Sunday, April 12, 2009

European Commission position on anonymisers

European law requires data retention - tracking details of every email you send. But data retention is easily circumvented by using anonymous email services. So will European law eventually prohibit anonymous email as well?

Jens Holm MEP recently put down a question on this issue. Here's the text of his question and the Commission's rather lukewarm response - while anonymisers might not be under threat at European level at the moment, the answer suggests that this might change in the not too distant future:
Anonymity services

The need for reliable systems for giving information anonymously has been highlighted in connection with trials concerning serious criminal cases and financial crime. Large sums can be lost if ordinary members of the public do not dare to contact journalists or the police. The development of electronic anonymity services has come a long way in Sweden. They are used by both private individuals and companies, on both the Internet and intranets, for both private and commercial use.

1. Does the Commission intend to submit a proposal to prohibit such services within certain fields?

2. Does the Commission consider that individual Member States have the right to prohibit such services?

3. Does the Commission consider that the right to electronic anonymity is or should be guaranteed at EU level?

Answer given by Mr Barrot on behalf of the Commission (3.4.2009)

1. The Commission is studying the impact of anonymity services on the ability of law enforcement bodies to provide security to the citizens in the EU. The Commission is currently not planning to submit a proposal prohibiting the use of such services.

2. It is the Member States' responsibility to safeguard their internal security. If the use of these services demonstrably limits their ability to do so, they may consider regulating the use of these services, while respecting the European Convention on Human Rights and other principles and guarantees regarding civil liberties in Europe and their obligations under the Treaties. Any such measures must be duly justified and must be proportionate and limited to what is necessary in a democratic society. Furthermore, given the relevance of whistle blowing systems for law enforcement against certain types of crime, the need to maintain the possibility of conferring information anonymously to the relevant organisations should be taken into account when considering regulation of anonymous communications services.

3. The fundamental right to protection of personal data is enshrined in Article 8 of the EU Charter. Whilst there is no explicit right to electronic anonymity as such under Community law, the Data Protection Directive is to require that personal data must be processed fairly and lawfully, including the data minimisation principle. This principle may be furthered by the use of anonymous data wherever possible. Confidentiality of communications and related traffic data is protected by the Directive on privacy and electronic communications. The data minimisation principle, leading to anonymity, may also be achieved by the use of Privacy Enhancing Technologies (PETs). However Member States may adopt measures to restrict the scope of these principles which are necessary to safeguard important public interests such as national security or law enforcement, including combating terrorism or fighting cybercrime.

No comments:

Post a Comment