Yesterday, Member of the European Parliament and digital freedom fighter Patrick Breyer (Pirate Party) filed an action for an injunction against the so-called chat control against Facebook’s parent company Meta Platforms Ireland Limited at Kiel District Court. As a user of “Facebook Messenger”, Breyer is suing against the suspicionless automated search of private chat histories and photos. While the automated searches of personal messages and chats is so far only practised by major US providers, the EU Commission is to propose tomorrow to make this mandatory for all providers of e-mail, messenger and chat services.

Plaintiff Patrick Breyer comments:

“This Big Brother attack by unleashing error-prone algorithms on our cell phones, private messages and photos is a giant step toward a Chinese-style surveillance state. Chat control is like the post office opening and scanning all letters – ineffective and illegal. I will not stand by idly and watch the dismantelling of the fundamental right to digital privacy of correspondence. I will now involve the judiciary.

With chat control in place even the most intimate nude photos and sex chats can suddenly end up with company personnel or the police. Destroying the digital secrecy of correspondence is destroying trust. We all depend on the security and confidentiality of private communication: People in need, victims of abuse, children, the economy and also government authorities.

Organized child porn rings don’t use e-mail or messenger services, but rather secret self-operated forums. With its plans for chat control, the EU Commission is putting the general security of our private communications and public networks, business secrets and state secrets at risk out of short-term surveillance desires. What we need is removals instead of snooping!”

At Breyer’s request, Europol had previously admitted not to report known CSEM for deletion.

Breyer’s lawyer Prof. Dr. Ralph Wagner explains:

“While EU politicians on the one hand claim to protect us from assaults by Facebook, Google and Co., they are at the same time commissioning these same companies to screen and monitor all our communications. The fact that the European Court of Justice (and the courts of many EU member states) has already prohibited such total surveillance on several occasions is simply brushed aside. Then, unfortunately, the only option is to go back to the courts.

Whoever is serious about data protection, with the least bureaucratic burden possible, and wants to protect civil liberties, must not screen all of our communications and then also commission Facebook to do the same.”

Tomorrow, the EU Commission will publicly present its draft EU law on mandatory chat control. The law would require all providers of email, messenger and chat services to conduct mass chat checks and would undermine secure end-to-end encryption.

EDRi has criticised chat control as the “inevitable result of such technologies” and stresses these “would be unthinkable for those that are wrongly accused. The German Child Protection Association has also denounced the EU Commission’s plan to scan private communications via messenger or email without any reason as disproportionate and ineffective. Instead, it says, that the majority of child pornography material is shared via platforms and forums. What is needed “above all is the expansion of human and technical resources at law enforcement agencies, more visible police presence on the net, more state reporting offices, and the decriminalisation of the dissemination of self-generated material among young people.”

Breyer’s information page on chat control

patrick-breyer.de/en/destructi…

Next week on Wednesday (May 11), the EU Commission will present an EU draft law on mandatory chat control to the public for the first time. Similar to Apple’s highly controversial “SpyPhone” plans, the Commission wants to oblige all providers of email, chat and messaging services to search for suspicious messages in a fully automated way and forward them to the police in the fight against “child pornography”. This will require them to monitor and scan the communications of citizens en masse – even if they are still securely encrypted end-to-end so far.

MEP and civil rights activist Dr. Patrick Breyer (Pirate Party) comments:

“This spying attack on our private messages and photos by error-prone algorithms is a giant step towards a Chinese-style surveillance state. Will the next step be for the post office to open and scan all letters? Organized child porn rings don’t use email or messenger services, but darknet forums. With its plans to break secure encryption, the EU Commission is putting the overall security of our private communications and public networks, trade secrets and state secrets at risk to please short-term surveillance desires. Opening the door to foreign intelligence services and hackers is completely irresponsible. To stop chat control, the net community must go to the barricades as!”

In March, 35 organisations worldwide, including the German Lawyers Association, Digitale Gesellschaft, and the Committee to Protect Journalists (CPJ), had warned against the EU’s chat control law.

In an expert opinion, a former ECJ judge pointed out last year that the warrantless interception of private communications violates the case law of the European Court of Justice. According to a poll 72% of citizens oppose the indiscriminate scanning of their private communications. The German government coalition agreement states on the topic on chat control: “We reject measures to scan private communications.”

More info on chat control

patrick-breyer.de/en/chat-cont…

Yesterday, a large majority of Members of the European Parliament opposed the Parliament’s plans to register their presence by processing their fingerprints. By 420:202:15 votes they called on the Bureau to “develop an alternative solution that does not involve the processing of biometric data”. For example, an electronic attendance register could rely on Members badges or their mobile phones, and it could come with random and periodic checks by human monitoring.

In the past, there has been some harsh criticism of plans by the European Parliament‘s Bureau to fingerprint all Members of Parliament in order to register their presence. Following up on complaints, the European Data Protection Supervisor (EDPS) is called into doubt the legality of the scheme. In a set of recommendations released in March 2021 the EDPS told the Parliament leadership it needs to justify why it considers the risk of impersonations for a badge-based system is „more than a fringe occurrence“ and whether such fraud has ever occurred while a badge-based system was being tested. Parliament also needs to look into alternative solutions that rely on Members‘ mobile phones.

„By plotting to fingerprint all Members, the Parliament‘s leadership wanted to place all of us under a general suspicion of fraudulently asking other people to register and claim attendance allowances – without citing a single occurrence of such fraud during the test of a badge-based system“, states Breyer. „I am pleased that the Members of the European Parliament are speaking out so strongly against this unnecessary and likely unlawful biometric fingerprinting. We shall not allow large-scale processing of biometrics to become a new normality.“

Background: The Article 29 data protection group stated that, as a general rule, the use of biometrics cannot be regarded as a legitimate interest for securing access to buildings. According to the European Data Protection Supervisor Wojciech Wiewiórowsk „the EDPS did not consider proportionate the use of biometric systems for monitoring staff members’ working time and leave. We considered the processing of biometric data was not necessary in relation to the purpose, because such purpose could be achieved with less intrusive means, such as by signing in, using attendance sheets, or using clocking in systems via magnetic badges.“

Breyer also refers to an EDPS publication on “14 misunderstandings with regard to biometric identification and authentication”.

patrick-breyer.de/en/european-…

Yesterday, a large majority of Members of the European Parliament opposed the Parliament’s plans to register their presence by processing their fingerprints. By 420:202:15 votes they called on the Bureau to “develop an alternative solution that does not involve the processing of biometric data”. For example, an electronic attendance register could rely on Members badges or their mobile phones, and it could come with random and periodic checks by human monitoring.

In the past, there has been some harsh criticism of plans by the European Parliament‘s Bureau to fingerprint all Members of Parliament in order to register their presence. Following up on complaints, the European Data Protection Supervisor (EDPS) is called into doubt the legality of the scheme. In a set of recommendations released in March 2021 the EDPS told the Parliament leadership it needs to justify why it considers the risk of impersonations for a badge-based system is „more than a fringe occurrence“ and whether such fraud has ever occurred while a badge-based system was being tested. Parliament also needs to look into alternative solutions that rely on Members‘ mobile phones.

„By plotting to fingerprint all Members, the Parliament‘s leadership wanted to place all of us under a general suspicion of fraudulently asking other people to register and claim attendance allowances – without citing a single occurrence of such fraud during the test of a badge-based system“, states Breyer. „I am pleased that the Members of the European Parliament are speaking out so strongly against this unnecessary and likely unlawful biometric fingerprinting. We shall not allow large-scale processing of biometrics to become a new normality.“

Background: The Article 29 data protection group stated that, as a general rule, the use of biometrics cannot be regarded as a legitimate interest for securing access to buildings. According to the European Data Protection Supervisor Wojciech Wiewiórowsk „the EDPS did not consider proportionate the use of biometric systems for monitoring staff members’ working time and leave. We considered the processing of biometric data was not necessary in relation to the purpose, because such purpose could be achieved with less intrusive means, such as by signing in, using attendance sheets, or using clocking in systems via magnetic badges.“

Breyer also refers to an EDPS publication on “14 misunderstandings with regard to biometric identification and authentication”.

patrick-breyer.de/en/%ef%bf%bc…

Today, Members of the European Parliament voted on revising Europol’s mandate and upgrading the EU police agency. The adoption of the report will give the agency expanded powers without independent oversight. Despite serious concerns from civil society and a rebuke from the European Data Protection Supervisor last year, Europol is to be allowed to collect and analyse massive amounts of data on unsuspected individuals, such as cell phone movement data and air travel data.

As a substitute member of Europol’s supervisory body JPSG, MEP Patrick Breyer (Pirate Party) states:

“I am voting today against the reform which aims to legalize Europol’s illegal activities instead of stopping them: According to the findings of the European Data Protection Supervisor, Europol has been illegally storing masses of data transmitted by national intervention authorities on millions of unsuspected individuals for years. We are talking about large amounts of data (mobile phone location data, passenger lists) of people who are in no way connected to criminal activities. In consequence innocent citizens run the risk of being wrongfully suspected of a crime just because they were in the wrong place at the wrong time.

The planned cooperation of Europol with private companies (such as Google and Microsoft), which unjustly report millions of people as part of pan-european message screening and chat control, is also unacceptable. The fact that Europol even wants to train error-prone algorithms with real citizens’ data in the future, threatens us with false positives and discrimination.

Police cooperation in Europe is of crucial importance. For this to happen, however, Europol must be effectively monitored and prevented from violating the law. The supervisory mechanisms, which have been superficial so far, have not been given the necessary teeth to detect and stop illegal practices by the authority. As a member of the supervisory body, I still have no right to look into Europol’s activity.”

patrick-breyer.de/en/plenary-v…

Today, Members of the European Parliament voted on revising Europol’s mandate and upgrading the EU police agency. The adoption of the report will give the agency expanded powers without independent oversight. Despite serious concerns from civil society and a rebuke from the European Data Protection Supervisor last year, Europol is to be allowed to collect and analyse massive amounts of data on unsuspected individuals, such as cell phone movement data and air travel data.

As a substitute member of Europol’s supervisory body JPSG, MEP Patrick Breyer (Pirate Party) states:

“I am voting today against the reform which aims to legalize Europol’s illegal activities instead of stopping them: According to the findings of the European Data Protection Supervisor, Europol has been illegally storing masses of data transmitted by national intervention authorities on millions of unsuspected individuals for years. We are talking about large amounts of data (mobile phone location data, passenger lists) of people who are in no way connected to criminal activities. In consequence innocent citizens run the risk of being wrongfully suspected of a crime just because they were in the wrong place at the wrong time.

The planned cooperation of Europol with private companies (such as Google and Microsoft), which unjustly report millions of people as part of pan-european message screening and chat control, is also unacceptable. The fact that Europol even wants to train error-prone algorithms with real citizens’ data in the future, threatens us with false positives and discrimination.

Police cooperation in Europe is of crucial importance. For this to happen, however, Europol must be effectively monitored and prevented from violating the law. The supervisory mechanisms, which have been superficial so far, have not been given the necessary teeth to detect and stop illegal practices by the authority. As a member of the supervisory body, I still have no right to look into Europol’s activity.”

patrick-breyer.de/en/plenary-v…

Yesterday, the EU Commission presented a draft law to create a “European Health Data Space” (EHDS). The proposal aims to connect patients‘ health data across Europe. For example, patients’ medical histories, test results or prescriptions are to be shared with hospitals and doctors treating a patient throughout the EU, unless the patient restricts access. Industry, research and authorities would also be given access to personal health data with only the name removed („pseudonomised“).

MEP Patrick Breyer (Pirate Party) comments:

“Information revealing my physical and mental health is extremely sensitive. If I can’t rely on this information being treated confidentially by my attending physicians, then I may no longer seek treatment. This puts sick people and their family at risk. That’s why the digitization of the healthcare system must meet the following requirements:

• Only the attending physician may have access to their own treatment information without the patient’s free consent. This includes the fact that a person is being treated by a particular doctor in the first place. There are good reasons, for example, to obtain a second opinion without the doctors involved knowing about each other.
• Without the free consent of the patient, treatment information may only be stored locally by the chosen doctor and not automatically in central systems, where there is no longer any control over it. There is a risk that in the event of a loss of data, the data of the entire population will suddenly be lost.
• If there is ever to be access by industry, by research or even by politics, then only anonymised and aggregated together. It is not enough to simply remove the names of the patients. After all, treatment histories are so unique making it is easy to reassign them to the person in question.

After a preliminary review of the EU Commission’s legislative proposal, none of these requirements are met. Obviously, the proposal was not designed in the interest of the patients, but of industry. There is a lot of work ahead to ensure that patients can continue to trust in the confidentiality and security of their highly sensitive health information and that their right to self-determination over their data is respected!”

patrick-breyer.de/en/european-…

Today, the European Parliament approved a legislative initiative for new electoral rules to be applied to European elections. Pirate Party Members of the European Parliament strongly oppose the implementation of a highly undemocratic mandatory threshold. The minimum threshold of 3.5% for larger EU countries will result in millions of votes being nullified, which effectively dooms smaller parties in the EU.

Patrick Breyer, Member of the European Parliament for the German Pirate Party, comments:

14 Member States have set thresholds by law. However, in two decisions, the German Constitutional Court declared the country’s existing thresholds for EU elections unconstitutional. After today’s vote, the proposal will be discussed by EU governments who will have the final say together with the Council.

14 Member States have set thresholds by law. However, in two decisions, the German Constitutional Court declared the country’s existing thresholds for EU elections unconstitutional. After today’s vote, the proposal will be discussed by EU governments who will have the final say together with the Council.

patrick-breyer.de/en/pirates-s…