Personal data protection in the Czech Republic – nothing to celebrate

21. 2. 2009 | 19:36
Press release on the European Data Protection Day
 
Iuridicum Remedium, o.s., Prague, January 27, 2009
 
For the third time the Council of Europe has proclaimed January 28 theEuropean Data Protection Day. Iuridicum Remedium (IuRe) on this occasion reminds that the safety of Czech citizens´ personal data is still seriously endangered. Some of the most pressing issues are listed below:
 
RFID based Opencard (or Praguer´s Universal Card) is now being promoted as an electronic travel card for public transport. However, the contactless chip card formerly used for parking payment and as a library ID is not secure. The contactless chip can be read remotely and the data stored on it can be linked with the central database containing personal data. The system thus allows for the movement tracking, especially at the electronic gates which are going to be introduced in Prague metro.
In relation with the Opencard´s drawbacks, IuRe initiated a petition at the beginning of September 2008, which demands the deletion of both Opencard holder data and usage data from the central database after the card´s expiration and an observance of database administrator´s duty to allow user´s data deletion upon request. „We also demand an implementation of an anonymous Opencard at the same price as an ordinary Opencard,“ reports Filip Pospíšil from IuRe. The petition has been already signed by almost 700 people.
The Municipal authorities of capital Prague began to sale anonymous cards on the 17th December 2008. However, there is an extra a 8 EUR charge and since only transferable season transport tickets can be purchased with such card, the price for the annual travel becomes significantly higher . The Praguers effectively have to pay extra for their privacy protection and IuRe will stand out for an implementation of non-discriminatory anonymous card, i.e. the card allowing to use the service at the same price without unnecessary disclosure of personal data. Municipal-Council of the city of Prague has received a Big Brother Award 2008 for the Opencard project in „Worst Public Agency Privacy Intruder“ category.
 
Visa Waiver
The term Visa Waiver refers to a set of agreements related to the abolition of visa requirement for Czech citizens traveling to the USA. These agreements allow the American authorities access to personal data of the Czech citizens in Czech state authorities´ databases, including biometric data. The access is given as a compensation for the abolition of visa requirements, but in fact the paper visa have been merely replaced by the virtual visa - a system of detailed electronic questionnaires based on which the applicant can still be refused entry to the USA.
 
In the case of the Czech Republic the agreements where not negotiated properly with Czech Data Protection Agency and their comments were not respected,“ points out Filip Pospíšil from IuRe.
The complementary Agreement on strengthening the cooperation on prevention and fight against the serious crime was approved by the government on the 4th December 2008, however, the Government disregarded the comments of the Czech Data Protection Agency and other state authorities. At the beginning of 2009, IuRe urged the MEPs and senators to not approve the proposed agreement.
IuRe has made an attempt to find out the scale of personal data which had been promised by the Czech authorities to be handed over to the American authorities, as well as the conditions of the data protection. The official request for information has been submitted to the Ministry of Internal Affairs by the end of 2008. „The request was concerning another visa waiver related memorandum on establishing of the Combating Terorism Center and the Electronic System of Travelling Registration (ESTA),“ specifies Filip Pospíšil from IuRe. However, the memorandum is classified as secret and thus neither IuRe nor any other ordinary citizens know which of their personal data is being handed over.
 
Privacy and bank sector
The new Police Law was negotiated and approved in 2008. IuRe together with the bank sector and the Czech Bank Association have been criticizing the new power of the Czech Police to request data about the location and time of electronic card payments from banks, and particularly, the ability to access banks information systems. „We have been submitting comments during the negotiation of this law, but while some others have been accepted, our objection against this competence was not“ reports Helena Svatošová, a lawyer from IuRe.
According to IuRe, the government document named The enhancement of the communication system between financial institutions and state authorities from the fall of 2008 introduces the intention to create a central evidence of financial institutions´ clients and their operations. The evidence would then be available to an unspecified range of public administration authorities. „In our opinion, it`s very disturbing that despite the list of related agencies being rather long, there is no mention of the involvement of the Data Protection Office.“ interprets Helena Svatošová from IuRe who plans to keep an eye on this issue in the future. IuRe has notified both Czech Data Protection Office and Bank Association´s about the issue and asked them for their opinion.
 
Data retention
EU directive 2006/24/EC on the retention of data generated or processed in connection with the provision of publicly available electronic communications services has been implemented into the national legislation since the beginning of 2006. In November 2007 Minister of Industry and Trade Martin Říman proposed an amendment which would allow the secret service and the military intelligence a direct access to those data. Although he has abandoned the idea under the pressure from the media and politicians, intelligence services gained access through the „backdoor“ in the new Police Law.
There is a legal proceeding going on against the directive at the European Court of Justice submitted by Ireland (suported by Slovakia) as well as at both Hungarian and German constitutional courts. IuRe has been also preparing the trial of the „data retention“ provision of a law in respect of constitutionality and compliance with human-right obligations of the Czech Republic; the plan is to approach lawmakers with the proposal for an annulment of the part of a law, and gather enough support necessary to submit the proposal to the Czech Constitutional Court.
 
Video surveillance
The volume of CCTV has been on a sharp increase in recent years. However, the Czech legislation has not reflected this development in any way. In December last year the Government Council for Human Rights accepted a proposal of a Committee for Civil and Political Rights. The proposal has been initiated by IuRe and aims at introducing a conceptual regulation of CCTV´s usage in public. IuRe has been bringing forward the necessity of such adjustment for several years. „Thus, the resolution of Council of Government is a significant achievement of our campaign, which leads up to more transparent usage of CCTV systems regulated by strict rules,“ declared Filip Pospíšil from IuRe.
The proposal should allow private persons to use CCTV only in order to protect their own property and family; public authorities should be allowed to make a record only in public interest and only for purposes defined by law. The proposal should also prevent the excessive personal data´s processing and stipulates a duty of the CCTV owner to inform about the CCTV surveillance within it`s range. The aim of the proposal is also to strictly regulate the retention of records, as well as the duty to clearly state and document the exact purpose of each CCTV installation by police or another security agency.
IuRe has already tried to pursue the legal regulation of CCTV through MP Kateřina Jacques to the Police law approved in June 2008. Minister of Interior Ivan Langer rejected the proposal, but has promised that his ministry will, in cooperation with MP and Czech Data Protection Office, prepare amendments of the Act on Personal Data Protection containing proposed amendments. Negotiations are still ongoing with IuRe participating.
 
Passengers Name Records (PNR)
 
Passengers Name Records (PNR), the database of information about airline passengers has originally been only used by aviation companies. But after the 9/11, the American Security Authorities have started making pressure on aviation companies to provide the detailed data of their passengers.
This practice did not have a legal ground in most of countries and the agreement between EU and the USA was found illegal by the European Court of Justice. The provisional agreement, built on the same illegal base in summer 2007, was called back from negotiations in the Czech parliament by foreign minister after IuRe has sent a letter to MPs raising concerns against the approval of the agreement.
After difficult negotiating EU came up with a new agreement on PNR data exchange with the USA in June 2007. In the Czech Republic the proposal of the agreement has not gone through an ordinary legislative process and only Data Protection Office expressed its opinion of it. According to its position, the proposal brings a deterioration of personal data protection level against previous agreements, USA authorities will acquire access to personal data of people without guaranteeing basic rights, for example right on correction of false statements, an information about processing the statements etc.
IuRe has also approached a number of parliamentarians expressing concerns about the agreement and this resulted in the fact that agreement did not obtain support at the foreign committee of the Czech parliament. Also standing Commission of Senate for Privacy Protection expressed their negative position in accordance with IuRe´s recommendations.
IuRe believes that the Parliament will demonstrate its sovereign role and will not approve this agreement at the forthcoming session.
 
This press release has been written as a part of the “Reclaim Your  Rights in the Digital Age" project supported by the Trust for Civil Society in Central and Eastern Europe Foundation.

 

Ke stažení

 Jak funguje internet

 Ochrana OÚ

 CC příručka obálka

 CC samospráva

 

 CC manuál pro města a obce

Kdo jsme

  • Tento web provozuje iure, neziskovka zabývající se ochranou občanských svobod.
     

Logo IuRe


 

Support us