[e-privacy] [Fwd: EDRI-gram newsletter - Number 3.3, 9 February 2005]

Marco A. Calamari marcoc1 at dada.it
Wed Feb 9 16:17:07 CET 2005 

Qualcuno ha un po' di fiato per lavorarci ..... ?

Meriterebbe proprio ......


============================================================
                           EDRI-gram
    biweekly newsletter about digital civil rights in Europe
                    Number 3.3, 9 February 2005

...

============================================================
4. Article 29 consultations on RFID and DRM
============================================================

The EU Data Protection Working Party is calling for public comments on two
working documents on emerging technologies. One document explores the
privacy implications of RFID chips, the other document covers digital
management of rights systems (DRM).

The RFID document outlines the potential use of RFID technology in various
sectors and the need to comply with the basic principles set out in the EU
data protection directives whenever personal data are collected using RFID
technology. The paper also provides guidance to manufacturers of the
technology (RFID tags, readers and applications) as well as RFID
standardisation bodies. They have a responsibility to design privacy
compliant technology in order to enable deployers of the technology to
carry out their obligations under the data protection directives.

The document points out that the privacy implications of RFID chips are
not limited to cases where unique serial numbers are linked to an
identity. The Working Party concludes that unwanted individual tracking,
without a link to the identity of the data subject, also falls within the
scope of the data protection Directive. This means that data protection
rules will apply to a very broad spectrum of RFID applications.

"[..] Even if the individual is not immediately and directly identified at
the item information level, he can be identified at an associative level
because of the possibility of identifying him without difficulty via the
large mass of information surrounding him or stored about him.
Furthermore, the data collected from him can influence the way in which
that person is treated or evaluated. This RFID use also carries serious
data protection implications."

The DRM document covers the deployment of on-line services using DRM
systems and the processing of personal data to conduct investigations of
users suspected of copyright infringement.

The Working Party is concerned about the fact that the legitimate use of
technologies to protect works could be detrimental to the protection of
personal data of individuals. As for the application of data protection
principles to the digital management of rights, it notices an increasing
gap between the protection of individuals in the off-line and on-line
world, especially considering the generalised tracing and profiling of
individuals.

"The Working Party seriously questions the use of identifiers for the
purpose of tracing 'a priori' every user, in order to go back to a
specific individual in case of a suspected copyright abuse. The tagging of
a document should not be linked to an individual except if this link is
necessary for the performance of the service or if the individual has been
informed and has consented to it."

The working paper also mentions the link between data retention and
copyright enforcement. "ISPs can neither be obliged, except in specific
cases where there is an injunction of enforcement authorities, to provide
for a general 'a priori' storage of all traffic data related to
copyright."

As far as the investigation powers are concerned, the Working Party urges
that investigations performed by private actors such as copyright holders
must be performed in a clear legal framework, especially as to the
information that can legally be collected.

Interested parties are invited to submit their comments to both documents
before 31 March 2005.

Working document on data protection issues related to RFID technology
(19.01.2005)
http://europa.eu.int/comm/internal_market/privacy/docs/wpdocs/2005/wp105_en.pdf

Working document on data protection issues related to intellectual
property rights (18.01.2005)
http://europa.eu.int/comm/internal_market/privacy/docs/wpdocs/2005/wp104_en.pdf

Data Protection Working Party online consultations
http://europa.eu.int/comm/internal_market/privacy/workingroup/consultations/consultation_en.htm



-- 

"Oggi e' il domani di cui ci dovevamo preoccupare ieri."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: This is a digitally signed message part
URL: <http://lists.winstonsmith.org/pipermail/e-privacy/attachments/20050209/2352f0e2/attachment.pgp>

More information about the E-privacy mailing list