Data Protection Fines – Deutsche Bahn syle

The Berlin data protection registrar (Berliner Beauftragter für
Datenschutz und Informationsfreiheit) has completed an investigation into employee monitoring by Deutsche Bahn, the German federal railway company.  On 16 October 2009 he imposed a fine on Deutsche Bahn of  €1.1 million.  The company had fourteen days to appeal the fine, but a  press release
from the Berlin regulator dated 23 October 2009 suggests that Deutsche Bahn have accepted the fine.

Amongst other infringements, the company had been found to have monitored hundreds of thousands of employee e-mails and searching their computer hard drives. During 2006 and 2007 all employee external email accounts were monitored. This was a major scandal in Germany when the story first broke, which led the Deutsche Bahn CEO at the time, Hartmut Mehdorn to announce his resignation in March 2009, to be replaced by former Daimler executive Ruediger Grube.

In contrast, if Network Rail and all the train operating companies in the UK were found to have breached the Data Protection Act 1998 in a similar way, the most the Information Commission could do is impose upon them an enforcement notice.  Only if this notice were breached could the relevant company be prosecuted and fined a paltry £5,000.  Fining powers are included in the Data Protection Act 1998 (ss. 55A-55E), but these have yet to be brought into effect by the Government.

European Parliament and Council: pistols at dawn?

The Bois de la Cambre outside of Brussels was once a regular venue for “pistols at dawn”, and 30 December may yet again be a fateful date.

According to a Press Release from the European Parliament, the Parliament and Council begin conciliation proceedings on the telecoms package on 4 November, which must agree a joint text by 30 December.  If they do not agree a text, or if the text is not passed without amendment by both the Parliament (on simple majority of votes cast) and the Council (by qualified majority), then the telecoms package falls and the whole process must be started with a new proposal from the Commission.

There is one open issue: the question of internet access.  This involves amendments to Article 8 of the Framework Directive 2002/21/EC (as set out in the Parliament’s second reading position paper – see relevant documents here).  In particular, the Council does not accept the Parliament amendments:

in paragraph 4 [of Article 8], points (g) and (h) shall be added:

[4.  The national regulatory authorities shall promote the interests of the citizens of the European Union by inter alia:]

(g)  promoting the ability of end-users to access and distribute information or run applications and services of their choice;

(h)  applying the principle that no restriction may be imposed on the fundamental rights and freedoms of end-users, without a prior ruling by the judicial authorities, notably in accordance with Article 11 of the Charter of Fundamental Rights of the European Union on freedom of expression and information, save when public scrutiny is threatened in which case the ruling may be subsequent.

The Council have yet, as far as we are aware, to make known to the Parliament their objections to this amendment.  It is suspected that the “prior ruling by the judicial authorities” phrase is the stumbling block, but as this has now been introduced (albeit with some controversy over the method) in France’s HADOPI II, the only member state so far with a “three strikes” law, it is a surprise that it continues to hold up the whole telecoms package.