Key privacy concerns in Czech Republic 2007

28. 1. 2008 | 14:05

Last year has seen an increased number attempts from government bodies to extend their powers and make it easier to access people`s private information. To name a few, there were legal proposals to increase the number of agencies authorized to access and process electronic communication data collected by telecommunication companies under the Data Retention law, national DNA database enlargement, plans for various administrative database sharing, introduction of even more CCTV systems and the pressure on air travel operators to share records about their passengers. The introduction of biometric into travel documents data as a mean of identification and the use of contactless chip technologies still suffers from lack of respect of people`s privacy. Citizens continue to loose control over their personal data with the same speed or no visible slowdown. a. National DNA database There has been a substantial expansion of the number of DNA samples and profiles in 2007 - up to 40 000 records. The new legislation which went into force in 2006 has allowed Police to take samples from not only the accused, but also uncharged suspects or from any other person related to the investigation in any unspecified way, which practically means from anybody. Moreover, the new law made it possible to take DNA samples from all prisoners found guilty of intentional crimes as well as people under protected health treatment. There has been a murder related investigation in the city of Sternberk, where DNA samples were taken from all men of a certain age, whilst no information was given about the process of destruction of those samples belonging to innocent people after the investigation. b. Data Retention EU directive 2006/24/EC on the retention of data generated or processed in connection with the provision of publicly available electronic communications services been implemented into the national legislation since the beginning of 2006. In 2007 the Police routinely used the data for investigation. However, there are no official statistics of the number of accesses nor on the efficiency of the measure. In November 2007 a proposal was made by the Minister of Industry and Trade, Mr. Ríman, to allow the secret service and the military intelligence a direct access to those data. He has abandoned the idea only temporarily after a strong negative reaction from the media and politicians. c. PNR The provisional agreement on transfer of Passenger Name Records expired at the middle of 2007. The new agreement has been accepted by the Czech government outside the ordinary legislative process due to the lack of time. Only the Czech Data Protection Agency was consulted. By its official opinion, the new agreement is worse in respect to privacy than the previous one, namely because the agreement doesn`t contain any safeguards against the US interlinking the data with other databases, using it for other purposes or exporting the data into third countries with different regimes of privacy protection. The Czech government has accepted the agreement with reservation. d. CCTV surveillance Both the Ministry of Interior and various city magistrates continue to invest in CCTV systems. The current number of CCTVs in Prague is 400 and keeps increasing. The Prague City Hall has announced its plans to enclose the whole city in the circular system of interlinked cameras with a license plate number recognition capabilities combined with speed cameras in order to register all vehicles entering or leaving the city. There has been a case well covered by the media of a misuse of the CCTV system to peek into a private flat on a crossroad in Pilsen in Summer 2007. The images have appeared on the Internet. e. Contacless chip cards In Summer 2007, the Prague City Hall introduced a universal service card for all citizens of Prague. It`s supposed to be used for parking payments, access to libraries, as a travel card, electronic wallet and a key for online communication. As demonstrated publicly by EDRi-member Iuridicum Remedium, anybody with a standard RFID reader was able to obtain the personal data (name, date of birth, sex) from the card, from a distance, without the cardholder`s consent. Despite the producer`s claims on the enhanced security of the chip, the actual implementation of the system did not put any focus on the cardholders` security and left the card at factory defaults. Neither has it ever been explained why the personal data should be on the contactless chip in the first place. After the campaign, the City Hall has decided to stop putting the data on the chip and fix the already issued ones. But the fact that many services which used to be available anonymously are no longer anonymous (e.g. parking) remains a major unresolved problem. f. eGovernment The recent developments on the eGovernment front give other reasons to worry. There is almost no discussion about the privacy safeguards and how they are going to be implemented. The available documentation contains many plans on processing and interlinking people`s personal data including the broad specification of whom this data will be made available and how the data is going to be shared. The privacy aspects of the system, which will potentially concern the majority of the population, have been left out completely. The proposal made by an independent working group for a time limited ad-hoc identifiers has not been taken into consideration. EDRi-gram: Prague will anonymise RFID city cards (1.08.2007) EDRi-gram: Government attempts of increased level of surveillance in Czech Republic (7.11.2007) More information (in Czech only) (contribution by Filip Pospísil and Marek Tichý, EDRi-member Iuridicum Remedium - Czech Republic)

Ke stažení

 Jak funguje internet

 Ochrana OÚ

 CC příručka obálka

 CC samospráva


 CC manuál pro města a obce

Kdo jsme

  • Tento web provozuje iure, neziskovka zabývající se ochranou občanských svobod.

Logo IuRe


Support us