European Data Protection Day: 10 Facts About Data Protection in 2015

Posted by: raminta 8 years, 12 months ago

(1 comment)

Today is the 10th European Data Protection Day, which marks the adoption of the first international document on the personal data protection. On this occasion Human Rights Monitoring Institute presents the review of the most significant data protection episodes which took place in 2015.

1. US, UK and Russian law enforcement spied on electronic communications illegally

On the 6th of February, UK Investigatory Powers Tribunal adopted a decision stating that the exchange of electronic communications data between the NSA and the GCHQ under the PRISM programme breached human rights law. In addition to that, on the 7th of May, the 2nd U.S. Circuit Court of Appeals concluded that the Patriot Act, which has allowed to collect information relevant to terrorism investigations, did not entitle the “bulk collection” of phone conversation metadata. The Patriot Act expired on the 1st of June and cannot be applicable for new investigations. Following the tendency of such reasoning, the European Court of Human Right on the 4th of December ruled that Russian laws, which oblige mobile network operators to install equipment enabling law enforcement agencies to carry out operational-search activities and permit blanket interception of electronic communications, are disproportionate and violate the right to privacy protection. More information

2. Lithuanian Gaming Control Authority got the right to initiate blocking of websites

On the 21st of May amendments on the Gambling Law were adopted. They have legalised the online gambling and gave the right to the Gaming Control Authority to request the Internet service providers to restrict the access to illegal gambling websites. Similar legal regulation was criticized in Latvia when the Latvian Lotteries and Gambling Supervision Inspection has initiated the blocking of social network Reddit which has been sharing the same IP address with the illegal gambling website www.redbet.com. More information

3. European politicians were seeking to limit the exchange of encrypted information

Terrorist attacks in 2015 inspired European politicians to discuss about how to limit the exchange of encrypted information and how to give an access to it to the law enforcement. On the 22nd of May, the UN Special Rapporteur on freedom of expression, David Kaye, opposed such ideas and gave a significant international importance to the use of encryption technologies. Mr. Kaye has stated that encryption and anonymity ensure the implementation of the right to privacy and the freedom of expression, therefore all restrictions on encryption and anonymity must be strictly limited according to principles of legality, necessity, proportionality and legitimacy in objective. More information

4. European Court of Justice ruled the "Safe Harbor" agreement invalid

On the 6th of October the European Court of Justice in the case brought by Max Schrems against Facebook decided that the US do not ensure a sufficient protection of Europeans' personal data and recognized the "Safe Harbor" agreement, which allowed simplified data transfers from Europe to the US, invalid. In response to this decision the Article 29 Working Party has clarified that the US companies can use Standard Contractual Clauses and Binding Corporate Rules, while the European Commission and the US authorities will be discussing on new data transfer rules until the end of January 2016. In failure of meeting this deadline, the EU data protection authorities will take all necessary and appropriate actions for the investigation of data transfers cases and it may include coordinated enforcement actions. More information

5. It was proposed to register all SIM cards in Lithuania

On the 27th of October Vitalijus Gailius, the member of the Lithuanian Parliament, registered a proposal to oblige mobile network operators to identify and to register all persons buying and using SIM cards. Even it was stated that the registration of all mobile networks consumers will help to investigate crimes faster and more effectively, the author of this draft provision has not considered the risks coming from the excessive personal data collection.

6. France has legalised the mass surveillance

On the 27th of October France adopted a widely criticised law legalising the mass surveillance: law enforcement authorities got a vast access to local and international electronic communications even without the authorisation by a court. More information

7. Belgian institutions ordered Facebook to stop tracking non-users

On the 10th of November Belgian court gave an order to Facebook to stop tracking Internet users who do not have accounts on Facebook in 48 hours. For such tracking Facebook used a "dart cookie" which was activated when unregistered Internet users visited Facebook pages, mainly ads. The Court said that if Facebook ignores this order, the company will have to pay a fine of €250,000 a day. Following this order, in the beginning of December Facebook announced that non-users in Belgium will not be able to access Facebook pages. More information

8. Lithuanian and EU institutions were seeking to collect data on the air passengers

In December the negotiators form the European Parliament (EP) and the Council reached the deal on the draft Directive regulating the use of Passenger Name Record (PNR) data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime. This Directive will oblige airline companies to hand their passengers' data, including travel dates, travel itinerary, ticket information, contact details, baggage information, payment information, etc., to the EU law enforcement authorities. The European Parliament will vote on the Directive early this year. In the meanwhile, in 2012 the European Commission gave one million Euros to Lithuania for the creation of a national PNR system. Lithuanian Government has already drafted the amendments to the law on transport which legalise the duty to airline companies to transfer PNR data to law enforcement authorities. More information

9. EU has decided on cybersecurity rules

On the 7th of December EU institutions agreed on the draft of the EU cybersecurity rules, which strengthen cooperation between EU law enforcement when preventing and investigating cyber-attacks. It also require operators of essential services in the energy, transport, banking and healthcare sectors, and providers of key digital services, to take appropriate security measures and report incidents to the national authorities. Soon this Directive will be finally adopted by the EP and the Council and will be implemented by the Member States in two years. More information

10. Agreement on the Data Protection Reform was reached

On the 15th of December, after three years on intense negotiations, the EP and the Council reached unofficial agreement on the Data Protection Reform setting new rules on the processing of personal data in Europe. This reform consists of the General Data Protection Regulation and the Data Protection Directive for the police and criminal justice sector. The final texts of this package will be formally adopted at the beginning of this year and the new rules will come into force in two years. More information

This article has been prepared and published in cooperation with the Human Rights Monitoring Institute, a Lithuanian NGO defending human rights.

Image courtesy of Owen Moore, Flickr.com

• ← 10 svarbiausių įvykių asmens duomenų apsaugos srityje 2015 metais
• Pokyčiai, kuriuos atneš Europos Sąjungos asmens duomenų apsaugos reforma →