Feeds

Watchdog mauls Euro database of 'pirates'

Who can peek at the naughty list?

Top three mobile application threats

The European Commission must explain in more detail the specifics of the operation of a database it plans to create that will hold personal data on suspected intellectual property (IP) rights infringers, an EU data protection watchdog has said.

The European Data Protection Supervisor (EDPS) said that in order to comply with data protection laws, the Commission must be clearer about who will have access to the data, who will be able to change it and how long it will be stored for.

The EDPS said it wanted to help the Commission create a "data protection compliant" database under proposed new regulations on customs enforcement of intellectual property rights. The EDPS is responsible for ensuring EU bodies comply with data protection laws.

In May, the Commission announced plans to enable IP rights-holders and others to apply for customs action to seize and destroy goods suspected of being fake or unlicensed. The Commission's plans included proposals to establish a centralised database of information relating to customs actions. That information would be shared electronically with individual customs authorities across the EU.

The EDPS said it expected the database to contain sensitive personal data of suspected counterfeiters and pirate copiers and for customs authorities to share that data with rights holders in order to enable them to take legal action. Under EU data protection laws personal data must be "processed fairly and lawfully" and be collected for "specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes". Extra emphasis is placed on the protection of rights around sensitive personal data.

The Commission should amend its proposals to explain the database's "electronic exchange mechanism", the EDPS said.

"The provision ... must identify the purpose of the processing operations and establish which are the compatible uses; identify which entities (customs authorities, Commission) will have access to which data stored in the database and will have the possibility to modify the data; ensure the right of access and information for all the data subjects whose personal data may be stored and exchanged; define and limit the retention period for the personal data to the minimum necessary for the performance of such purpose," the EDPS said in an official opinion (8-page / 49KB PDF).

The EDPS said that the regulations should also define "the entity which will be controlling and managing the database and the entity in charge of ensuring the security of the processing of the data contained in the database" and should also make reference to the possible "interoperability" of the database with other database run by the Commission or other authorities.

Customs authorities and the European Commission should be forced to delete the personal data of individuals suspected of infringing intellectual property (IP) rights from the database after customs action decisions cease to be legally valid, the EDPS said.

"The EDPS would like to stress that the application submitted by the right holder (and in particular, the personal data therein) should not be stored or retained by the national customs authorities and in the ... database beyond the date of expiry of the decision," the EDPS said in its opinion.

"The EDPS therefore suggests inserting a provision in the Proposal which imposes a limit to the retention of personal data linked to the duration of the period of validity of the decisions," the EDPS said. "Any extension of the duration of the retention date should be avoided or, if justified, should fulfil the principles of necessity and proportionality in relation to the purpose, which needs to be clarified."

"Including a provision in the proposal which would be equally applicable throughout the member states and to the Commission would guarantee simplification, legal certainty and effectiveness, as it would avoid conflicting interpretations," the EDPS said.

Assistant European Data Protection Supervisor Giovanni Buttarelli, who signed the EDPS opinion, also said that the proposals should include the rights of suspected infringers to be told which authorities are holding their personal data and why.

Copyright © 2011, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

SANS - Survey on application security programs

More from The Register

next story
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Whoever you vote for, Google gets in
Report uncovers giant octopus squid of lobbying influence
Lavabit loses contempt of court appeal over protecting Snowden, customers
Judges rule complaints about government power are too little, too late
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Banks slap Olympus with £160 MEEELLION lawsuit
Scandal hit camera maker just can't shake off its past
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.