Privacy International

Privacy International

PI urges European Parliament action on internet surveillance

06/03/2009

Privacy International spoke this week at the European Parliament on how Europe must change its role from one of a pusher of surveillance policy to a model on internet freedom.

The session at the European Parliament was organised by Stravros Lambrinides (MEP), following his role as a rapporteur on strengthening security and fundamental freedoms on the Internet (report available off-site). See coverage from the European Parliament (off-site).

The notes from our presentation is available below.

European Parliament Talk on Strengthening Security and Fundamental Freedoms

There's been a strange turn of events. Now that the Bush Administration is gone, the U.S. is no longer perceived as the leader of bad surveillance policy. There are even rumours of a privacy law. This will not last, of course, and bad policies will rise to the top, as they always seem to do. Funnily enough, however, the U.S. appears to be considering a data retention law because, after all, Europe has one.

That is a common line of thought. Repeatedly as we travelled around Asia we felt as though we were following in the path of destruction left by European policy-makers: data retention laws, surveillance laws enabled by Council of Europe cybercrime bill, arguments that this must be done because Europe is doing it. Why is Europe pushing its surveillance laws and completely ignoring the opportunity to push its liberties-protecting laws?

So now, we are faced with a situation where Europe is the bad example to the rest of the world.

Is it your fault? Sometimes it is clearly so. The European Union is funding fingerprinting technology in Africa. The U.S. points to data retention laws in Europe as an example. Kyrgyztan is busy trying to figure out whether to apply Russian-type surveillance policies or European-type surveillance policies... so they've decided to apply both.

Consider Pakistan's proposed Cybercrime law. The Government is pushing it with references to CoE and EU policies, but it is a mess of a policy that will inhibit growth of confidence-generating technologies. It will inhibit universal access as ISPs are required to conduct surveillance and implement surveillance technologies, which will increase their operating costs. Though it claims to follow the Council of Europe model, it requires retention of communications traffic data; though ironically only for 90 days rather than the policy decided by this Parliament of 6 months to two years. On the other hand, this can be changed by ministerial decree; and, disappointingly, 'cyberterrorism' is punishable by death.

The European Union was supposed to be a beacon of regard for human rights. Instead, you are the source and inspiration for bad ideas. The United Kingdom is now operationalising the U.S. NSA spying dream, and it will do as it has always done: it will bring this policy to Europe, and this policy will then be sent around the world. We have to fix this vicious process.

Which is why I am optimistic about this Recommendation. Not just because it is promoting civil liberties, but also because it flags the difficult issues.

  • prohibition on profiling
  • discusses limits of consent and the power-relationships involved
  • at long last the EU is recognising privacy by design
  • acknowledging the emergence of digital identity, which I would hope leads to the protection of the dignity of an identity; but also promotion of means of assuring identity rather than merely promoting the requirement to provide it
  • much needed limiting of the disclosure of personal information, which is essential for confidence in Cloud computing

But I have to ask for some clarity:

  • 'prohibiting the systematic monitoring and surveillance of all users' activities on the Internet'; does this mean that data retention is considered illegal?

The definition of these terms is important. If yes, then this is indeed promising. If not, then the collection of data by government and by companies will continue unimpeded. My great sadness about the changes in the world is that the European Union does not get to enjoy a change of shopkeeper like other national governments do. That is, a new leader replaces an old leader, and hopefully the policy landscape changes. But there is something deep within the EU that seems to push to strengthen the powers of surveillance; when does Europe get to seek a change in the direction of policies regarding the internet? But regardless, this is the most promising opportunity for change we've had for years.

Related:
Overview -- Not Really About Cybercrime
Privacy Commissioners call for restraint on retention of communications data
European Commission announces its plans for data retention
UK Presidency of the EU encounters opposition to retention plans
European Parliament approves communications data retention
PI appeals to Europe's Privacy Commissioners to oppose retention
PI Report on European Commission and Council Proposals on Data Retention
COE Convention on Cybercrime, Treaty No. 185
PI forges coalition to call on European Parliament to reject data retention
PI and EDRi urge restraint in extraordinary European Council meet on retention
COE Chart of Ratifications for Cyber-Crime Treaty (external)

<< Back

Email us at privacyint@privacy.org.
Call on +44 (0)208.123.7933.
Privacy Policy - About PI - Support PI