Feeds

Police wolves pace round electric EU sheep

European council dilutes data proposals to taste

Application security programs and practises

European privacy wonks have become alarmed over the degeneration of policy talks on the protection of people who become the subject of police database cross-border pollinations.

If the European Data Protection Supervisor's (EDPS) claim that proposed protections are being watered down in the European Council, this does not bode well for the upcoming transatlantic negotiations on passenger name records (PNR), or early attempts to build an international immigration database to guard between the "developed" and outside world, or other numerous other international faultlines that are opening up between hawks and civil libertarians in the home front of the "war on terror".

On Tuesday, the European Council is due to report the progress of its deliberations over proposals to enforce data protection laws on cross-border police activities. The idea behind the proposals was to force police to think of civil liberties as they make their first tentative database links across borders - the European data protection law drawn up in 1995 couldn't apply to law enforcers because policing wasn't EU business, but the issue has been forced by the current rush to link police databases across the continent.

The Council is far off an agreement because there are a few countries - most notably Britain - that don't want Europe poking its nose in their business. It doesn't matter that the data protection law was European anyway - the British applied EU data protection law over law enforcers as well, even though the European draft wasn't applicable there. So Britain's representation in the Council negotiations is saying, "we don't need your help thanks, we've already got it covered".

But the EDPS is proposing that as police use of data is a special case, it ought to be governed by special protections (Countries like Britain do, after all, have exceptions in their policing of police data that prevent, for example, dangerous people from being alerted that the plods are onto them), and so member states will have to accept further European rules over their law enforcers.

The proposed special-case protections - though barely even considered in the council - include a distinction between different categories of people on police databases, so that they can be treated according to their status. So a convict's history might be shared a little more liberally than that of a suspect on whom there have been pinned only a few unqualified rumours. Similar distinctions should be made between witnesses and victims, said the EDPS.

This is the main sticking point for the negotiators - whether these additional EU protections (should they ever be agreed) should apply from the moment a copper flips open his notebook, or only at the point when the data is piped across the English Channel.

Another complaint of the data protection doves is that the protections are being watered down in the Council because the brief has been given to the policing committee, rather than the data protection committee. "It's like putting the wolf in charge of the sheep," said one lawyer close to the talks.

There's a compelling reason for concern over the handful of states opposing the majority view that there is only an artificial distinction between national and European data protection law for police activities.

If member states don't all impose the same protections on their police data as all the others, said an EDPS opinion on the matter, then protections placed on data being shared could never work.

In this case a state that paid little attention to civil liberties would cause problems for everyone else with its shady treatment of police data - no other state could accept trust its police data enough to use it in any credible operation. Likewise no other state could pass the lax state any data without fear of it being abused, which was why there has been so much fuss about US demands for European passenger (PNR) and financial (SWIFT) data - the US doesn't have mature data protection and no-one trusts them to honour a gentleman's agreement to act like they are all grown up about it.

That's the European view of US data protection law anyway, and there is some truth in it. But the EU position is starting to look a little embarrassing.

Take the interim agreement the EU struck with the US over the PNR data that airlines pipe from European civil databases to US spooks. The US interpretation of the agreement made the EU claims to have made sure the US was going to treat the European data according to haughty European data protection principles sound a little silly.

The EU will look even sillier in January when it aims to open negotiations with the US over a permanent PNR agreement to takeover when the interim bodge expires at the end of July 2007.

How can the Europeans ask the US to adhere to the principle of data protection over shared police data when the Europeans can't even agree amongst themselves? The EU negotiators don't have an answer to that one, but think it might be a problem.®

HP ProLiant Gen8: Integrated lifecycle automation

More from The Register

next story
Just TWO climate committee MPs contradict IPCC: The two with SCIENCE degrees
'Greenhouse effect is real, but as for the rest of it ...'
Adam Afriyie MP: Smart meters are NOT so smart
Mega-costly gas 'n' 'leccy totting-up tech not worth it - Tory MP
'Blow it up': Plods pop round for chat with Commonwealth Games tweeter
You'd better not be talking about the council's housing plans
Arrr: Freetard-bothering Digital Economy Act tied up, thrown in the hold
Ministry of Fun confirms: Yes, we're busy doing nothing
ONE EMAIL costs mining company $300 MEEELION
Environmental activist walks free after hoax sent share price over a cliff
Help yourself to anyone's photos FOR FREE, suggests UK.gov
Copyright law reforms will keep m'learned friends busy
Apple smacked with privacy sueball over Location Services
Class action launched on behalf of 100 million iPhone owners
UK government officially adopts Open Document Format
Microsoft insurgency fails, earns snarky remark from UK digital services head
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Securing Web Applications Made Simple and Scalable
Learn how automated security testing can provide a simple and scalable way to protect your web applications.