Thursday, June 14, 2007

DNA database agreed for police across EU

Via FIPR: DNA database agreed for police across EU

"A battery of police data-sharing and electronic surveillance measures to tackle trans-national crime and immigration issues was agreed yesterday by governments in Europe, 15 of which also gave the green light to a scheme for the world's biggest biometric system.

The system will store and allow sharing of data such as the photographs and fingerprints of up to 70 million non-EU citizens applying for visas to enter Europe,

Interior ministers from all 27 EU countries also agreed on automatic access to genetic information, fingerprints, and car registration details in police databases across the union."

Yet another coming giant information system disaster which will keep academics studying the fall-out for years.

Meanwhile, on a similar theme, Google have been defending their data retention policies.

"In the spirit of transparency, we're publishing our response to the Working Party's letter. The Internet is a global medium, and the principles at stake -- privacy, security, innovation and legal obligations to retain data -- have an impact beyond Europe, and outside of the realm of privacy. These principles sometimes conflict: while shorter retention periods are good for privacy, longer retention periods are needed for security, innovation and compliance reasons. We believe we’ve struck a reasonable balance between these various factors. Our policies are consistent with EU data protection laws, which acknowledge the need to set data retention periods that are proportionate and that enable companies like Google to comply with legal requirements.

We have a legitimate interest in retaining search server logs for a number of reasons:
  • to improve our search algorithms for the benefit of users
  • to defend our systems from malicious access and exploitation attempts
  • to maintain the integrity of our systems by fighting click fraud and web spam
  • to protect our users from threats like spam and phishing
  • to respond to valid legal orders from law enforcement as they investigate and prosecute serious crimes like child exploitation; and
  • to comply with data retention legal obligations.
After considering the Working Party's concerns, we are announcing a new policy: to anonymize our search server logs after 18 months, rather than the previously-established period of 18 to 24 months. We believe that we can still address our legitimate interests in security, innovation and anti-fraud efforts with this shorter period. However, we must point out that future data retention laws may obligate us to raise the retention period to 24 months. We also firmly reject any suggestions that we could meet our legitimate interests in security, innovation and anti-fraud efforts with any retention period shorter than 18 months. We are considering the Working Party's concerns regarding cookie expiration periods, and we are exploring ways to redesign cookies and to reduce their expiration without artificially forcing users to re-enter basic preferences such as language preference. We plan to make an announcement about privacy improvements for our cookies in the coming months.

As we build new products and services, we look forward to continuing our discussion with the Article 29 Working Party and with privacy stakeholders around the world. Our common goal is to improve privacy protections for our users."

Remember, don't be evil.

No comments: