EBLIDA welcomes the opportunity to comment on the Working document on data protection issues related to intellectual property rights (xxxx/05/EN WP 104 of 18 January 2005). 

EBLIDA, the European Bureau of Library, Information and Documentation Associations, is an independent, non-profit umbrella organisation of national library, archive and information sector associations and institutions in Europe. EBLIDA represents the interests of its members to the European Institutions with a focus on intellectual property rights, DRM, information society, educational and cultural matters.

EBLIDA promotes access to information and culture in the digital environment for the purposes of education, research and private study.

Like the Working Party itself, EBLIDA views with concern the potential adverse effects on personal privacy from Digital Rights Managements systems.  If such systems are taken beyond their stated purpose, library users  -  and in general private users of digital material   -  could find themselves not merely verified as conforming with copyright law, but also subject to ‘ubiquitous surveillance of users’ of digital works.  If electronic copyright management systems are indeed ‘monitoring every single act of reading, listening and viewing on the internet’ (as noted on page 3 of the working document), European principles of privacy are being breached to a deplorable degree.

EBLIDA believes that the collection of data about the reading, viewing and listening habits of individuals constitutes the collection of sensitive data, and as such it should be permitted only after prior authorisation through due process of law in defined circumstances and under defined conditions.  It is important that such data, if collected, should be kept for the shortest possible time to fulfil a specific purpose.  Data protection principles apply by law in the United Kingdom. These principles are reproduced below:

The eight principles of good practice

Anyone processing personal information must comply with eight enforceable principles of good information handling practice.

These say that data must be:

1        fairly and lawfully processed

2        processed for limited purposes

3        adequate, relevant and not excessive

4        accurate and up to date

5        not kept longer than necessary

6        processed in accordance with the individual’s rights

7        secure

8        not transferred to countries outside the European Economic area unless the country has adequate protection for the individual

The six conditions

At least one of the following conditions must be met for personal information to be considered fairly processed:

1        the individual has consented to the processing

2        processing is necessary for the performance of a contract with the individual

3        processing is required under a legal obligation (other than one imposed by the contract)

4        processing is necessary to protect the vital interests of the individual

5        processing is necessary to carry out public functions, e.g. administration of justice

6        processing is necessary in order to pursue the legitimate interests of the data controller or third parties (unless it could unjustifiably prejudice the interests of the individual)

We recommend that these principles be applied to the processing of all personal information for the purposes of digital rights management systems within the European Union.

We believe it very likely that anonymous user data will be sufficient for the distribution of royalties to right holders through digital rights management systems.  EBLIDA therefore supports very strongly the Working Party’s reaffirmation of the necessity to allow for anonymous or pseudonymous transactions on the internet (page 5 of the working document).   We agree that where DRM technologies are used in order to protect specific information, tools should be used which preserve the anonymity of the user.  We agree also with the Working Party that ‘the tagging of a document should not be linked to an individual’ unless the link is necessary or agreed to by the user.

In summary we are at one with the Working Party’s conclusions, which we hope will form a critical element in the development of DRMS in Europe.

The Hague, March 2005