International Privacy Day: Top Concerns of Activists and Data Protection Authorities
This January 28 marks International Privacy Day. Different countries around the world are celebrating this day with their own events. This year, we are honoring the day by calling attention to recent international privacy threats and interviewing data protection authorities, government officials, and activists to gain insight into various aspects of privacy rights and related legislation in their own respective countries.
As part of International Privacy Day, the EFF asked data protection authorities, politicians, and activists about privacy related issues and concerns for 2012. In addition to the individuals highlighted in our previous posts, EFF heard back from the Council of Europe, the European Data Protection Supervisor (EDPS), and activists from Canada, France and Spain. In various ways, all of the responses focused on government surveillance or data protection laws. For the Council of Europe and European Data Protection Supervisor, the focus was on data protection agreements, while the activists were mindful of the ever-increasing power of government authorities to surveil their citizens
This year, the Council of Europe will focus on modernizing the 1987 Recommendation on the use of personal data in the police sector. This recommendation created basic principles for collecting, storing, and using citizens' personal data by the police. Sophie Kwasny, Head of the Data Protection Unit at the Council of Europe emphasized the need for updating the 1987 agreement as law enforcement is a massive user of both private and public data.
The EDPS will also play a vital role in government data protection and privacy as it comments on the 2012 European Commission new legislative proposal in the area of police and justice. In a recent press release, the EDPS regretted over the inadequate rules in this area. He expressed concern over the lack of stricter rules for the transfer of personal data outside the EU, the unregulated ability for police to access data stored by private companies, and the lack of power given to data protection authorities’ ability to oversee and control the processing of such personal data. In the coming weeks, the EDPS will release a full opinion on the legislation. Despite the fact that the activists hailed from different countries, the expansive use of government surveillance and corporate data was a shared concern in their answers to a question about the major threats to privacy in 2012. Sophie Kawsny's answers from the Council of Europe described "Internet firms" who are "being asked to hand over personal data" as well as "software silently capturing every little piece of information provided by keystrokes" as major threats to watch for in 2012.
Ms. Kawsny's answer was reflected in Victor Domingo's answer. Mr. Domingo, President of Asociacion de Internautas (AI) Spain, discussed the creation of SITEL, Sistema Integrado de Interceptación de Telecomunicaciones, (Integrated System of Telecommunications Interception), software that intercepts peoples’ traffic data. Over the past few years, Spaniards learned that the program was used by the government to intercept (in real-time) the identity of callers, the place where they call, and other metadata associated with their phone number. La Asociacion de Internautas has widely criticized SITEL, as well as the Spanish government, for the lack of legal safeguards on the protection of these data. The Asociacion de Internautas in Spain has argued that the mere interception of traffic data constitutes the interception of communications because it allows one to know the data of who communicates with whom, the frequency, and for how long.
In France, a rapid increase of the use of police databases continues to be an important issue since 2002. In his interview, French activist and journalist at Owni.fr, Jean Marc Manach discussed the improper use of police databases by the French police. Since 2002, it has been uncovered that 44 out of 80 French police databases had no legal basis. The databases range from criminal charges to biometrics, and includes a database dedicated to suspected criminals. In a 2008 investigation into one of the biggest databases, the French data projection authorities found 83% of the files contained errors. These law enforcement databases are an going issue in France.
While Mr. Manach was concerned about the actual number and reliability of government databases, Michael Vonn, the Policy Director of the BC Civil Liberties Association, the oldest civil liberties group based in Canada, voiced concerns about "intelligence-led policing," which is "increasingly being used to stifle political dissent and target activists." In her response, Ms. Vonn noted the major cases of law enforcement abuse in 2011: the recently revealed years-long extensive surveillance of First Nations people and Aboriginal rights supporters and the largest undercover police operation carried out during the Vancouver Olympics and Toronto G-20 demonstrators.
As storing data gets easier, the government's appetite for storing, using, and analyzing citizen data only increases. In 2012, the Council of Europe and the European Commission will be working on ways to improve directives aimed at local law enforcement. We hope that EU data protection authorities play a vital role in protecting citizen's privacy rights.