Thursday, September 13, 2007

Latest EDRI-Gram

The latests EDRI-Gram is available. Some highlights (see original for links):

The European Court of Human Rights could influence the UK DNA database
12 September, 2007 » Privacy | Biometrics

Sir Stephen Sedley has recently proposed the enlargement of the DNA database in UK to cover the entire population and visitors that stay in UK even for a week, under the argument of creating a fairer system and eliminating the ethnical unbalance in the present database. But a case brought by 2 English people to the European Court of Human Rights (ECHR) could change a lot in how the database will operate.

The UK DNA database is one of the largest in the world covering data from everybody having had anything to do with any crime, minor or major, guilty or not. According to Sadley, the database is biased against ethnic minorities. "It means where there is ethnic profiling going on disproportionate numbers of ethnic minorities get onto the database. It also means that a great many people who are walking the streets and whose DNA would show them guilty of crimes, go free."

The proposal met opposition from the Prime Minister who believes that would raise civil liberties concerns but also complicated logistical issues.

Shami Chakrabarti, director of human rights organization Liberty, also said that a database for everybody in the country was "a chilling proposal, ripe for indignity, error and abuse".

The present UK DNA database is already raising issues related to the way people's data are included in it. Shadow home secretary David Davis considers the system is arbitrary and erratic. The highest concern is related to the fact that the data of people proven innocent cannot be removed from the database. And this is exactly what has triggered a case at the ECHR, that could change the whole situation.

The case was brought in front of ECHR by Michael Marper and a teenager, known as S, both arrested in 2001, the former on harassment charges and the latter with attempted robbery. They were both cleared and with no criminal records. In 2002 they required their data to be removed from the Home Office database but the Court of Appeal ruled against it. Among the appeal judges that heard the case was Sir Stephen Sedley that proposed a "universal DNA database" even in that judgment.

Mr Marper and the juvenile argued that keeping their fingerprints and DNA samples was an infringement of their private life rights as per Article 8 of the European Convention on Human Rights. Their concern is related mostly to the possible future misuse of their data.

The situation seems to be now in the hands of ECHR. A ruling by ECHR against the British Government could not only stop Lord Justice's proposal to enlarge the DNA database but also lead to the destruction of the DNA and fingerprint evidence of people that have been found innocent. The case is considered important by the judges in Strasbourg as they have sent the case before the grand chamber, because it raises a serious problem affecting the interpretation of the European Convention on Human Rights.

"This decision by the European Court of Human Rights gives us significant hope that these cases will finally result in a massive change in the law - providing protection for those acquitted of crimes against their fingerprints and DNA samples being kept, putting them on a level footing with those not previously accused of any crimes (...) We think this will be one of the most important human rights challenges the court has grappled with in recent years" stated Peter Mahy, a civil liberties specialist at Sheffield-based Howells who represent Marper and "S".

All UK 'must be on DNA database' (5.09.2007)

Plan to put everyone in DNA database hinges on human rights case (7.09.2007)

Europe to rule on whether police can keep DNA of innocent people (8.09.2007)

EDRI-gram : UK Home Office plans to fingerprint children starting 11 (14.03.2007)

US gains new advantages in the EU-USA PNR agreement
12 September, 2007 » Airline Passenger Data

In some recently published documents, Statewatch revealed that very soon after the EU-USA agreement on PNR (passenger name record) was signed on 28 June 2007, the US government announced some changes in its Privacy Act that give exemptions from responding to request for personal information held to DHS (Department of Homeland Security) and ATS (Automated Targeting System). US Government also sent a written request to the Council of EU to agree on keeping secret all the documents on the negotiations for at least 10 years.

The declared purpose of the above-mentioned exemptions is for "national security, law enforcement, immigration and intelligence activities. These exemptions are needed to protect information relating to DHS investigatory and enforcement activities from disclosure to subjects or others related to these activities (....) Disclosure of information to the subject of an inquiry could also permit the subject to avoid detection or apprehension."

The exemptions are related to the new "Arrival and Departure System" (ADIS) that the USA is to introduce and which is meant to authorise people to travel only after PNR and API (Advance Passenger Information) data has been checked and cleared by US agency watchlists: "ADIS consists of centralized computerized records for and will be used by DHS and its components. .. The information is collected by, on behalf of, in support of, or in cooperation with DHS and its components and may contain personally identifiable information collected by other Federal, state, local, tribal, foreign, or international government agencies."

The Automated Targeting System, that is to be exempted as well, is a system of 6 modules of dealing with Passenger Name Record (PNR) data.

The exemptions seem to be meant to counterbalance "the set backs" for the US government in the EU-US PNR agreement signed in June. In the text of the agreement it is stated that DHS has taken the decision "to extend administrative Privacy Act protections to PNR data stored in the ATS regardless of the nationality or country of residence of the data subject, including data that relates to European citizens. Consistent with U.S. law, DHS also maintains a system accessible by individuals, regardless of their nationality or country of residence, for providing redress to persons seeking information about or correction of PNR."

The exemptions introduced now contradict this statement, as also notice Tony Bunyan, Statewatch editor : "The adoption of these two exemptions will seriously diminish any rights EU citizens have to find out what data is held on them and who it is held by. Did the Council and the Commission, who negotiated the agreement, know the US was planning to introduce them, and if not why not?"

Another measure taken by the US Government related to the agreement signed in June is one regarding the confidentiality of the negotiations that led to signing the act. On 30 July 2007, Mr Paul Rosenzweig, Acting Assistant Secretary for Policy at the US Department for Homeland Security sent a written request to the Council of European Union to agree on keeping secret all the documents on the negotiations for at least 10 years after the entering into force of the agreement.

EU's Article 29 Data Protection Working Party issued on 17 August an opinion on the new EU-USA PNR agreement concluding that it sensibly weakened the safeguards provided by the previous agreement and that "the new agreement leaves open serious questions and shortcomings, and contains too many emergency exceptions."

"Yet again we see the USA telling the EU what to do. In this case how it should operate the EU Regulation on access to documents. How can any request for PNR documents be fairly considered under EU law when it has already agreed to exercise a US veto? Are we going to see documents for all future EU-US agreements kept secret too? US access to PNR data and its further processing is an issue of substantial public interest which directly effects the rights and privacy of EU citizens and therefore all the documentation should be in the public domain for parliaments and people to see and discuss. It is a quite outrageous request and it is even more outrageous that the EU is going to agree to it" commented Tony Bunyan, Statewatch editor.

US changes the privacy rules to exemption access to personal data (4.09.2007)

US demands 10 year ban on access to PNR documents (2.09.2007)

Proposed Rules, Federal Register - DHS, 6 CFR Part 5, Privacy Act of 1974: Implementation of Exemptions (22.08.2007)

Article 29 Data Protection Working Part - Opinion 5/2007 on the follow-up agreement between the European Union and the United States of America on the processing and transfer of passenger name record (PNR) data by air carriers to the United States Department of Homeland Security concluded in July 2007 (17.08.2007)

EDRI-gram: Final agreements between EU and USA on PNR and SWIFT (4.07.2007)

No comments: