Feeds

Police wolves pace round electric EU sheep

European council dilutes data proposals to taste

3 Big data security analytics techniques

European privacy wonks have become alarmed over the degeneration of policy talks on the protection of people who become the subject of police database cross-border pollinations.

If the European Data Protection Supervisor's (EDPS) claim that proposed protections are being watered down in the European Council, this does not bode well for the upcoming transatlantic negotiations on passenger name records (PNR), or early attempts to build an international immigration database to guard between the "developed" and outside world, or other numerous other international faultlines that are opening up between hawks and civil libertarians in the home front of the "war on terror".

On Tuesday, the European Council is due to report the progress of its deliberations over proposals to enforce data protection laws on cross-border police activities. The idea behind the proposals was to force police to think of civil liberties as they make their first tentative database links across borders - the European data protection law drawn up in 1995 couldn't apply to law enforcers because policing wasn't EU business, but the issue has been forced by the current rush to link police databases across the continent.

The Council is far off an agreement because there are a few countries - most notably Britain - that don't want Europe poking its nose in their business. It doesn't matter that the data protection law was European anyway - the British applied EU data protection law over law enforcers as well, even though the European draft wasn't applicable there. So Britain's representation in the Council negotiations is saying, "we don't need your help thanks, we've already got it covered".

But the EDPS is proposing that as police use of data is a special case, it ought to be governed by special protections (Countries like Britain do, after all, have exceptions in their policing of police data that prevent, for example, dangerous people from being alerted that the plods are onto them), and so member states will have to accept further European rules over their law enforcers.

The proposed special-case protections - though barely even considered in the council - include a distinction between different categories of people on police databases, so that they can be treated according to their status. So a convict's history might be shared a little more liberally than that of a suspect on whom there have been pinned only a few unqualified rumours. Similar distinctions should be made between witnesses and victims, said the EDPS.

This is the main sticking point for the negotiators - whether these additional EU protections (should they ever be agreed) should apply from the moment a copper flips open his notebook, or only at the point when the data is piped across the English Channel.

Another complaint of the data protection doves is that the protections are being watered down in the Council because the brief has been given to the policing committee, rather than the data protection committee. "It's like putting the wolf in charge of the sheep," said one lawyer close to the talks.

There's a compelling reason for concern over the handful of states opposing the majority view that there is only an artificial distinction between national and European data protection law for police activities.

If member states don't all impose the same protections on their police data as all the others, said an EDPS opinion on the matter, then protections placed on data being shared could never work.

In this case a state that paid little attention to civil liberties would cause problems for everyone else with its shady treatment of police data - no other state could accept trust its police data enough to use it in any credible operation. Likewise no other state could pass the lax state any data without fear of it being abused, which was why there has been so much fuss about US demands for European passenger (PNR) and financial (SWIFT) data - the US doesn't have mature data protection and no-one trusts them to honour a gentleman's agreement to act like they are all grown up about it.

That's the European view of US data protection law anyway, and there is some truth in it. But the EU position is starting to look a little embarrassing.

Take the interim agreement the EU struck with the US over the PNR data that airlines pipe from European civil databases to US spooks. The US interpretation of the agreement made the EU claims to have made sure the US was going to treat the European data according to haughty European data protection principles sound a little silly.

The EU will look even sillier in January when it aims to open negotiations with the US over a permanent PNR agreement to takeover when the interim bodge expires at the end of July 2007.

How can the Europeans ask the US to adhere to the principle of data protection over shared police data when the Europeans can't even agree amongst themselves? The EU negotiators don't have an answer to that one, but think it might be a problem.®

Combat fraud and increase customer satisfaction

More from The Register

next story
Android engineer: We DIDN'T copy Apple OR follow Samsung's orders
Veep testifies for Samsung during Apple patent trial
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Alphadex fires back at British Gas with overcharging allegation
Brit colo outfit says it paid for 347KVA, has been charged for 1940KVA
Jack the RIPA: Blighty cops ignore law, retain innocents' comms data
Prime minister: Nothing to see here, go about your business
Singapore decides 'three strikes' laws are too intrusive
When even a prurient island nation thinks an idea is dodgy it has problems
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.