Can you remember those intelligence test questions of the form: “X is to Y” as “C is to D?”. Well here’s a new one: “Robespierre’s Committee of Public Safety is to democracy” as the “European Union’s Freedom, Security and Justice Directorate is to privacy”.
Whereas the former willingly silenced dissenting voices by removing heads at Madame Guillotine, the latter is wilfully cutting out any basic data protection requirements when making binding international agreements. Given the considerable democratic deficit in the European Community’s infrastructure and given that Parliaments of Member States of the European Union cannot really challenge these agreements, the situation is absolutely shocking.
Don’t believe me? Well just read what the European Data Protection Supervisor (EDPS) has just said in his March Newsletter.
About the Anti-Counterfeiting Trade Agreement
“The EDPS regrets that he was not consulted by the European Commission on the content of an agreement which raises significant issues as regards individuals' fundamental rights, and in particular their right to privacy and data protection. In this context, he views with concern the fact that little information is publicly made available about current negotiations”.
About the Passenger Name Record (PNR) agreement
“With regard to the US PNR agreement, the EDPS reiterates some concerns, already expressed in his interventions before the Court of Justice and in opinions adopted with the Article 29 Working Party, which are not satisfactorily addressed in the definitive version of the agreement”. He added “In particular, the EDPS stresses that the agreement does not focus on persons presenting a risk, but rather allows for a bulk collection of personal data and risk assessment applied to all individuals”.
About the Terrorist Financing Tracking Programme
“The EDPS considers that not enough evidence has been provided so far to justify the necessity and the proportionality of such a privacy-intrusive agreement, which in many ways overlaps with pre-existing EU and international instruments in this area”. He added: “Some important data protection elements for the Europeans whose data are transferred to the US are not clearly defined in the agreement” and that “it does not satisfactorily and systematically provide all the safeguards required by the EU data protection legal framework, leaving some dangerous lacunae that should be carefully addressed...”.
About data sharing co-operation and taxation
“In his opinion, the EDPS stated that the Commission proposal is a clear example of a lack of data protection awareness since the issue of data protection has almost completely been ignored”. He concluded “As a consequence, the proposal contains several elements which are incompliant with data protection requirements”.
According to his web-site, the EDPS is an independent supervisory authority devoted to protecting personal data and privacy and promoting good practice in the EU institutions and bodies. It does so by "advising on policies and legislation that affect privacy".
Well given the above, you now have some idea as to how well the European Commission heeds his advice. And this is not the first time: over the past few years, the Commission has a track record of systematically ignoring data protection advice that it doesn’t want to hear.
The current EDPS, Peter Hustinx, is well respected in the data protection community. His views are balanced, well thought out and skilfully delivered. If his advice continues to be ignored by the Commission on the scale that it is, then he can’t simply do the job he was employed to do. And Mr Hustinx knows full well that there are limits when employed to do an increasingly pointless non-job (i.e. advising the Commission on data protection).
What the EDPS has also shown is that the Commission, when dealing with international data protection agreements, instinctively acts like a nomenklatura rather than a democratic institution.
References: Newsletter Nr. 23 of 15 March 2010 from http://www.edps.europa.eu/EDPSWEB/edps/site/mySite/Newsletters