European Commission Wants Collection And Retention Of Passenger Data For Everyone Flying In And Out Of Europe
from the open-breach-of-fundamental-rights dept
Another day, another shameless exploitation of the Charlie Hebdo attacks. We've just reported on an EU call for Internet companies to hand over their crypto keys; now the European Commission is trying to push through a requirement for wide-ranging information about everyone flying in and out of Europe to be collected and stored for years. As reported by the Guardian:The European commission plan to be published on Wednesday would require 42 separate pieces of information on every passenger flying in and out of Europe, including their bank card details, home address and meal preferences such as halal, to be stored on a central database for up to five years for access by the police and security services.The European Commission calls its plan (pdf) a "workable compromise", and goes on to list revisions that it claims address concerns of the European Parliament's Civil Liberties Committee, which rejected the whole idea of blanket retention of "Passenger Name Records" (PNR) back in 2013. Statewatch provides a summary of the main changes:
Changing the scope from "terrorism and serious crime" to "terrorism and serious transnational crime";Whether or not these are enough, the Greens MEP Jan Philipp Albrecht, who is vice-chairman of the European Parliament's Civil Liberties Committee, points out a more fundamental problem with the proposal:
Reference to all the offences covered by the European Arrest Warrant is replaced by "a shorter list of offences that a relevant to transnational travel";
Reducing the retention period of the "full PNR" from 30 days to seven days, and changing the longer "depersonalised" retention period to four years in relation to "serious transnational crime" (it remains five years for terrorism);
"establishing stricter conditions for access to PNR data" including "the appointment of a Data Protection Officer within the national units responsible for the processing of PNR data";
"explicitly spelling out the rights of passengers to have access to their PNR data (retained by the PIU) and to request the modification or erasure of their data";
"The commission plans are an affront to the critics of the European parliament and the European court of justice who have said that data retention without any link to a certain risk or suspicion isn't proportionate.Albrecht is referring to the important judgment handed down by the EU's Court of Justice last year, which ruled blanket data retention was "invalid". The European Commission is acutely aware of this issue, and says right at the start of the leaked document:
"It is an open breach of fundamental rights to blanketly retain all passenger data," he added.
The proposed compromise takes due account of the judgment of the Court of 8 April 2014 on the Data Retention Directive, as far as the judgment appears applicable to PNR.However, it is by no means clear that the current proposal would in fact be regarded as "valid" by the court. Moreover, the Commission's document admits that it is anyway likely to meet resistance in the European Parliament:
In case the Commission would adopt its revised proposal without an accompanying Impact Assessment, the [European Parliament] or in any case some political groups would likely express their criticism, given the important implications derived on PNR from the [EU Court of Justice] ruling on [Data Retention Directive].As that indicates, this move is just part of a larger argument within the European Union about how much surveillance of European citizens is appropriate, how long data about them should be retained and with what data protection safeguards. That, in its turn, feeds into even wider discussions with the US over the Safe Harbor agreement, NSA spying and the inclusion (or not) of a chapter on data flows within TAFTA/TTIP and TISA.
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: data retention, european commission, passenger data, privacy
Reader Comments
Subscribe: RSS
View by: Time | Thread
Going down the list
That would be:
1. None whatsoever that isn't related to an active, targeted investigation that has been authorized by a court-approved targeted warrant or similar order.
2. Only so long as the investigation is ongoing and the data is required, after which all the data collected is purged.
3. Only those directly involved in a given investigation should be allowed to have access to the data collected during the course of that investigation. If another agency desires access to the information, they should be required to go through the same steps they would if they were starting from scratch, and are barred from arguing that just because the other agency has access, they should too.
Any agency found in possession of collected data, and that hasn't gone through the proper steps to gain authorized access to it will have those in charge of the agency, and the 'lower ranked' employees involved, removed from office and sentenced to 1-10 years in prison, depending on the severity of their actions, with a minimum one year sentence. Once their sentence is over, they will be released, though barred from serving running for, or serving in, public office for the rest of their life.
The above seem like fair rules to me, though for agencies used to doing whatever they want, laws and rights be damned, I imagine the above would be seen as insane and ludicrously restrictive. How are they supposed to (fail to) find terrorists if they can't spy on everyone, all the time after all? /s
[ link to this | view in thread ]
However, it seem that the EP is reining in the worst excesses of the EC. IT's going to be interesting in those countries running European elections this year as to how it's going to proceed.
I would recommend that the unelected EC have a power reduction at the moment, as it's currently being corrupted by outside (often corporate) interests.
[ link to this | view in thread ]
What a perfect target
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Going down the list
Still, this is all pretty and cool but this would need to be introduced by the same idiots that support the current system...
[ link to this | view in thread ]
Re: Re: Going down the list
I suppose if it could be conclusively proven that those in charge of an organization were not aware of the existence of 'unauthorized' data on their systems, then a hefty personal fine, loss of position, and being barred from any government in the future, while those that did know would still face the jail time, could make for an acceptable alternative, it's just with wiggle room like that you'd have nothing but 'See no evil, hear no evil' bosses, who intentionally made sure to remain as clueless as possible regarding what their department/organization was doing. This is why I feel they have to face some sort of punishment, even if they 'didn't know', to give them incentive to keep such activity from happening.
As for your second point, while true, if you could only propose ideas that would be acceptable to the current batch of parasites, then pretty much anything other than 'Give the government more power' would be disqualified right off the bat, because anything less would be considered unacceptable to them.
[ link to this | view in thread ]
Children.
Terrorism.
Piracy.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
As long as they store the data in Write Only Memory
[ link to this | view in thread ]
Re: Re: Re: Going down the list
[ link to this | view in thread ]
Re: Re: Re: Re: Going down the list
Now it may seem unfair to hold them accountable for what their subordinates do, even if they aren't aware of it, but if the boss doesn't know what's going on, then either they are intentionally keeping themselves in the dark, or they're incompetent, and in either case, they need to be removed from their position and replaced.
Subordinates will only suffer the penalty if they were involved. General, vague knowledge wouldn't count, they would have to be either directly involved with the action, or have sufficient evidence proven that they knew what was going on to also be subject to the punishment.
[ link to this | view in thread ]
So much cynicism
Have you even considered that maybe they're just trying to make sure they'll have the right food ready for us when we're detained indefinitely?
This is what happens when you try to pay attention to your customers' needs... Geez.
[ link to this | view in thread ]
[ link to this | view in thread ]
Welcome to Europe....
Your papers, please.
[ link to this | view in thread ]
Re: Welcome to Europe....
[ link to this | view in thread ]