For the half-year to 31 December 2014, the IPKat's regular team is supplemented by contributions from guest bloggers Rebecca Gulbul, Lucas Michels and Marie-Andrée Weiss.

Regular round-ups of the previous week's blogposts are kindly compiled by Alberto Bellan.

Monday, 23 July 2012

A footnote to ACTA in Europe? The EDPS speaks

The trouble with personal data
is that it doesn't hide when we do ...
On Saturday the online version of the Official Journal of the European Union published an abridged version of the [title begins here ...] Executive summary of the Opinion of the European Data Protection Supervisor on the proposal for a Council decision on the conclusion of the Anti-Counterfeiting Trade Agreement between the European Union and its Member States, Australia, Canada, Japan, the Republic of Korea, the United Mexican States, the Kingdom of Morocco, New Zealand, the Republic of Singapore, the Swiss Confederation and the United States of America [... and ends here]. Note that this is just the Executive Summary. The full text of the Opinion is available in English, French and German, from the EDPS's website here.

The job of the European Data Protection Supervisor (EDPS) is to go through proposed EU legislation and check that it meets the Union's fairly strict requirements for the protection of privacy and personal data (for more on the role of the EDPS click here). The IPKat reproduces extracts of the EDPS's approach to ACTA (omitting references) here:
"7. In February 2010, the EDPS issued an Opinion on his own initiative in order to draw the attention of the Commission on the privacy and data protection aspects that should be considered in the ACTA negotiations. While negotiations were being conducted confidentially, there were indications that ACTA would contain online enforcement measures having an impact on data protection rights, notably the three strikes mechanism.

8. The EDPS at the time focused his analysis on the lawfulness and proportionality of this type of measure and concluded that the introduction in ACTA of a measure that would involve the massive surveillance of Internet users would be contrary to EU fundamental rights and in particular the rights to privacy and data protection, which are protected under Article 8 of the European Convention on Human Rights and Articles 7 and 8 of the Charter of Fundamental Rights of the EU. The EDPS furthermore underlined the safeguards needed for international exchanges of personal data in the context of IP rights' enforcement.

9. Now that the text of the proposed agreement on ACTA has been made public, the EDPS considers it appropriate to issue a second Opinion on ACTA to assess some of the provisions contained in the Agreement from a data protection perspective, and by doing so to provide specific expertise that could be taken into consideration in the ratification process. Acting on his own initiative, the EDPS has therefore adopted the current Opinion ...  in view of providing guidance on the privacy and data protection issues raised by ACTA.

II. Conclusion

67. While the EDPS acknowledges the legitimate concern of ensuring the enforcement of IP rights in an international context, a right balance must be struck between demands for the protection of IP rights and the rights to privacy and data protection.

68. The EDPS emphasizes that the means envisaged for strengthening enforcement of IP rights must not come at the expense of the fundamental rights and freedoms of individuals to privacy, data protection and freedom of expression, and other rights such as presumption of innocence and effective judicial protection.

69. Many of the measures envisaged in the Agreement in the context of enforcement of IP rights in the digital environment would involve the monitoring of users' behaviour and of their electronic communi­cations on the Internet. These measures are highly intrusive to the private sphere of individuals and, if not implemented properly, may therefore interfere with their rights and freedoms to, inter alia, privacy, data protection and the confidentiality of their communications.

The EDPS's logo -- or
psychedelic snail?
70. It should be ensured that any online enforcement measure implemented within the EU as a result of entering into ACTA is necessary and proportionate to the aim of enforcing IP rights. The EDPS underlines that measures that entail the indiscriminate or widespread monitoring of Internet user' behaviour, and/or electronic communications, in relation to trivial, small-scale not for profit infringement would be disproportionate and in breach of Article of the ECHR, Articles 7 and 8 of the Charter of Fundamental Rights, and the Data Protection Directive.

71. The EDPS has furthermore specific concerns in relation to several provisions of the Agreement, in particular:

— the Agreement is unclear about the scope of enforcement measures in the digital environment envisaged in Article 27, and whether they only target large-scale infringements of IP rights. The notion of ‘com­mercial scale’ in Article 23 of the Agreement is not defined with sufficient precision, and acts carried out by private users for a personal and not-for profit purpose are not expressly excluded from the scope of the Agreement,

— the notion of ‘competent authorities’ entrusted with the injunction power under Article 27(4) of the Agreement is too vague and does not provide sufficient certainty that the disclosure of personal data of alleged infringers would only take place under the control of judicial authorities. Furthermore, the conditions to be fulfilled by right holders to be granted such an injunction are also not satisfactory. These uncertainties may have a particular impact in cases of requests from foreign ‘competent au­ thorities’ to EU-based ISPs,

— many of the voluntary enforcement cooperation measures that could be implemented under Article 27(3) of the Agreement would entail a processing of personal by ISPs which goes beyond what is allowed under EU law,

— the Agreement does not contain sufficient limitations and safeguards in respect of the implementation of measures that entail the monitoring of electronic communications networks on a large scale. In particular, it does not lay out safeguards such as the respect of the rights to privacy and data protection, effective judicial protection, due process, and the respect of the principle of the presumption of innocence".
The IPKat finds it curious, given the very real dedication of the United States to the protection of its constitutional rights and freedoms, that the drive to promote ACTA came from that country's organs of governance while its constitutionality was challenged from the outside, as it were, by academics and bodies such as the EFF, and the principal ground of challenge appears to be related to the lawmaking process -- while in the European Union the challenge to ACTA has been more firmly based on its threat to personal freedoms which are being protected, at least in some small measure, by a mechanism which is incorporated into the EU's governance itself.

Merpel notes that the EDPS's Opinion is dated 24 April 2012 and wonders why it takes nearly three whole months to get this summary online on the Official Journal. She'd like to offer her friends in Brussels a paw or two in order to help them get things posted online more swiftly, if that would help ...

1 comment:

Anonymous said...

The EFF wasn't really involved with the technical debate on the dossier.

As regards the EU criticism there are two waves. The first wave is the technical debate, the second the popular movement. They are not necessarily related.

What killed ACTA in the EU is the arrogance of DG Trade and the process, the abuse of Article 207 for international legislation in fields which are not part of the Acquis.

Subscribe to the IPKat's posts by email here

Just pop your email address into the box and click 'Subscribe':