Is EDPS endangering the global community including India?

Recently when the JPC submitted its report on PDPB 2019 dissent notes were  presented by a few members of the committee belonging to opposition parties . Some of these were related to “Excessive powers” to the law enforcement and “Lack of parliamentary oversight”.

Two recent incidents in EU directly reflect the views of the EU community on these issues and are interesting for us to take note since they may come in for discussion during the Parliamentary debate on DPA.

While it is difficult to accept the views of the EU society on both these counts, it is nevertheless interesting to take note of these issues.

First is the decision of the EDPS passing an order on the Europol to delete vast amount of data held for criminal investigation purpose. Second is the reprimand issued on the EU Parliament itself for violations of GDPR.

No doubt the EDPS appears to be a hero in his own right but whether these actions are good for the society in the long run is difficult to say.

The EDPS involved is Mr Wojciech Wiewiórowski who was appointed on 5th December 2019 for a term of 5 years. Earlier he has serverd as Assistant European Data Protection Supervisor from 2014 to 2019.

He is certainly a highly learned person with vast experience in the field of Data Protection and served as the Polish Data Protection Commissioner since 2010 till he moved to the EDPS.

In the first instance the EDPS accused Europol of becoming a counterpart of the NSA in USA and clandestinely spy on the citizens in a mass surveillance effort.

It is said that Europol has accumulated quadrillions of bytes of sensitive data (about 4 petabytes equivalent to 3 million CDROMs).

The data has been collected from various sources including criminal records, extracted from encrypted phones and other sources. The EDPS has ordered that the data shall not be held for more than 6 months and Europol shall take steps to delete the rest of the data within one year.

Technology has been used for everything from Artificial Intelligence, Robots, 3D printing, Crypto currencies, Web 3.0 and so on. But when law enforcement wants to use technology there is objection from many quarters. This discrimination on use of technology for national security is not good for the society.

In another decision, the EDPS has issued an order reprimanding the EU Parliament for allowing transfer of data to Google and Stripe against the Schemed II principle.

Though no fine was imposed, a reprimand has been issued and an order to make changes to the notice and address other issues pointed out.

For some this may seem as a heroic commitment to privacy where the EDPS has taken on its own appointee (like the Bhasmasura syndrome referred to in another context). But if we consider the long term implications of both these decisions, it appears that the EDPS is indirectly endangering the global security by assuming itself power over and above the European Parliament and Law Enforcement and is diluting the counter terrorism efforts of the Europol.

Naavi.org had raised the red flag in June 2018 on “Whether GDPR will convert the entire Internet into Deep web” by carrying Privacy beyond its natural limitations. It appears that this prophesy is now coming to haunt us. On the one hand the “Meta Verse” mafia  has joined hands with the Crypto Currency mafia in an attempt at creating a Web 3.0 which is an attempt to create a nation beyond all nations. At the same time, people on the right side of the law like the EDPS are showing holier than thou attitude on privacy to dilute security to the extent that criminals and terrorists  will thrive.

This fight between the Privacy activists and National Security agencies in EU is not an internal issue of Europe. If the Europol is not able to gather enough intelligence required to identify terror activities, then terrorists operating from within Europe may not only attack EU but also other global citizens. We in India are therefore concerned about the stance taken by EDPS on the Law Enforcement issue in particular and wish that the Europol is not weakened by the over enthusiasm of the EDPS.

A serious global debate is required to be undertaken in this regard by all the security agencies. Perhaps NIA should take the lead to discuss with the NSA, Europol and other similar agencies to ensure that Europol is not rendered impotent.

A time has come for the Indian Government that while passing the Indian act, it should be ensured that the security concerns are not ignored. After all Right to security is as much a fundamental right as Right to privacy whether the Supreme Court agrees or not.

Naavi

 

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.