Radio frequency identification applications must respect consumer privacy and data protection standards, the European Commission said Tuesday. It strongly recommended that governments require users of RFID technologies to assess the privacy implications of their applications, including whether they could be used to monitor people, and to take technical and organizational steps to ensure that personal data are kept safe. The nonbinding statement also asked governments to: (1) Help identify applications that might create information-security threats. (2) Ensure that RFID operators publish accurate and easily understood privacy policies. (3) Disclose the presence of RFID readers using the same sign throughout Europe. Retailers using RFID should tell consumers when tags are placed on or embedded in goods and deactivate or remove the tags at no charge during a purchase unless buyers consent to keeping them working, the EC said. The EC wants more research on how “security and privacy by design” can be built into RFID applications, it said. GS1 EPCGlobal, which promotes RFID standards and helps companies adopt the Electronic Product Code standard used in many RFID applications, said the recommendation gives manufacturers and retailers clarity and a framework to begin or expand RFID deployments. Some companies, knowing the EC recommendation was in the works, delayed development of RFID applications, said GS1 CEO Miguel Lopera. GS1 would have preferred more EC encouragement for RFID, but the recommendation recognizes the benefits of the technology and correctly acknowledges it “as a societal good that should be embraced,” he said. The European Consumers’ Organization, which believes that RFID and the Internet of Things aren’t possible without consumer buy-in (WID May 11 p1), said late last month that the recommendation is the first step toward dealing with core consumer concerns about RFID. The organization’s wish list included an EU-wide symbol notifying consumers when RFID is in use, deactivation or removal of tags likely to affect privacy, and privacy assessments of proposed RFID applications, subject to review by data protection authorities. But the organization also said the EC should deal with matters such as RFID’s possible effect on health and the environment, which the EC recommendation doesn’t do.
EU lawmakers Wednesday blocked an overhaul of Europe’s e-communications rules over fears that it could allow Internet-access cutoffs without court orders. By an overwhelming majority, the European Parliament adopted a measure called Amendment 138/46 instead of a compromise text agreed on by government and parliamentary representatives. The action means that the telecom package must go to conciliation, pushing off a final decision until February or later, an Industry Committee spokeswoman said.
EU lawmakers seem ready to approve sweeping changes to European e-communications rules Wednesday despite continuing squabbles over whether the proposal protects users enough from being cut off from the Internet. Political groups and unaligned members in the European Parliament agreed during a plenary debate Tuesday that the package -- which matters including consumer rights, spectrum management and creation of a new regulatory body -- will be good. But some say the compromise text doesn’t do enough to protect freedoms online.
Ending months of intense talks, EU lawmakers and governments agreed on sweeping changes to European e- communications law, said European Parliament negotiators Thursday. The accord covers the regulatory framework, including radio spectrum measures, users’ rights, data privacy and the establishment of a new body to improve cooperation between national telecommunications regulators, they said. Legislative debate on the three reports is set for Tuesday, with a plenary vote Wednesday, they said. Parts of the compromise continue to spark criticism from industry and digital rights groups. An earlier amendment requiring a judicial order for termination of a suspected copyright pirate’s Internet access was changed to allow such actions by “an independent and impartial tribunal established by law,” subject to due process under human rights protections. The draft requires a legal interpretation of human-rights law to establish when termination is inequitable, said Society for Public Spaces CEO Philippe Aigrain (CD April 30 p7). The Business Software Alliance said Thursday that it favors procedures to deal with persistent digital pirates, such as the controversial “three-strikes” approach where suspected infringers are warned and then subject to Internet access shut-off as a last resort. But enforcement “should require a court order from the responsible judicial authorities,” it said. The BSA also opposes an amendment by some EU lawmakers requiring users to be notified before cookies are stored on their computers. If adopted by the full parliament next week, the provision will subject consumers to a “barrage of pop-up windows” to accept cookies, and create a patchwork of cookie policies as each EU member adopts its own version of the telecommunications rules, said Senior EU Policy Director Francisco Mingorance. The amendments could be reintroduced during plenary debate, but it’s unclear how they'll fare given the provisional agreement between the parliament and governments.
EU lawmakers and governments agreed to remove the final roadblock to a revamp of e-communications rules, the European Parliament Industry Committee said Wednesday. Their informal compromise needs the approval of the full Parliament and Council of Ministers, the committee said. The sticking point had been the power of network providers to cut off Internet service without a court order, under the “three-strikes” approach being discussed in France (CD April 1 p4). The compromise includes binding provisions requiring any measures taken regarding users’ access to electronic communications services and applications or use of the them to respect their fundamental rights and freedoms such as the right to privacy, freedom of expression and access to information, as well as the “right to a judgment by an independent and impartial tribunal established by law and acting in respect of due process,” the committee said. It asked the European Commission to study the Internet’s role in exercising fundamental rights, it said. The agreement won support from Council representatives Wednesday. It goes to second-reading vote during parliamentary plenary session Monday to Thursday. The new text isn’t likely to stop France’s controversial “Creation and Internet” law, known as the HADOPI, digital rights activists said. The French measure would create a three-strikes system -- or “graduated response” -- to digital piracy, requiring ISPs to notify and warn suspected infringers and sets up an agency that can order temporary suspension of Internet access as a last resort. The HADOPI won Senate approval but was defeated April 9 in the National Assembly. A revised measure, which leaves the graduated response essentially intact, is in second reading in the Assembly, said Philippe Aigrain, the Society for Public Information Spaces’ CEO.
Service providers would be required to keep extensive telephone and Internet traffic data for law-enforcement agencies under a proposal announced Monday by the U.K. Home Office. The plan for “protecting the public in a changing communications environment” rules out a central database, an idea that scared civil liberties groups, ISPs and others when it emerged several months ago. The proposal comes out a effort toward an “intercept modernization program” aimed at beefing up Britain’s response to terrorism and serious crimes, the Home Office said. Technical changes allow communications companies to offer a wide range of new services such as TV, social networking, music, video messaging and Internet browsing, it said. Some will be offered by providers operating existing networks, others by overseas providers, it said. The changes make it harder for public authorities to gain access to communications data and use them, it said. A centralized database for storing all communications data would be most effective, but the privacy risks outweigh the benefits, the government said. It’s proposing legislation requiring U.K. providers to collect -- and hold as long as 12 months -- not only traffic information they already amass for business purposes but also “additional data” relating to communications services provided from overseas companies, or third-party data. Doing nothing isn’t feasible, the U.K. said. The job of collecting and storing the data would fall to fixed-line, mobile, Wi-Fi and other operators that own the network infrastructure, the government said. Because that wouldn’t deal with the problem of fragmentation, the government also proposed a new law requiring providers to process third-party information and match it with their own business data where it has elements in common. The set-up will include data beyond the scope of the EU data retention directive, it said. All information gathered will be made available on to public authorities, case by case, “subject to the same rigorous safeguards that are now in place,” it said. Initial cost estimates for the system could reach $2.9 billion, the Home Office said. Under the Regulation of Investigatory Powers Act of 2000, it must make arrangements for “reasonable contributions” toward providers’ costs, it said. The Home Office wants comments on whether communications traffic data is needed for security, emergency, intelligence and law enforcement purposes, which alternative to adopt, and whether proposed privacy protections are adequate. The Internet Services Providers’ Association welcomed the absence of a central database for storing traffic data. The group said it expects the government to reimburse ISPs for any extra costs. NO2ID said carrying out the plan would put Home Office “probes” in the data centers of every British ISP that will allow direct skimming of all traffic. The Home Office “would become a clearing-house,” it said. The organization is concerned about deep-packet inspection of traffic data beyond the usual information such as where a call was made, coordinator Phil Booth said. Another question is who will have access to the data, he said. The government recently opened a separate inquiry on changes to the list of public authorities entitled to request interception data under RIPA, and NO2ID believes the law and the intercept modernization program will intersect, he said. The consultation document leaves many questions open, he said. If the government has specific proposals, it should make them public, he said. Comments are due July 20 -- communicationsdataconsultation@homeoffice.gsi.gov.uk.
Europe’s highest court may be poised to reject so-called “regulatory holidays” for telecom providers building new high-speed broadband fiber networks. In a Thursday opinion in a case pitting the European Commission against Germany, European Court of Justice Advocate General Poiares Maduro said provisions exempting “new markets” from regulation and giving special regulatory treatment to promoting investment in infrastructure and innovation violate Community legislation. If upheld by the court, the opinion could strengthen the EC’s hand as it prepares a recommendation on access to next-generation networks and boost the independence of European regulators, officials said.
BRUSSELS -- European emergency services want some of the spectrum freed by digital switchover for new broadband data services, speakers said Monday at a PolicyTracker conference on public sector spectrum. Although Europe’s Terrestrial Trunked Radio system for safety-of-life services is a success, more bandwidth is needed now for applications such as high-definition video, two-way fleet video and other technologies, said Kenneth Carter, who wrote a WIK Consult report last year on public safety services and the digital dividend. A pan-EU high-level proposal for more frequency allocation for mobile broadband will be submitted to governments this year, said Hans Borgonjen, vice chairman of the Tetra Association.
U.K. law on interception of communications jeopardizes user privacy, the European Commission said Tuesday. Citing numerous complaints by Internet users -- and “extensive” discussion with U.K. authorities -- over online behavioral advertising technology “Phorm,” the EC launched the first stage of proceedings aimed at forcing Britain to align its law with EU e-privacy and data protection legislation. Meanwhile, Information Society and Media Commissioner Viviane Reding warned the EC will act whenever countries fail to ensure that new technologies such as behavioral advertising and radio frequency identification (RFID) don’t respect privacy rights.
EU officials Tuesday said they've probably reached agreement on most proposed revamps of European e- communications regulations. But they wouldn’t say what’s still under discussion. “We could agree on all the main issues” after Monday night’s ’trialogue’ among the European Commission, Parliament and Council of Ministers, the information society and media commissioner, Viviane Reding, told reporters. Czech Interior Minister Ivan Langer said he’s optimistic the deal will be clinched, but urged caution.