On Saturday the online Official Journal of the European Union carried the Opinion of the European Data Protection Supervisor (EDPS) on the current negotiations by the European Union of an Anti-Counterfeiting Trade Agreement (ACTA), which you can read in full here. The EDPS isn't interested in intellectual property, counterfeiting or any of the other things that concern the IP community -- but he is highly concerned about anything to do with information. Issues such as transparency and the extent to which personal data can be stored, shared and used are very much on his mind.
The EDPS is charged with looking at all proposed EU law, and commitments which the EU considers making, with a view to commenting on the extent to which it complies with the clearly-stated objectives of European data protection. His review of ACTA was therefore inescapable, however much secrecy the proposed agreement enjoyed in its earlier days.
The EDPS's Opinion is 13 pages in length and concludes as follows:
"81. The EDPS strongly encourages the European Commission to establish a public and transparent dialogue on ACTA, possibly by means of a public consultation ['Possibly'? If the public hasn't been properly informed up to know, consultation may not be so fruitful], which would also help ensuring that the measures to be adopted are compliant with EU privacy and data protection law requirements.So now you know. The IPKat has done a quick search of 'ACTA' and 'EDPS' together as news terms, but this search has thrown up no 'hits'. How strange, observes Merpel, that when three controversial issues -- ACTA, three strikes and data protection -- all come together in one document, the world's main news resources are so coy.
82. In the course of the ongoing negotiations on ACTA, the EDPS calls on the European Commission to strike a right balance between demands for the protection of intellectual property rights and the right to privacy and data protection. The EDPS emphasises that it is particularly crucial that privacy and data protection are taken into account from the very beginning of the negotiations before any measure is agreed upon so as not later on having to find alternative privacy compliant solutions [this emphasises that compliance with privacy issues is non-negotiable, even if the terms of ACTA are].
83. While intellectual property is important to society and must be protected, it should not be placed above individuals’ fundamental rights to privacy, data protection, and other rights such as presumption of innocence, effective judicial protection and freedom of expression [What about the consumers' right to protection against fake medicines, brake-pads etc? That's not an IP issue for them, but it is a question of survival].
84. Insofar as the current draft of ACTA includes or at least indirectly pushes for three strikes Internet disconnection policies, ACTA would profoundly restrict the fundamental rights and freedoms of European citizens, most notably the protection of personal data and privacy [the right to receive information is presumably omitted since it falls outside the remit of the EDPS].
85. The EDPS takes the view that three strikes Internet disconnection policies are not necessary to achieve the purpose of enforcing intellectual property rights. The EDPS is convinced that alternative, less intrusive solutions exist or, at least, that the envisaged policies can be performed in a less intrusive manner or at a more limited scope, notably through the form of targeted ad hoc monitoring [The EDPS is not concerned with efficiency or cost of enforcement. How many tens of millions of people can be ad-hoc monitored before IP rights are unenforceable?].
86. The three strikes Internet disconnection policies are also problematic on a more detailed legal level in particular as the processing of judicial data, notably by private organisations, must be based on an appropriate legal basis. The operation of three strikes schemes may further entail the storage of log files on a longer term, which would be contrary to existing legislation [Isn't longer-term storage permitted where justifiable?].
87. Furthermore, as far as ACTA involves exchanges of personal data between authorities and/or private organisations located in the signatory countries, the EDPS calls on the European Union to implement appropriate safeguards. These safeguards should apply to all data transfers made in the context of ACTA — whether they are in the field of civil, criminal, or digital law enforcement — and should be in accordance with the data protection principles set forth in Convention No 108 and Directive 95/46/EC. The EDPS recommends that such safeguards take the form of binding agreements between EU senders and third country recipients.
88. The EDPS further wishes to be consulted on the measures to be implemented in respect of the data transfers that will take place under ACTA in order to verify their proportionality, and that they guarantee an adequate level of data protection. The EDPS further wishes to be consulted on the measures to be implemented in respect of the data transfers that will take place under ACTA in order to verify their proportionality, and that they guarantee an adequate level of data protection".
The Fact Controller here
The Fat Controller here
The Cat Controller here