Europe's top privacy official the
European Data Protection Supervisor has warned (23-page /
183KB PDF) of serious flaws in a proposal to send European air
passengers' data to US officials.
Peter Hustinx has identified problems with the legitimacy of the
processing to take place, the lack of clarity over whose laws
govern the process, lack of clarity surrounding who can receive the
data and how data can be sent to third countries.
"The necessity of intended measures must be supported by clear
and undeniable elements, and their proportionality must be
demonstrated," said Hustinx. "These two aspects are essential
conditions and they are clearly not fulfilled in this case."
Hustinx has also identified problems with a recent European
agreement to swap DNA information across borders between
participating countries. Hustinx said that data protection
authorities must be given a role in supervising the transfer, and
that the accuracy of the fingerprint information exchanged should
be monitored.
"The long awaited general framework on data protection is not
yet in place and negotiations are leading to a limited scope of
application and minimal harmonization," he said. "In this context,
implementing rules are all the more important in guaranteeing that
data protection is embedded in this large scale exchange: a high
rate of false matches in DNA and fingerprint comparisons would
affect both the rights of the citizens and the efficiency of law
enforcement authorities."
The Supervisor also issued an opinion on the use of radio
frequency identification technology, saying that better laws were
needed to protect consumers affected by its use. He said that
European Community legislation was needed in case the existing
proposed legal framework failed, and said that consumers should
opt-in to the use of the technology rather than have it
automatically used on them.
Competition regulators have ordered Mastercard to drop fees it
charges for cross-border purchases in Europe. The credit card
company said that the decision could push up other card-usage
costs, and that it will appeal the ruling.
Mastercard charges fees to banks accepting its cards and sets a
minimum price merchants must pay. In a statement, the European
Commission said that it called a halt to the fees "because it
inflates the base on which acquiring banks charge prices to
merchants for accepting payment cards, as the MIF accounts for a
large part of the final price businesses pay for accepting
MasterCard's payment cards. This restriction of price competition
harms businesses and their customers".
Competition Commissioner Neelie Kroes said: "Consumers foot the
bill, as they risk paying twice for payment cards: once through
annual fees to their bank and a second time through inflated retail
prices paid not only by card users but also by customers paying
cash. The Commission will accept these fees only where they are
clearly fostering innovation to the benefit of all users."
Mastercard said that it would appeal, and that the ruling could
harm consumers. "[In] Australia, the only other jurisdiction in the
world to regulate interchange fees…consumers have ended up paying
more for credit cards and receiving fewer benefits and less
choice," it said in a statement.
More at the International
Herald Tribune.
Nine NHS trusts in England admitted losing patient records. The
admission revealed the latest in a succession of major data losses
by public bodies in the UK. One lost disc contains the names and
addresses of 160,000 children treated by the City and Hackney
Primary Care Trust, according to the
Sunday Mirror.
The matter will add to pressure on the government to increase
data security in the aftermath of the loss of 25 million people's
data by the HM Revenue and Customs late last year.
A House of Commons committee,
the Justice Committee, released a report claiming that there
was a "widespread problem" in government in relation to the keeping
safe of records and data.
It not only called for greater funding and powers to be given to
the Information Commissioner, but for the creation of new offences
to punish individuals within organisations who have been found to
have recklessly or intentionally disclosed data that should have
been kept private.
While the Government pursues a policy of ever-greater data
sharing in areas from health to security to immigration, the
Committee warned against the indiscriminate sharing of data.
"There is a difficult balance to be struck between the undoubted
advantages of wider exchange of information between Government
Departments and the protection of personal data. The very real
risks associated with greater sharing of personal data between
government departments must be acknowledged in order for adequate
safeguards to be put in place," it said.
The Information Commissioner ruled that the
Department of Health (DoH) broke the Data Protection
Act (2-page / 32KB PDF) when a data security breach
was found on the Medical Training Application Service (MTAS)
website.
Sensitive personal details relating to junior doctors were
accessible to anyone on the site, and information included details
of religious views and sexual orientation.
The ICO investigated the breach, which it learned of in May last
year, and has now told the DoH to encrypt any personal data on its
site which might cause if disclosed. It must also carry out regular
tests of the security of applications under development.
The ICO has forced the DoH to sign a formal undertaking to abide
by the Act, and said that any breach of that undertaking could lead
to prosecution.
A new European Union directive regulating the broadcast industry
has been passed. The Audio-Visual Media Services (AVMS) Directive
replaces the Television Without Frontiers Directive and had
previously faced controversy over the degree to which it applies to
online content.
The new Directive extends the reach of regulation to on-demand
services, though not to user-generated content such as self-made
videos published on sites such as YouTube. The new rules also allow
and regulate product placement in television and control the amount
of advertising allowed in broadcasts.
The new rules will apply fully in 2009. It is discussed more
fully in our story of 30th November,
before the Directive's publication.
See:
The Directive (19-page / 130KB PDF)
