The lead committees of the European Parliament, LIBE and ENVI, have today voted in favour of the creation of a “European Health Data Space” (EHDS), which will bring together information on all medical treatments received by citizens. Specifically, the bill will oblige doctors to upload a summary of each patient’s treatment to the new data space (Article 7). Exceptions or a right to object are not provided for, even when it comes to particularly sensitive diseases and therapies such as mental disorders, sexual diseases and disorders such as impotence or infertility, HIV or drug abuse therapies. Patients would be able to restrict access to their health records, but not their creation.

“The EU’s plan to collect and interconnect records on all medical therapies entails irresponsible risks of data theft, hacking or loss. Even the most delicate therapies can no longer be administered off record in the future,” criticises Patrick Breyer, Pirate Party MEP and co-lead negotiator for the Greens/European Free Alliance in the EU Parliament’s Committee on Home Affairs. “This is nothing other than the end of medical confidentiality. Have we learnt nothing from the international hacker attacks on hospitals and other health data? If every mental illness, addiction therapy, every erectile dysfunction and all abortions are registered, concerned patients risk being deterred from seeking urgent medical treatment – this can make them ill and put a strain on their families. This digital disempowerment of patients needs to be put to a vote in plenary in December!”

Breyer, who voted against the bill today, also criticises the fact that patients would need to actively object to prevent healthcare providers and industry from using their data. “For many patients who have little time, limited language skills or education, or who are elderly, having to actively object with a certain authority or via a digital tool is too complicated in practice to give them a real choice. International standards such as the World Medical Association’s International Code of Medical Ethics or the Helsinki declaration on Ethical Principles for Medical Research require seeking patients consent before disclosing their medical information. A public opinion poll we commissioned confirms that citizens expect to be asked for their consent before their health records are being shared. Every website asks for our permission before setting a cookie, but we are not even asked before our health records are shared? This system deprives patients of real control over their data and does not deserve our trust.“

The European Parliament’s plenary is due to vote in December and can make final amendments. A survey by the European Consumer Organisation (BEUC) has shown that 44% of citizens are worried about their health data being stolen; 40% fear unauthorised access to their data.

According to the latest state of negotiations, the EU governments also want to introduce a compulsory interconnected electronic health record for everyone without any right of objection. This could be decided as early as 6 December in the so-called COREPER Committee. Trilogue negotiations between the institutions will ensue with a view of finding an agreement early next year.

patrick-breyer.de/en/european-…

In the upcoming Committee vote on creating a European Health Data Space (EHDS) on 28 November, the European Parliament wants to support the mandatory registration of every treatment of a patient in a remotely accessible Electronic Health Record. EU governments also want to endorse a compulsory Electronic Health Record for everyone, possibly as early as 6 December in the so-called COREPER Committee. Patients would be able to restrict data access, but not the electronic collection of summaries of all medical treatments.

“The EU’s planned mandatory electronic patient file with Europe-wide access entails irresponsible risks of theft or loss of the most personal therapeutical data and threatens to deprive patients of any control over the digitisation of their health data,” criticises Patrick Breyer, Pirate Party MEP and chief negotiator for the Greens/European Free Alliance group in the EU Parliament’s Committee on Home Affairs (LIBE). “Have we learnt nothing from the international hacker attacks on hospitals and other health data? If every mental illness, substance abuse therapy, every potency weakness and all abortions are compulsorily recorded, concerned patients may be deterred from seeking urgent medical treatment altogether – this can make people ill. This legislation has been designed for health industry, not to empower citizens.”

The plenary of the European Parliament is due to vote on the Committee recommendation in December and can make final amendments. A survey by the European Consumer Organisation (BEUC) has shown that 44% of citizens are concerned about the risk of health data theft; 40% fear unauthorised access to their data.

patrick-breyer.de/en/mandatory…

Today, the European Parliament adopted its position on the ‘right to repair’ law. The new rules will make it easier for consumers to get their defective products repaired, reducing the need to discard them. MEPs agreed that manufacturers shall be obliged to provide spare parts to independent repairers, and a digital platform shall be set up in each Member State to connect customers and repairers. The legislation also introduces rules to encourage more repairs during the warranty period instead of replacing goods. The text now moves into trilogue negotiations with the Council of the EU and the European Commission.

Patrick Breyer, Member of the European Parliament for the German Pirate Party, comments:

“Pirates support this initiative because we think users should control the tech they use every day. For IT, the requirement that updates must be reversible and shall not lead to diminished performance will be useful. But we Pirates still believe that the right to repair could go further, and would like to see this implemented in future legislation. Current laws say IT device makers must provide updates for a reasonable period of time, but they’re not required to fix known vulnerabilities quickly. That needs to change to keep us safe. The source code and tools for development of information technology should be made public so the community can take care of them when a manufacturer stops supporting a widely used product. Requiring manufacturers to enable 3D printing of spare parts in case of orphan products, as now proposed by Parliament, is a significant step in the right direction.“

Czech Pirate Party MEP Marcel Kolaja, Quaestor of the European Parliament and Member of the leading Internal Market and Consumer Protection Committee (IMCO), comments:

“The ‘right to repair’ proposal is a milestone on the way to a more circular economy. Nowadays, most of the time, it is easier for consumers to throw away broken goods than to have them repaired, even if it is only a minor damage. The result is both unnecessary spending and tons of waste that burdens the environment. Today, Europeans are estimated to lose up to €12 billion a year by throwing away goods unnecessarily, generating 35 million tonnes of waste. Both are relatively easy to prevent, which we are now aiming to do with this mandate.”

patrick-breyer.de/en/less-wast…

On the European Day on the Protection of Children against Sexual Exploitation and Sexual Abuse (#EndChildSexAbuseDay) on 18 November 2023, civil rights activist and MEP Patrick Breyer (Pirate Party, Greens/EFA) calls for a rational debate on effective child protection rather than embracing mass surveillance solutionism:

“Paedocriminals can circumvent any form of surveillance, but a society tackling child protection in a rational way can make a real difference. As long as surveillance projects such as chat control and blanket data retention are confused with child protection, there will be a lack of political will to invest in direct and genuine child protection. Europe urgently needs a rational debate about effective child protection rather than embracing mass surveillance solutionism.

Statistically speaking, there are one or two children in every school class who have suffered sexualised violence (“Vor unseren Augen”, 2023, German only). In 70 to 85% of all cases, according to the Council of Europe, child sexual abuse is committed by someone the child knows and trusts. Perpetrators mainly lurk in the immediate vicinity and use strategies to gain trust and extort secrecy. In 90% of cases, the sexual offences are not reported to the police. Perpetrators benefit from the lack of awareness, education and professional handling of the issue of child sexual abuse.

On the Internet, organised criminals, unlike the majority of citizens, technically protect themselves from surveillance measures. The journalist and darknet expert Daniel Moßbrucker has succeeded in disrupting a paedocriminal forum and force it to give up. He calls on law enforcement agencies to initiate a paradigm shift. Their current tactics are allowing the darknet forums to grow, even though this could be curbed by proactive removal.

For better child protection, Europe needs mandatory protection programmes and responsible experts in schools, churches and sports clubs. Europe urgently needs long-term and well-funded awareness campaigns and counselling services, child and youth work as well as a strong civil society. When it comes to investigation, the solutions are raising public awareness, specially trained experts, long-term investigations, removal of child sexual exploitation content, targeted investigation orders and login traps.

It is misleading, inappropriate for the topic and contradicts the available science to claim that programmes of mass surveillance have an effect on structures and strategies of paedocriminality. Rather, the issue of child protection is being used as a pretext to politically enforce surveillance measures such as the lobbying project Chat Control or the blanket data retention of internet addresses. Our children and abuse victims deserve real, effective, court-proof and rights-respecting protection. Let’s stop spying and start protecting.”

patrick-breyer.de/en/child-pro…

Siamo nell’epoca della guerra al cambiamento climnatico e all’inquinamento.

Siamo sulla soglia di non ritorno (chi parla del 2030, ma per altri l’abbiamo già superata) che decreta il futuro del mondo quale lo conosciamo e la nostra stessa esistenza come specie. Risorse, mancano, bisogna trovare fonti alternative, bisogna ottimizzare quelle che abbiamo, bisogna cambiare paradigma: d’altro canto è scritto nei testi di antropologia che solo chi si sa adattare sopravvive.

Fatto questo preambolo ecco uno spunto di riflessione.

Versione semplificata da alcuni esempi e macro evidenze di un contesto più articolato in cui il modello è sempre quello: un mondo di squali e guerra alle risorse (siano esse materie prime, siano vite ed esseri umani).

Poi ognuno può trarre le proprie conclusioni.

Da una parte abbiamo che:

“Le navi da crociera inquinano più delle auto circolanti in Europa. Le 218 navi per il turismo marittimo di lusso hanno emesso nel 2022 4,4 volte più inquinanti di tutte le automobili del continente (253 milioni).”

L’Italia è il Paese dove le navi da crociera inquinano di più, al primo posto in Ue.

Dall’altro abbiamo personaggi e realtà come ad esempio Elon Musk e la Tesla che vendono macchine ellettriche per inquinare meno, per rendere più green il pianeta.

Personalmente la prima cosa che mi chiedo è che sostenibilità nel medio lungo periodo avranno le auto elettriche?

Riusciranno a sostenere il mercato ed il confronto con quelle a combustibili fossili?

In fatto di sostenibilità c’è da ricordare anche come vengono realizzate e costruite le machine elettriche, con una batteria: le materie prime sono essenziali e fondamentali. Dove, come e chi le estrae?

Per esempio un componente per le batterie possiamo parlare di cobalto.

Spostiamoci in Africa, in RDC – Repubblica Democratica del Congo e scopriremo gironi dantestchi in cui persone di ogni sesso ed età sono intenti inn attività di estrazione mineraria, scavando, spostando sacchi, nelle peggiori situazioni infanganti i diritti fondamentali di ogni individuo.

Solo a me sembra che ci sia qualcosa che stona in tutto questo contesto?
Una visione generale dei minatori che lavorano presso la miniera artigianale di Shabara vicino a Kolwezi il 12 ottobre 2022. Circa 20.000 persone lavorano uno Shabara, a turni di 5.000 alla volta. [Junior Kannah / AFP] RDC Repubblica Democratica del Congo

tommasin.org/blog/2023-11-15/a…

Today the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE) in the European Parliament adopted by a large majority (51:2:1) a mandate to negotiate the controversial EU draft law on chat control. The Commission’s bill proposes bulk scanning and reporting of private messages for allegedly suspicious content by using error-prone algorithms, including „artificial intelligence“. But the European Parliament’s position removes indiscriminate chat control and allows only for a targeted surveillance of specific individuals and groups reasonably suspicious of being linked to child sexual abuse material, with a judicial warrant. End-to-end encrypted messengers are exempted. Instead, internet services will have to design their services more securely and thus effectively prevent the sexual exploitation of children.

EU lawmaker Patrick Breyer of the Pirate Party, a long-time opponent of chat control who negotiated the EU Parliament‘s position on behalf of his group, explains:

“Under the impression of massive protests against the looming indiscriminate chat control mass scanning of private messages, we managed to win a broad majority for a different, new approach to protecting young people from abuse and exploitation online. As a pirate and digital freedom fighter, I am proud of this breakthrough. The winners of this mandate are on the one hand our children, who will be protected much more effectively and in a court-proof manner, and on the other hand all citizens, whose digital privacy of correspondence and communication security will be guaranteed.

Even if this compromise, which is supported from the progressive to the conservative camp, is not perfect on all points, it is a historic success that removing chat control and rescuing secure encryption is the common aim of the entire Parliament. We are doing the exact opposite of most EU governments who want to destroy digital privacy of correspondence and secure encryption. Governments must finally accept that this highly dangerous bill can only be fundamentally changed or not be passed at all. The fight against authoritarian chat control must be pursued with all determination!

In detail, our position will protect young people and victims of abuse much more effectively than the EU Commission’s extreme proposal:

1. Security by design: In order to protect young people from grooming, internet services and apps shall be secure by design and default. It must be possible to block and report other users. Only at the request of the user should he or she be publicly addressable and see messages or pictures of other users. Users should be asked for confirmation before sending contact details or nude pictures. Potential perpetrators and victims should be warned where appropriate, for example if they try to search for abuse material using certain search words. Public chats at high risk of grooming are to be moderated.
2. In order to clean the net of child sexual abuse material, the new EU Child Protection Centre is to proactively search publicly accessible internet content automatically for known CSAM. This crawling can also be used in the darknet and is thus more effective than private surveillance measures by providers.
3. Providers who become aware of clearly illegal material will be obliged to remove it – unlike in the EU Commission’s proposal.
4. Law enforcement agencies who become aware of illegal material must report it to the provider for removal. This is our reaction to the case of the darknet platform Boystown, where the worst abuse material was further disseminated for months with the knowledge of Europol.

At the same time, we are pulling the following poisonous teeth out of the EU Commission’s extreme bill:

1. We safeguard the digital secrecy of correspondence and remove the plans for blanket chat control, which violate fundamental rights and stand no chance in court. The current voluntary chat control of private messages (not social networks) by US internet companies is being phased out. Targeted telecommunication surveillance and searches will only be permitted with a judicial warrant and only limited to persons or groups of persons suspected of being linked to child sexual abuse material.
2. We safeguard trust in secure end-to-end encryption. We clearly exclude so-called client-side scanning, i.e. the installation of surveillance functionalities and security vulnerabilities in our smartphones.
3. We guarantee the right to anonymous communication and remove mandatory age verification for users of communication services. Whistleblowers can thus continue to leak wrong-doings anonymously without having to show their identity card or face.
4. Removing instead of blocking: Internet access blocking will be optional. Under no circumstances must legal content be collaterally blocked.
5. We prevent the digital house arrest: We don’t oblige app stores to prevent young people under 16 from installing messenger apps, social networking and gaming apps ‘for their own protection’ as proposed. The General Data Protection Regulation is maintained.“

The mandate is not expected to be voted on in plenary. The Council could make a further attempt to position itself on 4 December, after which the European Parliament’s negotiations with the Council and the European Commission (“trialogue”) can begin. The majority of EU governments have so far stuck to the plan for mass chat control without suspicion and the undermining of secure encryption. Other governments are firmly opposed to this. A legal opinion published yesterday by a former ECJ judge concludes that neither chat control nor an end to secure encryption would stand up in court.

Table published by Patrick Breyer comparing the EU Commission‘s proposal and the Council‘s draft mandate to the adopted mandate of the EU Parliament

patrick-breyer.de/en/historic-…

In another blow to the EU Commission’s proposed child sexual abuse regulation, a former judge of the EU’s top court of justice finds that the proposed mass scanning of private messages for suspected content would likely be struck down by the Court for violating the fundamental right to privacy. The ex judge dismisses the defence put forward by the Commission in response to similar findings by the EU Council’s legal service earlier this year. Adding to those findings, the former judge concludes that the proposed extension of scanning obligations to end-to-end encrypted communications services also violates EU law for lacking legal certainty (pages 35-37 of the legal analysis).

“EU governments in Council must accept now that the only way forward with this dystopian Chat Control bill, both politically and legally, is to remove indiscriminate mass scanning and end-to-end encrypted services from the proposal. I call on EU governments to stop pursuing chat control and the destruction of secure encryption! An overwhelming majority in the EU Parliament will tomorrow propose limiting surveillance to suspects and safeguarding secure encryption. No child is helped with legislation that will inevitably fail in court even before its implementation. Do you really want to repeat the disaster caused by the Data Retention Directive?” comments Pirate Party MEP Patrick Breyer, who commissioned the legal opinion and co-negotiated the European Parliament’s position on the proposed Chat Control regulation.

The author of the legal opinion Christopher Vajda is a long-time judge of the CJEU (2012-2020).

In his legal opinion he finds that «the provision for DOs [detection orders] in the Regulation is likely to be unlawful on grounds of proportionality, lack of reasoning, legal certainty, as well as the requirement that such interferences should be provided by the law.»

In response to the Commission, he concludes that he “cannot see how a DO [detection order], and the process leading up to it, can preclude it being considered to require general and indiscriminate monitoring of electronic communications.”

The ex-judge calls the Detection Orders of the proposal “a major inroad into the fundamental right to the protection of privacy and data guaranteed by Articles 7 and 8 of the Charter which is, so far as I am aware, far greater than contained in any previous legislation”.

patrick-breyer.de/en/former-cj…

The EU Parliament and EU Council yesterday struck a political deal on the reform of the EU Digital Identity Regulation (eIDAS 2). A new digital identity wallet app is to allow EU citizens to access public and private digital services such as Facebook or Google, and pay online. The deal was made even though more than 500 scientists and numerous NGOs in an open letter „strongly warn against the currently proposed trilogue agreement, as it fails to properly respect the right to privacy of citizens and secure online communications“ – criticism which the Pirate Party Members of the European Parliament underline.

“This regulation is a blank cheque for surveillance of citizens online, endangering our privacy and security online”, comments Pirate Party lawmaker Patrick Breyer. “Browser security is being undermined, and overidentification will gradually erode our right to use digital services anonymously. Mark Zuckerberg should have no right to see our ID! Entrusting our digital lives to the government instead of Facebook and Google is jumping out of the frying pan and into the fire. This deal sacrifices essential requirements the European Parliament had put forward to make the eID app privacy-friendly and secure. The EU misses the opportunity to establish a trustworthy framework for modernization and digitization. We will watch the implementation very closely.”

Pirates Mikulas Peksa and Patrick Breyer worked until the last minute to try and fix at least some of the numerous risks of the EU digital identity scheme. In a major victory, Member States will not be obliged to assign a single unique ID number to every citizen. Signing up for the eID app will be voluntary, and it will remain possible to access public and private services by other existing identification and authentication means. The app client will be open source.

Overall though the scheme remains a blank cheque for surveillance of citizens online: As hundreds of scientists publicly warn and contrary to what the EU claims, web browser manufacturers could be forced to expose our securely encrypted Internet use (including intimate and sensitive activities) to government surveillance. This is an unacceptable attack on secure encryption. The eID apps can also be used to monitor our digital lives because there is no requirement of unobservability. The content of our eID wallets (potentially bringing together personal banking data, medical prescriptions and criminal records) could be monitored via central databases because we have no right to store documents exclusively on our personal devices.

The lure of conveniently signing in to private digital services using a single official eID app is a trap. Overidentification will gradually erode our right to use digital services anonymously which currently keeps us safe from criminal activity, unauthorised disclosure, identity theft, stalking and other forms of abuse of personal data. The eID app will not allow for multiple, truly separate user profiles which vulnerable persons rely on.

The server-side code of the eID wallet will not have to be open source, meaning the public cannot know what the code actually does and if it is safe.

In view of all this, the new EU eID app will not be trustworthy and will fail to sufficiently encourage the development of digital and eGovernment services in Europe – much to the Pirates regret.

See also the assessment of the deal published by NGO epicenter.works

patrick-breyer.de/en/eu-digita…

Yesterday, the EU Parliament and Council agreed on new rules on transparency and targeting of political advertising. The Parliament was able to secure a publicly accessible library of online political advertising, but targeting political messages based on the individual preferences, weaknesses, situation and personality of every user will remain legal (so-called surveillance advertising). Patrick Breyer, EU lawmaker and digital freedom fighter for the Pirate Party, who co-negotiated the regulation in the Civil Liberties Committee (LIBE), takes stock:

“The targeting rules are a farce. The digital manipulation of elections in the style of Cambridge Analytica, targeted disinformation before referendums such as Brexit, contradictory election promises to different voter groups – all of this remains legal. Anti-democratic and anti-european movements will benefit most: they can continue to use surveillance advertising to target hate messages and lies at voters who are susceptible to them in order to undermine our democracy. Here, the short-sighted self-interest of those in power and the surveillance capitalist interests of big tech have combined to create a toxic mixture for democracy.”

The agreed targeting rules in detail:

1. The existing prohibition in the Digital Services Act of analysing the user’s political opinion, sexual orientation or health for advertising purposes remains in place. In practice, however, political advertising tends to be based on matching interests and other correlations, which remains legal. Even Cambridge Analytica did not analyse the political opinion of users before Trump’s election as US president, but rather their personalities.
2. The user consent already required under the General Data Protection Regulation (GDPR) remains a precondition for being allowed to tailor political advertising to the individual situation of the user and profiling their digital lives. Surveillance data from third-parties may not be used. For the first time, Parliament could implement a ban on annoying consent banners if the user rejects personalised political advertising via their browser settings (“do not track”). Parliament was also able to ensure that consent to political surveillance advertising may not be made a precondition for accessing websites (“tracking walls”).

“Every user will be able to decide in favour of or against political surveillance advertising,” explains Breyer. “In the best-case scenario, yesterday’s agreement heralds the beginning of the end of annoying cookie banners and tracking walls. We can build on this foundation in the ePrivacy negotiations and extend these rules to all banners. In the worst case scenario, the new rules will be undermined by suggestively designed consent banners and consent clauses hidden deep in terms and conditions. Letting individual internet users decide on the protection of democratic elections is a dangerous failure of the legislator, for which the EU Commission and EU governments are responsible.”

The new rules will come into force in 2025.

patrick-breyer.de/en/political…