TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

Europe Data Protection Digest | Notes from the IAPP Europe Managing Director, May 22, 2015 Related reading: Tim Cook talks Apple's privacy stance, pushback to app-tracking framework



Greetings from Brussels!

Recently there have been a number of articles in the media related to the retention of metadata, which essentially refers to the retention of information concerning Internet and mobile phone usage. This is an important area of privacy development and also highly controversial.

Only recently in Australia, both houses of Parliament voted in favor of legislation that obliges telecommunication companies and Internet service providers (ISPs) to store customers’ metadata—including the time of and participants in phone calls, text messages and emails—for two years.  The Australian government responded to critics by saying that the bill addressed national security without requiring government bulk collection, also citing a rigorous system of checks-and-balance before access to that data is considered.

In Europe, we are also witnessing similar developments in the area of metadata retention legislation; France, the UK and Germany, to mention a few, are all busy with new legal provisions and acts of legislation that will impact upon citizen privacy rights.

France’s lower house of Parliament recently passed a sweeping new surveillance bill that would empower French intelligence to deploy hi-tech tools such as vehicle tracking and mobile phone identification devices against individuals without judicial oversight. Furthermore, the bill allows the government to compel communications companies—including U.S. companies—to mine metadata for potential terrorist communications and report results to the government. In the run-up to his reelection, British Prime-Minister David Cameron stated he would grant authorization to British intelligence services to read all messages sent over the Internet. More on these stores can be read here.

The Germans have also been trying to introduce a metadata retention law for some time now; A first attempt was rejected by their constitutional court in 2010. The German government has now revised the draft law, which will be presented to the German Parliament in the near future.

All of this despite the ECJ ruling in April of 2014 that the EU's data retention directive, which sought to allow for a retention period of at least six months, was "invalid," and “could not be applied in its present form,” citing interference with fundamental rights to privacy. 

It is somewhat fascinating, as well as ironic, that in the post-Snowden era, and after much criticism leveled at the U.S. for its surveillance activities, European governments seem to be extending their surveillance activities. Moreover, what is disconcerting with a number of these developments is the seeming lack of provision for judicial oversight.

The importance of these developments for international business might well be the proposed legal provisions for localization of data records; the Germans, through their revisions, have included this provision, unlike the previous version, which allowed storage centers within the EU.

The questions that spring to mind is what privacy reform truly looks like in modern Europe, and more importantly, are we providing for a system of coherent checks and balances that take into consideration an acceptable levels of protection and freedom for both citizens as well as business?


If you want to comment on this post, you need to login.