fredag, september 04, 2009

Hustinx om Stockholmsprogrammet

Via Oscar Fredriksson hittade jag ett yttrande om Stockholmsprogrammet av Peter Hustinx, Europeiska datatillsynsmannen. Hustinx målar upp sin bild av utvecklingen.

The society is moving towards what is often called a 'surveillance society' in which every transaction and almost every move of the citizens is likely to create a digital record. ... This leads to an increasingly connected world in which public security organisations may have access to vast amounts of potentially useful information, which can directly affect the life of the persons concerned.
Utbyte av information mellan stater beskrivs som ofrånkomligt.
A better exchange of information is an essential policy goal for the European Union, in the Area of freedom, security and justice. Paragraph 4.1.2 of the Communication emphasises that security in the European Union depends on effective mechanisms for exchanging information between national authorities and other European players. This emphasis on information exchange is logical, in the absence of a European police force, a European criminal justice system and a European border control.
Saknar Hustinx kritik? Jag tycker han drar en lans för en viktig princip, "push" istället för "pull".

According to the EDPS the use for law enforcement of personal data collected for commercial purposes should only be allowed under strict conditions, such as:
• Data are only used for specifically defined purposes such as the fight against terrorism or serious crime, to be determined on a case by case basis.
• Data are transferred through a 'push' rather than a 'pull' system.
• Requests for data should be proportionate, narrowly targeted and in principle based on suspicions on specific persons.
• Routine searches, data mining and profiling should be avoided.
• All use of the data for law enforcement purposes should be logged in order to allow effective control on the use, by the data subject exercising his rights, by data protection authorities and by the judiciary.

Under the 'push'-system the data controller sends the data on request ('pushes') to the law enforcement agency. Under the 'pull'-system the law enforcement agency has access to the database of the controller and extracts ('pulls') information from this data base.

Insamling och utbyte av information inom EU sker redan. Då kan det vara en idé att anamma datatillsynsmannens förslag.

Inga kommentarer: