Europe's top privacy official the European Data Protection Supervisor has warned (23-page / 183KB PDF) of serious flaws in a proposal to send European air passengers' data to US officials.
Peter Hustinx has identified problems with the legitimacy of the processing to take place, the lack of clarity over whose laws govern the process, lack of clarity surrounding who can receive the data and how data can be sent to third countries.
"The necessity of intended measures must be supported by clear and undeniable elements, and their proportionality must be demonstrated," said Hustinx. "These two aspects are essential conditions and they are clearly not fulfilled in this case."
Hustinx has also identified problems with a recent European agreement to swap DNA information across borders between participating countries. Hustinx said that data protection authorities must be given a role in supervising the transfer, and that the accuracy of the fingerprint information exchanged should be monitored.
"The long awaited general framework on data protection is not yet in place and negotiations are leading to a limited scope of application and minimal harmonization," he said. "In this context, implementing rules are all the more important in guaranteeing that data protection is embedded in this large scale exchange: a high rate of false matches in DNA and fingerprint comparisons would affect both the rights of the citizens and the efficiency of law enforcement authorities."
The Supervisor also issued an opinion on the use of radio frequency identification technology, saying that better laws were needed to protect consumers affected by its use. He said that European Community legislation was needed in case the existing proposed legal framework failed, and said that consumers should opt-in to the use of the technology rather than have it automatically used on them.
Competition regulators have ordered Mastercard to drop fees it charges for cross-border purchases in Europe. The credit card company said that the decision could push up other card-usage costs, and that it will appeal the ruling.
Mastercard charges fees to banks accepting its cards and sets a minimum price merchants must pay. In a statement, the European Commission said that it called a halt to the fees "because it inflates the base on which acquiring banks charge prices to merchants for accepting payment cards, as the MIF accounts for a large part of the final price businesses pay for accepting MasterCard's payment cards. This restriction of price competition harms businesses and their customers".
Competition Commissioner Neelie Kroes said: "Consumers foot the bill, as they risk paying twice for payment cards: once through annual fees to their bank and a second time through inflated retail prices paid not only by card users but also by customers paying cash. The Commission will accept these fees only where they are clearly fostering innovation to the benefit of all users."
Mastercard said that it would appeal, and that the ruling could harm consumers. "[In] Australia, the only other jurisdiction in the world to regulate interchange fees…consumers have ended up paying more for credit cards and receiving fewer benefits and less choice," it said in a statement.
More at the International Herald Tribune.
Nine NHS trusts in England admitted losing patient records. The admission revealed the latest in a succession of major data losses by public bodies in the UK. One lost disc contains the names and addresses of 160,000 children treated by the City and Hackney Primary Care Trust, according to the Sunday Mirror.
The matter will add to pressure on the government to increase data security in the aftermath of the loss of 25 million people's data by the HM Revenue and Customs late last year.
A House of Commons committee, the Justice Committee, released a report claiming that there was a "widespread problem" in government in relation to the keeping safe of records and data.
It not only called for greater funding and powers to be given to the Information Commissioner, but for the creation of new offences to punish individuals within organisations who have been found to have recklessly or intentionally disclosed data that should have been kept private.
While the Government pursues a policy of ever-greater data sharing in areas from health to security to immigration, the Committee warned against the indiscriminate sharing of data.
"There is a difficult balance to be struck between the undoubted advantages of wider exchange of information between Government Departments and the protection of personal data. The very real risks associated with greater sharing of personal data between government departments must be acknowledged in order for adequate safeguards to be put in place," it said.
The Information Commissioner ruled that the Department of Health (DoH) broke the Data Protection Act (2-page / 32KB PDF) when a data security breach was found on the Medical Training Application Service (MTAS) website.
Sensitive personal details relating to junior doctors were accessible to anyone on the site, and information included details of religious views and sexual orientation.
The ICO investigated the breach, which it learned of in May last year, and has now told the DoH to encrypt any personal data on its site which might cause if disclosed. It must also carry out regular tests of the security of applications under development.
The ICO has forced the DoH to sign a formal undertaking to abide by the Act, and said that any breach of that undertaking could lead to prosecution.
A new European Union directive regulating the broadcast industry has been passed. The Audio-Visual Media Services (AVMS) Directive replaces the Television Without Frontiers Directive and had previously faced controversy over the degree to which it applies to online content.
The new Directive extends the reach of regulation to on-demand services, though not to user-generated content such as self-made videos published on sites such as YouTube. The new rules also allow and regulate product placement in television and control the amount of advertising allowed in broadcasts.
The new rules will apply fully in 2009. It is discussed more fully in our story of 30th November, before the Directive's publication.
See: The Directive (19-page / 130KB PDF)
