EU data protection Watchdogs expect the European Commission to explain in more detail the specifics of the operation of a database it plans to create which would hold personal data on suspected intellectual property (IP) rights infringers
The European Data Protection Supervisor (EDPS) said that in order to comply with data protection laws the Commission must be clearer about who will have access to the data, who will be able to change it, and how long it will be stored for.
The EDPS said it wanted to help the Commission create a “data protection compliant” database under proposed new regulations on customs enforcement of intellectual property rights. The EDPS is responsible for ensuring EU bodies comply with data protection laws.
Earlier this year the Commission announced plans to enable IP rights holders and others to apply for customs action to seize and destroy goods suspected of being fake or unlicensed. The Commission’s plans included proposals to establish a centralised database of information relating to customs actions. That information would be shared electronically with individual customs authorities across the EU.
The EDPS said it expected the database to contain sensitive personal data of suspected counterfeiters and pirate copiers and for customs authorities to share that data with rights holders in order to enable them to take legal action. Under EU data protection laws personal data must be “processed fairly and lawfully” and be collected for “specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes”. Extra emphasis is placed on the protection of rights around sensitive personal data.
Assistant European Data Protection Supervisor Giovanni Buttarelli, who signed the EDPS opinion, also said that the proposals should include the rights of suspected infringers to be told which authorities are holding their personal data and why.
It’s now over to the European Commission to see what their next move is likely to be.
DDI – 0117 9453 042