Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
By Stephen Gardner
Jan. 23 —European Union officials are set to start discussions Jan. 27-30 on potential anti-terrorism measures with implications for privacy.
The debate comes in the wake of the extremist attacks in Paris Jan. 7-9.
The bloc's Migration, Home Affairs and Citizenship Commissioner, Dimitris Avramopoulos, and EU Counter-Terrorism Coordinator Gilles de Kerchove will go to the European Parliament's Committee on Civil Liberties, Justice and Home Affairs (LIBE) Jan. 27 to attempt to drum up support from lawmakers to revive a stalled draft EU directive on sharing airline passenger name records (PNR).
On Jan. 28, the European Commission, the EU's executive, will make a statement to the European Parliament on counterterrorism measures that it intends to propose. The commission is scheduled to publish an EU “internal security strategy” in May.
Then, Jan. 29-30, EU justice ministers will meet in a summit in Riga, Latvia, to discuss measures to combat terrorism and the EU's ongoing data protection reform effort. No decisions on legislation will be finalized at the summit.
The commission's main priority is likely to be the revival of a draft EU PNR directive that was initially published in February 2011.
The PNR directive would create a harmonized system under which airlines departing from or arriving in the EU would have to provide passenger manifest information to a dedicated law enforcement unit established in each of the 28 EU member states.
Under the proposal, EU member state authorities would be able to hold such data, including passenger names, addresses, phone numbers and credit card details, for up to five years.
The LIBE committee rejected the directive in April 2013, saying that it involved disproportionate data collection, overturned the presumption of innocence and would be better adopted after the introduction of harmonized data protection standards through the planned EU data protection regulation.
In June 2013, European Parliament leaders decided to send the proposal back to LIBE, where it has remained stuck without further action.
Commission Vice-President Frans Timmermans said in a Jan. 21 statement that the commission would consult with the European Parliament and “review our proposal to see if we can accommodate” lawmakers' objections.
The LIBE committee Jan. 27 will also debate EU measures to combat money laundering and terrorist financing.
Bryan Cunningham, a partner with Cunningham Levy LLP in Los Angeles and a former legal adviser to former U.S. National Security Advisor Condoleezza Rice, told Bloomberg BNA Jan. 23 that an EU PNR was “long overdue” and should be part of better information sharing between law enforcement agencies to prevent terrorism.
A confidential document drawn up by de Kerkhove for the Jan. 29-30 justice ministers' meeting said that an EU PNR system is “crucial and urgent.” The document, dated Jan. 17, was obtained and published by U.K. privacy advocacy group Statewatch.
But Ralf Bendrath, an adviser to Jan Philipp Albrecht, the German lawmaker in charge of the EU data protection reform in the European Parliament, highlighted the referral by the European Parliament of a draft EU-Canada PNR agreement to the European Court of Justice, the EU's highest court, for an opinion in the light of the April 2014 invalidation of the EU Data Retention Directive (2006/24/EC).
“We should probably wait for that opinion before adopting our own PNR system,” Bendrath said, at the Computers, Privacy & Data Protection conference in Brussels.
Other counterterrorism steps with a potential impact on privacy that the EU may take were outlined in a confidential document drawn up by de Kerkhove for the Jan. 29-30 justice ministers' meeting.
According to the document, EU countries could establish units similar to the U.K.'s Counter Terrorism Internet Referral Unit, which receives public tip-offs about online content that glorifies terrorism and seeks to have it removed.
The units, and Europol, the EU's law enforcement coordination office, could work with social media platforms in “either flagging or facilitating the flagging of content which breaches the platforms' own terms and conditions,” the document said.
Europol's capabilities could be “beefed up to allow for monitoring and analysis of social media communication on the internet,” and the commission should “examine the legal and technical possibilities to remove illegal content” and propose a common harmonized approach to extremist content, the document said.
The annulment of the Data Retention Directive has called into question all retention of telecommunications data for EU national security purposes.
The de Kerkhove document said that the commission should “be invited to present as soon as possible a new legislative proposal for data retention.”
A European Commission representative at a Jan. 8 LIBE meeting said that the commission hadn't decided on its response to the invalidation of the Data Retention Directive.
Gerrit Hornung, a professor of law at Germany's University of Passau, speaking Jan. 23 at the Computers, Privacy & Data Protection conference, said that following the Paris terrorist attacks, “we'll face a new round of surveillance measures,” including possible measures on encrypted communications.
De Kerchove's document added that the European Commission may “explore rules obliging internet and telecommunications companies operating in the EU to provide under certain conditions as set out in the relevant national laws and in full compliance with fundamental rights” the encrypted communications of their customers.
Since the disclosures regarding the scope of surveillance activities by the U.S. National Security Agency made by Edward Snowden, a former employee of a contractor for the NSA, “internet and telecommunications companies have started to use often de-centralized encryption which increasingly makes lawful interception by the relevant national authorities technically difficult or even impossible,” the document said.
U.S. President Barack Obama and U.K. Prime Minister David Cameron have raised the issue of the creation of a back door to allow law enforcement agencies access to encrypted private communications.
Cunningham said plans to give law enforcement agencies access to encrypted communications are “not enforceable” and “just not workable.”
In particular, to protect the privacy of their customers, technology companies aren't retaining encryption keys but are rather placing them on communication devices so that only the customer holds the key, Cunningham said.
In the U.S., Fifth Amendment rights would probably mean that individuals couldn't be compelled to give up their encryption keys, he added.
Post-Snowden customer concern about data being passed to the authorities means that “every big company that's in the business of communication is attempting to honestly increase the privacy of their customers and to demonstrate to their customers that they are fighting the government” to resist mass electronic surveillance, Cunningham said.
Encrypted communications are a “very, very scary problem” for law enforcement agencies that cannot easily be solved, he said.
To contact the reporter on this story: Stephen Gardner in Brussels at firstname.lastname@example.org
To contact the editor responsible for this story: Donald G. Aplin at email@example.com
The Jan. 17 paper prepared by the EU Counter-Terrorism Coordinator for the Jan. 29-30 justice ministers' meeting is available at http://www.statewatch.org/news/2015/jan/eu-council-ct-ds-1035-15.pdf.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to firstname.lastname@example.org.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to email@example.com.
Put me on standing order
Notify me when new releases are available (no standing order will be created)