EU policy putsch: Data protection handed to the DG for law, order and security
- it is not "relevant" for citizens to know how and what information about them is exchanged
In a little reported decision the full European Commission meeting on 11 February 2005 the policy brief for data protection in the EU was transferred from the Directorate-General on the Internal Market to the Directorate-General on "Freedom, justice and security". There was no public debate and no consultation with national or European parliaments.
The Internal Market DG has been responsible for data protection since the 1980s. In 1990 after pressure from national data protection commissioners, the European Commission produced a series of proposals (COM(90)314). Five years later in 1995 the EU Data Protection Directive came into force. Its scope was limited to the "first pillar" (social and economic affairs) to provide protection to individuals whose data was held and processed by, for example, commercial companies and banks. It did not cover the "third pillar" (policing, law and immigration) and EU member states relied to a greater or lesser extent (as in the UK) on the 1981 Council of Europe Convention. The Council of the European Union (the EU governments) did set up a Working Party on Data Protection in the "third pillar" in 1997 and this met until April 2001 when it was simply abolished.
The "Explanatory memorandum" for the Commission's decision on 11 February 2005 simply says the following in justification:
"In order to strengthen coherence and visibility of the Commission's activities in the field of data protection, Commissioners Frattini and McCreevy propose to transfer that responsibility from DG MARKT to DG JLS. This is also in view of the fact that these activities fall increasingly into both the first as well as the third pillar, and hence into the area of responsibility of DG JLS."
Why would this transfer "strengthen coherence and visibility"? This is simply nonsensical "Brussels-speak". Data protection has always fallen under the "first" and "third" pillars, it is just that the neither the Council or the Commission has bothered to propose a law to protect peoples' right under the latter. What the Commissions "explanation" alludes to - without spelling it out - is the fact that there are a number of measures going through the EU at the moment on "law and order" (under the rubric of the "war on terrorism") which provide no protection whatsoever for the individual. The draft articles in the draft Framework Decisions on exchanging information and intelligence between law enforcement agencies and on the mandatory retention and exchange of telecommunications data simply refer to the secure transfer of the personal data between the agencies. No rights are provided in either for the individual to be told what information is held nor who it has been transferred to (which can include non-EU states). This approach is backed by the so-called "principle of availability", namely that all information and intelligence held nationally by law enforcement agencies in all 25 EU member states should be available to all the other agencies. An unpublished overview report on this "principle" (EU doc no: 7416/05) says that EU citizens want "freedom, security and justice" and that:
"It is not relevant to them [citizens] how the competencies are divided (and information distributed) between the different authorities to achieve that result."
The report ends by suggesting that the end-game is not just for all EU law enforcement agencies to have access to personal data regarding law and order (including DNA and fingerprints data) but that they should also have:
"direct access to the national administrative systems of all Member States (eg: registers on persons, including legal persons, vehicles, firearms, identity documents and drivers licences as well as aviation and maritime registers."
"National administrative systems" no doubt will include personal medical records when these are available on national databases.
Tony Bunyan, Statewatch editor, comments:
"The EU is heading down the road of to a Big Brother society where the law enforcement agencies will have access to masses of personal and intimate data without any data protection worth the name.
To hand this job to the DG that also deals with the principle of availabilty is like putting the wolf in charge of the sheep. While one Directorate in this DG is meant to provide protection for peoples' rights, another one down the corridor will be ensuring that peoples' rights do not get in the way of the "principle of availability. This will lead to be an inevitable, and unacceptable, conflict of interest"
Source: This article first appeared in Statewatch bulletin, March-April 2005 (vol 15 no 2)
Statewatch News online | Join Statewatch news e-mail list | Search Statewatch database
Statewatch does not have a corporate view, nor does it seek to create one, the views expressed are those of the author. Statewatch is not responsible for the content of external websites and inclusion of a link does not constitute an endorsement.