Anti-Counterfeiting Trade Agreement, potentially incompatible with EU data protection regime
The European Data Protection Supervisor (EDPS) has adopted an opinion on current EU objective of adopting a new multilateral agreement to strengthen the enforcement of intellectual property rights and to combat counterfeiting and piracy (Anti-Counterfeiting Trade Agreement - ACTA).
In an opinion stated by Peter Hustinx, European Data Protection Supervisor (EDPS), he regrets that he was not consulted by the European Commission on the content of an agreement which raises significant issues as regards individuals' fundamental rights, and in particular their right to privacy and data protection.
From what has been reported about the content of Anti-Counterfeiting Trade Agreement - ACTA, EDPS warns about a potential incompatibility between envisaged measures and data protection requirements. This would apply in particular to the legal framework that would be put in place to fight piracy on the Internet and which could include large scale monitoring of Internet users and the imposition of obligations on Internet Services Providers to adopt "three strikes Internet disconnection policies" - also referred to as "graduated response" schemes.
Hustinx calls for a ensurement of right balance between protection of intellectual property rights and the right to privacy and data protection.
The main recommendations, included in the opinion of EDPS, include the following:
- To investigate less intrusive means to fight piracy on the Internet.
- To apply appropriate safeguards to all data transfers in the context of ACTA. Such safeguards should take the form of binding agreements between EU senders and third country recipients.
- To establish a public and transparent dialogue on ACTA, possibly by means of a public consultation, which would also help ensuring that the measures to be adopted are compliant with EU privacy and data protection law requirements.
The EDPS' general objective is to ensure that the EC institutions and bodies respect the right to privacy when they process personal data and develop new policies. A number of specific duties of the EDPS are laid down in Regulation (EC) No 45/2001. The three main fields of work are supervision, cooperation and consultation.