limitation to
infringements committed for commercial purposes or causing significant
harm, which was still present in the Commission's proposal, was deleted.
It was re-introduced only for certain measures, such as the freezing of
bank accounts.

Other draconian measures such as search-and-seize raids carried out by
rightholders like collecting societies, in civil law cases and before the
merits of a case have even be evaluated by a judge, can still be applied
to private small-scale infringers.

The only good new is that the article calling for penal sanctions for
infringements of an intellectual property rights, which was still present
in the Commission proposal and in earlier drafts of the Council Common
Position, has been replaced by a more general formula calling for
'appropriate sanctions' and a recital stating that these 'may include
penal sanctions'.

The EU Council of Ministers is likely to adopt the report in today's
Competitiveness meeting, allowing for it to be published in the Official
Journal of the European Union within a few weeks' time, and to become
effective before the enlargement of the European Union on May 1. Only
Sweden, Luxembourg and Greece had previously opposed the Council Common
Position, which is identical to the text now voted in the European
Parliament; Italy abstained.

There was great pressure to agree on the directive before the accession of
new EU member states. It was widely expected that these countries would
have opposed in particular the measures under Article 7 to 10 of the Draft
Directive, fearing a chilling effect on the legal possibilities for their
companies to produce compatible products and compete with dominant
industries in the old EU.

In the aftermath of the vote, spokespersons of the MEPs backing the
agreement with the Council such as UK Labour EP press officer Adrian
McMenamin, started an offensive aimed at portraying the opponents as
'using scare tactics throughout'. According to McMenamin this lead to
"consistently alienate the vast majority of legislators in the European
Parliament". This claim is clearly proven wrong by the outcome of the vote
in the Parliament. Though the official position of the tree biggest groups
in the Parliament was to oppose these amendments, up to 38 per cent of
MEPs voted for the amendments drafted by EDRI-member FIPR, tabled by the
Italian Radical Marco Cappato.

After publication of the Directive in the Official Journal, the soon-to-be
25 EU member states will have 18 months to implement the Directive into
their national laws.

EDRI/FIPR overview of the debate, including vote report per MEP
http://wiki.ael.be/uploads/IPR_main.html

Statements by McMenamin in The Register (10.03.2004)
http://www.theregister.co.uk/content/35/36143.html

(Contribution by Andreas Dietl, EDRI EU Affairs Director)


===================================================
2. GERMAN GOVERNMENT REJECTS DATA RETENTION
===================================================

On Friday 12 March the German Parliament (Bundestag) will discuss the
proposal for a new Telecommunication Law in second and third reading. The
government coalition (made up of Social Democrats and Greens) has softened
many of the proposed new telecommunication surveillance powers.

There won't be mandatory general data retention and the costs of
handing-over data about customers will be reimbursed on a case-by-case
basis. Also, the idea - introduced in the draft of 15 October 2003 - to
introduce mandatory identification for pre-paid phone-cards is gone. (See
an earlier report in EDRI-gram 21)

Originally the Bundesrat, the council of the federal states, demanded that
service providers should store all data about all the telecom activities
of their users for a period of 6 months, including for example information
about telephone calls, SMS and internet traffic. Both privacy authorities
and the industry protested against these wishes and objections were raised
in parliament.

According to the Social Democrat telecom spokesperson Hubertus Heil, there
will be an appropriate reimbursement for any demand of customer data, not
for the investments in surveillance equipment and infrastructure. Heil
refers to this as 'the Austrian model', in spite of the fact that
providers in that country are in fact reimbursed for infrastructure since
2004, after the Constitutional Court declared the cost-shift from
government to industry unconstitutional.

If parliament accepts the law, the Bundesrat still has to accept. This is
not likely to happen, since it is dominated by Christian Democrats. In
that case a conciliatory procedure will be necessary to create a
compromise.

Rot-Gr|n entschdrft \berwachungsklauseln im TK-Gesetz (09.03.2004)
http://www.heise.de/newsticker/meldung/45342

Overview of the legislative process (in German)
http://www.tkrecht.de/index.php4?direktmodus=novelle-genese

Report by Andreas Neumann in EDRI-gram nr. 21 (05.11.2203)
http://www.edri.org/cgi-bin/index?funktion=view&id=000100000117


===================================================
3. AUSTRIAN COURT DEMANDS CONTROL MIL. SNOOPING POWERS
===================================================

The Austrian Constitutional Court (VfGH) has declared parts of the
military power law (Militaerbefugnisgesetz, MBG) unconstitutional, in a
decision dated 23 January 2004. The case was instigated by Social
Democratic members of the Austrian Parliament. The decision does not
repair all points that critics have raised.

The military law was adopted in the year 2000 and amended in 2002. It was
the first time in Austria that competencies and responsibilities of
military authorities were regulated comprehensively. Before that, relevant
regulations were scattered in the Austrian legislation while some parts
weren't regulated at all.

Part of the law that was declared unconstitutional deals with data
collection by observation, by requests of information and by recording
sounds and images. These snooping activities are permissible for
intelligence purposes, if the data cannot be collected in another way.

The VfGH concluded that these powers are contradictory to the European
convention on human rights and therefore unconstitutional, because this
paragraph includes an invidious regulation that reminds of the famous
Catch-22. The legal protection commissioner (who is necessary according to
the Austrian data protection act) can only be informed about current
investigations if he/she asks for information about them beforehand. But
how should the commissioner ask for info about procedures that he/she
can't know about.

In a recent magazine article Karlheinz Probst, MBG legal protection
commissioner since 2001, says that he has a special agreement with the
minister of defence which grants that he is informed about planned
investigations automatically. But this 'agreement' can certainly not
replace an adequate legal provision.

Austria has three intelligence services, with different responsibilities.
Two of them, the so-called Heeres-Nachrichtenamt (HNaA) and the
Heeres-Abwehramt (HAA), as military services associated with the federal
ministry of defence are affected by the MBG; the 'Staatspolizei' (national
police) belongs to the federal ministry of the interior.

The Austrian Social-Democratic party (69 of 183 seats in Parliament)
raised objections to the MBG as they feared that intelligence services
might observe the Austrians without any control. The military power law
was also criticised by other political parties, by NGO's like Vibe!at and
professional associations like the Austrian Judges Association.

EDRI-member Vibe!at remains critical of the law, especially for allowing
military organs wide powers to demand personal data (name, address, user
numbers) from telecommunication providers. The only condition is that they
consider it a 'substantial condition' for the fulfilment of their tasks.
Thus more comprehensive access rights are granted to the military than to
the police, who can access such data only in case of 'imminent danger'.
The costs for these queries are shifted to the providers.

Verdict Austrian constitutional court (23.01.2004)
http://www.vfgh.gv.at/presse/G363-13-02.pdf

Objections Vibe!at against the law (18.06.2002)
http://www.vibe.at/aktionen/200206/mil_18jun2002.html

(Contribution by Monika Bargmann, librarian, Vibe!At)


===================================================
4. PRIVACY PENALTY FOR FRENCH SCIENTOLOGY CRITIC
===================================================

In France the owner of a website was convicted to pay a penalty of 450
Euro for publishing personal data without first registering with the Data
Protection Authority, the CNIL. On 25 February the appeal-court of Lyon
confirmed the earlier ruling, even though the judges decided to suspend
payment of the penalty.

Remarkably the website-owner, Roger Gonnet, is a former member of
Scientology who denounces the organisation as a cult and mentions names
and other data about members on his website. One of these members
complained. The first court ordered him to pay a penalty of 450 Euro, plus
450 Euro compensation for attorney costs and a symbolical 1 Euro
compensation for general damages. The appeal-court rejected the extra
compensation, because the plaintiff could not prove the damages.

The ruling confirms that omitting to declare processing of personal data
with the DPA is a punishable act (Article 226-16 of the French penal code)
and judges must rule accordingly, even though they have the liberty to
suspend payment under specific circumstances.

The Church of Scientology is notorious for using copyright-claims to
stifle critics. Using privacy-arguments for this same purpose is a new
kind of strategy. In France, Scientology is not acknowledged as a
religion. According to a parliamentary report, they are a dangerous cult.

French Data Protection legislation (dating from 1978, none of the European
Privacy Directives have yet been fully implemented) obliges all owners of
websites to register any processing of personal data before they put
anything online. The CNIL website offers a very detailed website
declaration form.

Website Scientology critic
http://www.antisectes.net/

Analysis of and access to the case (in French, 08.03.2004)
http://www.droit-technologie.org/1_2.asp?actu_id=904

CNIL Website declaration form
http://www.cnil.fr/fileadmin/documents/declarer/teleprocedures/formulaires/f
ormulaire_internet/finternet2.pdf


===================================================
5. PROPOSAL EU PARLIAMENT TO REJECT PNR TRANSFER
===================================================

The European parliament's committee on Citizens' Freedoms and Rights,
Justice and Home Affairs is preparing to vote on a proposal by MEP Johanna
Boogerd-Quaak to reject the draft decision of the EU Commission under
which airline passenger data are transferred to the US Bureau of Customs
and Border Protection.

The proposal calls upon EU Member States to require airlines and travel
agencies to obtain passengers' consent for the transfer of data and asks
the EU commission to withdraw the draft decision which is the current
'legal' basis for the transfer of data.

The proposal calls the draft decision "contradictory, since it fails to
take into account the CAPPS II system (which involves the systematic
assessment of all passengers by means including recourse to private
information services) but at the same time it authorises the use of
personal data for the test stage of the system, despite the withholding of
funding by Congress, which expressed reservations which Parliament can
only share." The proposal also criticizes the Commission's decision
because it goes 'against the principles of proportionality and of data
quality' and "does not grant all passengers the protection which is
afforded to US citizens."

If the proposal is adopted the EU Parliament will consult the European
Court of Justice to examine if an international agreement which does not
provide adequate guarantees regarding the protection of a fundamental
right is soundly based.

Motion for a resolution on the draft Commission decision noting the
adequate level of protection provided for personal data contained in the
Passenger Name Records (PNRs) transferred to the US Bureau of Customs and
Border Protection (17.02.2004)
http://www.europarl.eu.int/meetdocs/committees/libe/20040309/524914en.pdf


===================================================
6. CAPPATO REPORT ABOUT PRIVACY ADOPTED
===================================================

On 9 March the European Parliament adopted a resolution on the
implementation of the Data Protection Directive of 1995 (95/46/EC), based
on an own-initiative report by the Italian radical Marco Cappato. The
report is very critical about the lack of adequate privacy protection in
Europe.

The report centres on data protection within the third pillar (the area of
justice and internal affairs). It urges the Commission to finally create
the promised 'legal instrument' to protect privacy in the third pillar,
especially concerning Europol, Eurojust and all other third-pillar organs.

The parliamentary resolution dedicates very harsh words to the transfer of
PNR-data:
"(...)national and European laws on the transfer of personal data to third
countries have been flagrantly breached by the transfer of transatlantic
passengers' personal data to the US law-enforcement authorities (...) the
attitude of the Commission, the Member States and some privacy protection
authorities - particularly those which under national law have the power
to block data transfers - has been basically to connive at this violation
of the law and of the principle of legality."

When it comes to mandatory data retention for law-enforcement purposes,
the report signals that such laws "are not in full conformity with the
European Convention on Human Rights and the related case law, since they
constitute an interference in the right to privacy, falling short of the
requirements of: being authorised by the judiciary on a case-by-case basis
and for a limited duration, distinguishing between categories of people
that could be subject to surveillance, respecting confidentiality of
protected communications(...)."

To help Member States develop a better policy, Parliament asks the
Commission to produce a document on the legal validity of general data
retention and urges the EU institutions to launch an open and transparent
debate on the basis of this document.

Earlier, Cappato was the rapporteur for the Directive of 2002 on Privacy
and electronic communications. After the possibility of general data
retention was introduced last minute in an amendment on Article 15 of that
directive, Cappato asked to have his name removed from the record as
rapporteur.

The resolution was passed by 439 votes in favour, 39 against and 28
abstentions.

EP Resolution on the first report on the implementation of the data
protection directive 2003/2153(INI)
http://servizi.radicalparty.org/documents/index.php?func=detail&par=3339


===================================================
7. NEW EU PLANS TO PROMOTE BROADBAND ACCESS
===================================================

The European Telecom ministers have welcomed new action plans from the
Commission to promote broadband access in Europe. The Commission calls on
Member States who have not yet put in place a national broadband strategy
to do so without delay, with a focus on delivering broadband in
under-served areas via a variety of platforms. This summer the Commission
is due to report about the progress on the different broadband strategies
to both Council and Parliament.

The European Commission sees information and communication technologies as
key factor for economical growth and improvement of productivity in
Europe. On 3 February 2004, the Commission adopted the Communication
"Connecting Europe at high speed: Recent developments in the sector of
electronic communications". This report sums up a number of actions still
needed to address barriers to further investment:

-Member states must implement the new regulatory framework for electronic
communications (a package of 4 directives) as soon as possible. The
Commission is pursuing the necessary steps to ensure rapid transposition,
which could if necessary lead to states being brought before the European
Court of Justice.

-Member states must bring back the amount of regulation that frustrates
competition, especially when it is protecting former monopolists.

The Commission also calls on member states to encourage the broader
take-up and use of new services and technologies, particularly by the
public sector, in order to stimulate demand and investment.

Finally, the Commission will set up a forum to discuss the problem of the
digital divide, and create 'a new high level group' to work on Digital
Rights Management as a way to promote innovative new services.

RAPID report about the Telecom Council (08.03.2004)
http://europa.eu.int/rapid/start/cgi/guesten.ksh?p_action.gettxt=gt&doc=MEMO
/04/47|0|RAPID&lg=EN&display=

Communication European Commission 'Connecting Europe at high speed: recent
developments in the sector of electronic communications' (03.02.2004)
http://europa.eu.int/information_society/eeurope/2005/doc/highlights/whats_n
ew/sector_com.pdf

===================================================
8. RECOMMENDED READING - ACCESS TO EU DOCUMENTS
===================================================

On 30 January 2004, the European Commission published a report about the
effectiveness of EU legislation on freedom of information. Article 255 of
the treaty establishing the European Community, implemented through
Regulation 1049/2001 of 30 May 2001, grants a right of access to European
Parliament, Council and Commission documents to any Union citizen and to
any natural or legal person residing, or having its registered office, in
a Member State.

Two years after the implementation of the Regulation, it is hard to judge
the effectiveness of the regulation, according to the Commission. The
yearly amount of requests has doubled from 2001 to 2002, and the report
suggests a similarly strong increase in 2003. Still, the total amount of
requests remains low, namely 4.022 in 2002.

In 2002 the Commission declined full access in 27.6 percent of the cases,
mostly based on the exception of protecting its work of inspection,
investigation and auditing. The Council declined full access in 23.6
percent of the cases, mostly based on the much criticised vague exception
of 'public security', i.e. covering external and security policy, defence
and co-operation on justice and home affairs.

So far, only one ruling had been issued by the Court of First Instance and
eleven complaints had been resolved by the Ombudsman. The report refrains
from strong conclusions, but repeatedly laments the workload for the
commission caused by some applications that are 'unfair, repetitive or
clearly unreasonable'.

Report from the Commission COM 2004-45 (30.01.2004)
http://europa.eu.int/eur-lex/en/com/rpt/2004/com2004_0045en01.pdf

DO IT YOURSELF ACCESS TO EUROPEAN DOCUMENTS

Website EU Council documents (very useful)
http://register.consilium.eu.int/utfregister/frames/introfsEN.htm

Website European Commission documents (much less useful)
http://europa.eu.int/comm/secretariat_general/sgc/acc_doc/index_en.htm

Website European Parliament documents (overview of many commmunication
options)
http://www.europarl.eu.int/opengov/default_noscript_en.htm


==================================================================
9. AGENDA
==================================================================

25 March 2004 - Deadline Call for Papers
The European Black Hat conference 2004 will take place in the Krasnapolsky
Hotel in Amsterdam, the Netherlands, from 17 to 20 May 2004. Papers are
invited especially about the European perspective on privacy, anonymity
and DRM.
http://www.blackhat.com/html/bh-europe-04/bh-europe-04-cfp.html

26-27 March 2004, Warsaw, Poland
Pan-European Forum on safer internet-issues, organised by the Media
division of the Council of Europe Human Rights Directorate. Deadline for
funding applications is 20 February 2004.
http://www.safer-internet.net/pconference.asp

15 May 2004 - Deadline Call for Papers
The Data Protection Authorities support a new award for privacy-papers,
named in honour of the US privacy expert Barbara Wellbery (1948-2003). The
award is granted annually by the Morrison & Foerster Foundation. The
winning paper will receive a $3,000 cash award. In addition, the winner is
invited to present his or her paper in Poland at the 26th International
Conference of Data Protection and Privacy Commissioners (14-16 September
2004).
http://www.cbpweb.nl/downloads_overig/med_barbara_wellberry_2.pdf

3-4 June 2004, Vienna, Austria - Free Bitflows conference
Conference and workshops about cultures of access and politics of
dissemination, organised by Public Netbase (AT), in collaboration with
Hull Time Based Arts (Hull, UK); V2_ (Rotterdam, NL); Bootlab (Berlin,
DE); interSpace Media Art Center (Sofia, BG).
http://freebitflows.t0.or.at


==================================================================
10. ABOUT
==================================================================

EDRI-gram is a bi-weekly newsletter about digital rights in Europe.
Currently EDRI has 14 members from 11 European countries. EDRI takes an
active interest in developments in the EU accession countries and wants to
share knowledge and awareness through the EDRI-grams. All contributions,
suggestions for content or agenda-tips are most welcome.

Newsletter editor: Sjoera Nas <[log in to unmask]>

Information about EDRI and its members:
http://www.edri.org/

- EDRI-gram subscription information

subscribe by e-mail
To: [log in to unmask]
Subject: subscribe

You will receive an automated e-mail asking to confirm your request.

unsubscribe by e-mail
To: [log in to unmask]
Subject: unsubscribe

- EDRI-gram in Russian, Ukrainian and Italian

EDRI-gram is also available in Russian, Ukrainian and Italian, a few days
after the English edition. The contents are the same.

Translations are provided by Sergei Smirnov, Human Rights Network, Russia;
Privacy Ukraine and autistici.org, Switzerland

The EDRI-gram in Russian can be read on-line via
http://www.hro.org/editions/edri/

The EDRI-gram in Ukrainian can be read on-line via
http://www.internetrights.org.ua/index.php?page=edri-gram

The EDRI-gram in Italian can be read on-line via
http://www.autistici.org/edrigram/

- Newsletter archive

Back issues are available at:
http://www.edri.org/cgi-bin/index?funktion=edrigram

- Help

Please ask <[log in to unmask]> if you have any problems with subscribing or
unsubscribing.

==================================================================
Publication of this newsletter is made possible by a grant from
the Open Society Institute (OSI).
==================================================================



End of EDRi-news Digest, Vol 12, Issue 1
****************************************

--
This message has been scanned for viruses and dangerous
content by the NorMAN MailScanner Service and is believed
to be clean.

The NorMAN MailScanner Service is operated by Information,
Systems and Services, University of Newcastle upon Tyne.

************************************************************************************
Distributed through Cyber-Society-Live [CSL]: CSL is a moderated discussion
list made up of people who are interested in the interdisciplinary academic
study of Cyber Society in all its manifestations.To join the list please visit:
http://www.jiscmail.ac.uk/lists/cyber-society-live.html
*************************************************************************************