The European Data Protection Supervisor (EDPS) has condemned the inability of existing legislation to protect citizens against practices and proposals that amount to the creation of a state-sponsored surveillance society.
EDPS Peter Hustin called on the European Parliament to pass primary legislation to define and protect personal data. He also asked for specific laws to protect such data from abuse under new data collection and exchange proposals from law enforcement agencies.
He said agencies that collect, process and store the data should provide information that would allow individuals to modify their behaviour to avoid being "profiled" and to obtain redress for errors and abuses.
The recommendations were part of three opinions that the EDPS issued in December. The opinions are his response to practices and proposals related to the fight against terrorism and organised crime. Many of them have arisen since 9/11.
They cover the collection, processing, exchange and delivery of airline passenger data (PNR), the exchange between law enforcement agencies of personal information including DNA, fingerprint and vehicle records under the Prüm Treaty, and the use of RFID tags in consumer products.
Hustinx said existing legislation provides inadequate protection of personal data against misuse by government agencies and other potential abusers under the relevant proposals.
The private sector is likely to be affected because it already collects, processes and transfers much of the primary data required under the various proposals.
Hustinx said the risks of using data mining tools and behavioural patterns need to be further assessed, and their usefulness clearly established, before they are used to fight crime.
"Building upon different databases without a global view on the concrete results and shortcomings might otherwise lead to a move towards a total surveillance society," he said.