Feeds

Police wolves pace round electric EU sheep

European council dilutes data proposals to taste

High performance access to file storage

European privacy wonks have become alarmed over the degeneration of policy talks on the protection of people who become the subject of police database cross-border pollinations.

If the European Data Protection Supervisor's (EDPS) claim that proposed protections are being watered down in the European Council, this does not bode well for the upcoming transatlantic negotiations on passenger name records (PNR), or early attempts to build an international immigration database to guard between the "developed" and outside world, or other numerous other international faultlines that are opening up between hawks and civil libertarians in the home front of the "war on terror".

On Tuesday, the European Council is due to report the progress of its deliberations over proposals to enforce data protection laws on cross-border police activities. The idea behind the proposals was to force police to think of civil liberties as they make their first tentative database links across borders - the European data protection law drawn up in 1995 couldn't apply to law enforcers because policing wasn't EU business, but the issue has been forced by the current rush to link police databases across the continent.

The Council is far off an agreement because there are a few countries - most notably Britain - that don't want Europe poking its nose in their business. It doesn't matter that the data protection law was European anyway - the British applied EU data protection law over law enforcers as well, even though the European draft wasn't applicable there. So Britain's representation in the Council negotiations is saying, "we don't need your help thanks, we've already got it covered".

But the EDPS is proposing that as police use of data is a special case, it ought to be governed by special protections (Countries like Britain do, after all, have exceptions in their policing of police data that prevent, for example, dangerous people from being alerted that the plods are onto them), and so member states will have to accept further European rules over their law enforcers.

The proposed special-case protections - though barely even considered in the council - include a distinction between different categories of people on police databases, so that they can be treated according to their status. So a convict's history might be shared a little more liberally than that of a suspect on whom there have been pinned only a few unqualified rumours. Similar distinctions should be made between witnesses and victims, said the EDPS.

This is the main sticking point for the negotiators - whether these additional EU protections (should they ever be agreed) should apply from the moment a copper flips open his notebook, or only at the point when the data is piped across the English Channel.

Another complaint of the data protection doves is that the protections are being watered down in the Council because the brief has been given to the policing committee, rather than the data protection committee. "It's like putting the wolf in charge of the sheep," said one lawyer close to the talks.

There's a compelling reason for concern over the handful of states opposing the majority view that there is only an artificial distinction between national and European data protection law for police activities.

If member states don't all impose the same protections on their police data as all the others, said an EDPS opinion on the matter, then protections placed on data being shared could never work.

In this case a state that paid little attention to civil liberties would cause problems for everyone else with its shady treatment of police data - no other state could accept trust its police data enough to use it in any credible operation. Likewise no other state could pass the lax state any data without fear of it being abused, which was why there has been so much fuss about US demands for European passenger (PNR) and financial (SWIFT) data - the US doesn't have mature data protection and no-one trusts them to honour a gentleman's agreement to act like they are all grown up about it.

That's the European view of US data protection law anyway, and there is some truth in it. But the EU position is starting to look a little embarrassing.

Take the interim agreement the EU struck with the US over the PNR data that airlines pipe from European civil databases to US spooks. The US interpretation of the agreement made the EU claims to have made sure the US was going to treat the European data according to haughty European data protection principles sound a little silly.

The EU will look even sillier in January when it aims to open negotiations with the US over a permanent PNR agreement to takeover when the interim bodge expires at the end of July 2007.

How can the Europeans ask the US to adhere to the principle of data protection over shared police data when the Europeans can't even agree amongst themselves? The EU negotiators don't have an answer to that one, but think it might be a problem.®

High performance access to file storage

More from The Register

next story
Android engineer: We DIDN'T copy Apple OR follow Samsung's orders
Veep testifies for Samsung during Apple patent trial
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Big Content goes after Kim Dotcom
Six studios sling sueballs at dead download destination
Alphadex fires back at British Gas with overcharging allegation
Brit colo outfit says it paid for 347KVA, has been charged for 1940KVA
Jack the RIPA: Blighty cops ignore law, retain innocents' comms data
Prime minister: Nothing to see here, go about your business
Singapore decides 'three strikes' laws are too intrusive
When even a prurient island nation thinks an idea is dodgy it has problems
Banks slap Olympus with £160 MEEELLION lawsuit
Scandal hit camera maker just can't shake off its past
France bans managers from contacting workers outside business hours
«Email? Mais non ... il est plus tard que six heures du soir!»
Reprieve for Weev: Court disowns AT&T hacker's conviction
Appeals court strikes down landmark sentence
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.