15 July 2008

US - Google and Viacom reach deal over YouTube user data

(Guardian)
Google has struck a deal to protect the personal data of millions of YouTube users in the $1bn copyright court case brought against the video-sharing website by Viacom. Under the deal, Google will make user information and internet protocol addresses from its YouTube subsidiary anonymous before handing over the data to Viacom in the US legal case.

Labels:

08 July 2008

UK privacy watchdog says EU laws are not good enough

(OUT-LAW News)
The UK's privacy watchdog has said that EU privacy laws are out of date and in need of reform. The Information Commissioner's Office (ICO) has commissioned a research firm to look into how the law could be changed. The ICO said that Commissioner Richard Thomas would lead an international debate on how the law could and should change. Data protection laws across the EU are derived from the European Directive on Data Protection.

Labels:

07 July 2008

US - Google must divulge YouTube log

(BBC)
Gooogle must divulge the viewing habits of every user who has ever watched any video on YouTube, a US court has ruled. The ruling comes as part of Google's legal battle with Viacom over allegations of copyright infringement. Digital rights group the Electronic Frontier Foundation (EFF) called the ruling a "set-back to privacy rights". The viewing log, which will be handed to Viacom, contains the log-in ID of users, the computer IP address (online identifier) and video clip details. While the legal battle between the two firms is being contested in the US, it is thought the ruling will apply to YouTube users and their viewing habits everywhere.

Labels: ,

Google bows to pressure, adds privacy link to home page

(OUT-LAW News)
Google has added a link to its privacy policy from its sparse front page, bowing to pressure from privacy activists. Google founders Larry Page and Sergey Brin were involved in the decision, according to a Google executive.

Labels:

04 July 2008

US - Social networking site divulges child's personal data

(LA Times)
Reunion.com previously linked to other data providers when users searched its site for names. Last month, the site decided to build its own database by acquiring files on as many as 260 million people from a private data broker. A mother was upset to find the name of her 4-year-old son.

Labels:

24 June 2008

EU - EDPS Opinion on safer Internet for children

(RAPID)
The European Data Protection Supervisor (EDPS) has adopted an Opinion on the proposed multiannual Community programme on protecting children using the Internet and other communication technologies. The EDPS fully supports the general orientations of the programme aiming at more efficiently protecting children using the Internet, while adapting to the evolution of new technologies. He stresses the fact that the protection of children's data is an essential first step in guaranteeing more safety and prevention of abuse on the Internet. Data protection considerations should also apply to all persons who are connected in some way with the information circulating on the network to prevent illegal content and harmful conduct (e.g. person reported as suspect, reporting person, victim of abuse). Data protection authorities play a decisive role in the protection of children on the Internet. This should be taken into consideration when it comes to the implementation of the multiannual programme; any reporting system to be put in place in order to report illegal or harmful content online has to take into account the existing data protection framework. Guarantees related to the supervision of the system, in principle by law enforcement authorities, are decisive elements to comply with this framework; filtering or blocking tools to control access to networks should be used cautiously, bearing in mind their potential adverse effect (e.g. preventing access to legitimate information) and taking advantage of the privacy enhancing opportunities offered by technology; the development of best practices by the industry should be promoted. However, the surveillance of telecommunication networks, where necessary in specific circumstances, should be the task of law enforcement authorities.

Labels: ,

09 June 2008

UK - Facebook profiles need shielding from media intrusion, say users

(OUT-LAW News)
Nine in ten web users want guidelines on what information the media can use from social networking sites and 78% would change the information they publish about themselves online if they thought it would later be reproduced in the mainstream media. The research was carried out by Ipsos MORI for the Press Complaints Commission and involved interviews with 1,000 British web users aged 16?64.

Labels: , ,

08 June 2008

DE - Jugend- und Datenschutz in der digitalen Welt

(Deutsches Digital Institut) Workshop in Berlin am 21. Mai 2008. Teilnehmer u.a. Frank Zimmermann (SPD-Fraktion im Abgeordnetenhaus), Marcus Riecke (studiVZ), Joel Berger (MySpace), Grietje Staffelt (Grünen-Fraktion im Bundestag), Sabine Frank (Freiwillige Selbstkontrolle der Multimediadiensteanbieter). Die klassischen Instrumente des Jugend- und Datenschutzes werden den Anforderungen der neuen Sozialen Netzwerke nicht gerecht. Dies ist das Fazit des mit hochkarätigen Vertretern aus den Bereichen Politik und Medien, Betreiber und Nutzer der führenden Sozialen Netzwerke besetzten Workshops des Deutschen Digitalen Instituts, Berlin.

Labels: , ,

DE - Did Deutsche Telekom Spy on Journalists and Board Members?

(Spiegel)
German telecommunications giant Deutsche Telekom stands accused of having monitored telephone calls of business journalists, board members and shareholders. An anonymous fax may result in a criminal investigation.

Labels: ,

06 June 2008

Watching while you surf

(Economist)
Is it a worrying invasion of privacy for web surfers, or a lucrative new business model for online advertising? A new "behavioural" approach to targeting internet advertisements, being pioneered by companies such as Phorm, NebuAd and FrontPorch, is said to be both of these things. The idea is that special software, installed in the networks of internet-service providers (ISPs), intercepts webpage requests generated by their subscribers as they roam the net. The pages in question are delivered in the usual way, but are also scanned for particular keywords in order to build up a profile of each subscriber?s interests. These profiles can then be used to target advertisements more accurately.

Labels:

03 June 2008

Privacy Principles for Digital Watermarking

(CDT)
CDT released a paper offering a set of principles for addressing potential privacy considerations when deploying digital watermarking technology. Digital watermarks encode information in a media file by making subtle changes to the image, audio, or video. Much like watermarks on stationary, these changes typically would not be noticeable to a person viewing or listening to the content.

Labels: ,

28 May 2008

EU - Commission replies on Phorm

(Cable Forum)
The ePrivacy Directive obliges Member States to ensure the confidentiality of communications and related traffic data through national legislation. In particular, they shall prohibit listening, tapping, storage or other kinds of interception or surveillance of communication and the related traffic data by persons other than the users without their consent, which must be freely given, specific and informed indication of the user's wishes. The data concerned in this particular matter i.e. the content of search queries, constitute communication within the meaning of this Directive and the URLs used in the packets constitute traffic data. This data should therefore be protected appropriately.

Labels:

EU - ENISA asks for new legislation on social networking sites

(IDG)
Europe's top Internet security agency, ENISA, called for new legislation to police social networking sites such as Facebook and MySpace. "Social networking sites are very useful social tools but we must make recommendations for how to better protect people from the risks these sites create," said Andreas Pirotti, executive director of ENISA (European Network and Information Security Agency). He suggested that EU legislation be expanded "to cover the taking of photos of people and posting them on the internet," he said, adding that currently there is no need to get a person's consent in order to post a photo of them. He also said there is a "crucial need" to raise awareness about how social networking sites work. Few people realize that they can be offered up as friends to people they don't know. Also, many people don't realize that it's almost impossible to erase material once it has appeared on the internet, Pirotti said.

Labels: ,

25 May 2008

A simple way to avoid being the next Star Wars Kid

(Times)
by Jonathan Zittrain. Embarrassing images can find their way onto the web all too easily, ruining the lives of the people depicted, but a 'privacy tag' could prevent it.

Labels:

23 May 2008

Google founders in web privacy warning

(FT)
Social networks and other companies' "aggressive" attempts to target advertising according to users' search behaviour risk damaging the internet industry's reputation, Google's co-founders have warned. Google has faced particular resistance in Europe to its policy of retaining users' search history to improve search results, but comments made by Sergei Brin and Larry Page to journalists at a Google conference in Hertfordshire seemed designed to identify others as the bigger threat to internet users' privacy.

Labels:

21 May 2008

UK - Criticism for 'database' plan

(BBC)
Plans for a super-database containing the details of all phone calls and e-mails sent in the UK have been heavily criticised by experts. The government is considering the changes as part of its ongoing fight against serious crime and terrorism.

Labels: ,

14 May 2008

Google blurs the privacy issue

(Guardian)
Google is hoping to avoid a fight with European privacy campaigners as it prepares to launch its controversial Street View service this side of the Atlantic later in the year, by introducing new technology that blurs the faces of people its cameras inadvertently snap while scanning the streets.

Labels:

FR - Passeports biométriques : avis défavorable de la CNIL

(Le Monde)
Le gouvernement est passé outre l'avis de la Commission nationale de l'informatique et des libertés (CNIL) en créant le nouveau passeport biométrique, qui devra contenir, outre une photo numérisée, les empreintes digitales de huit doigts. Selon la CNIL, dont l'avis du 11 décembre 2007 a été publié au Journal officiel du 10 mai, "un sujet d'une telle importance devait passer devant le Parlement et nous n'avons pas obtenu les éléments qui permettent de justifier la création de cette banque de données", a résumé à l'AFP son président, Alex Türk.

Labels:

12 May 2008

EU - EDPS Opinion on ePrivacy Directive review

(RAPID)
On 10 April, the European Data Protection Supervisor (EDPS) adopted an Opinion on the European Commission's proposal amending, among others, the Directive on Privacy and electronic communications, usually referred to as the ePrivacy Directive. Peter Hustinx, EDPS, says: "I welcome the approach followed by the proposal which is in line with views expressed in previous opinions. However, the proposed amendments to the Directive are not as ambitious as they should be. In dealing with new issues, such as the setting up of a mandatory security breach notification system, the proposal remains too restrictive in its scope."

Labels:

09 May 2008

IT - Publish and be taxed

(Economist)
At the end of April, without warning or consultation with the data-protection authority the Italian tax authorities put all 38.5m tax returns for 2005 up on the internet. The site was promptly jammed by the volume of hits. Before being blacked out at the insistence of data protectors, vast amounts of data were downloaded, posted to other sites or, as eBay found, burned on to disks.

Labels: ,

20 April 2008

FR - French websites liable for story in RSS reader

(OUT-LAW News)
A French court has punished web publishers because of snippets of text that appeared on their sites via an RSS reader. It is believed to be the first time that a website operator has been held responsible for content delivered by a third party's RSS feed.

Labels: ,

19 April 2008

FR - French sites fined for linking to privacy-invading content

(OUT-LAW News)
Three French websites have been found guilty of invading an actor's privacy for publishing links to articles containing the offending material. The Paris Tribunal has fined the operators of all three sites. Oliver Martinez, who is famous for his relationship with pop singer Kylie Minogue, sued two blogs and one news site over links to other people's stories about him and his relationship with Minogue. The case was principally against Fuzz.fr, a website which displays links to news stories on other sites ranked by popularity. One of those links was to a story about Martinez and Minogue and formed the basis of the case, which claimed that the article violated his right to privacy. French sites fined for linking to privacy-invading content.

Labels: ,

EU - Eurobarometer survey reveals that EU citizens are not yet fully aware of their rights on data protection

(RAPID)
This summary gives an overview of the findings of the Flash Eurobarometer survey on Data Protection that was conducted in January 2008. Previous waves of the survey had been performed three times before, in 1991, 1996 and 2003. Fieldwork was carried out from January 8th to 12th, 2008. Over 27,000 randomly selected citizens aged 15 years and over were interviewed in the 27 EU Member States.

Labels: ,

EU - Eurobarometer survey measures perceptions amongst European data controllers

(RAPID)
National laws on data protection demand good data management practices on the part of the entities that process data: the "data controllers". These include the obligation to process data fairly and in a secure manner, and to use personal data for well-defined and legitimate purposes. This Flash Eurobarometer survey on Data Protection in the EU (No 226) measures perceptions about data protection among data controllers in the 27 EU Member States.

Labels: ,

18 April 2008

UK - People are mugs over identity theft

(Silicon News)
Social network data makes life too easy for fraudsters. Identity theft is rife. Perhaps it's time individuals took a leaf out of business's book and adopted a personal information policy that will make life harder for criminals.

Labels: , ,

08 April 2008

EU - Search engines must delete data after six months, say watchdogs

(OUT-LAW News)
Search engines must delete search logs after six months if they are to comply with data protection laws, according to a committee of EU countries' privacy watchdogs. The Article 29 Working Party has published a long-awaited report into search engines and privacy which is the result of months of consideration. That report says that search engine companies must delete personal data as soon as they have used it for the purpose for which it was gathered, and that it should not be routinely kept for longer than six months.

Labels:

20 March 2008

Facebook opens door to second-class friends

(Times)
Facebook is to allow its users to create a hierarchy of friends within their profiles - in a move that threatens to complicate the already delicate social etiquette that governs the site. As part of new controls to be introduced in the social networking site's privacy settings, Facebook users will be given the option of banning certain friends from seeing what they are up to and accessing sensitive information in their profile. The change will mean that, for instance, a particular friend - a former partner, say - could be prevented from seeing that a person had changed their relationship status, while others could be banned from knowing the person's political or religious views.

Labels: ,

17 March 2008

Web creator rejects net tracking

(BBC)
The creator of the web has said consumers need to be protected against systems which can track their activity on the internet. Sir Tim Berners-Lee told BBC News he would change his internet provider if it introduced such a system. Plans by leading internet providers to use Phorm, a company which tracks web activity to create personalised adverts, have sparked controversy.

Labels:

08 March 2008

FR - Note2be.com jugé « illégitime » par la Cnil

(ZDNet.fr)
Le très controversé site Note2be.com qui permet aux élèves de noter leurs profs, est épinglé par la la Commission nationale de l'informatique et des libertés (Cnil) qui dénonce notamment le fait que les intéressés ne disposent pas de leur droit de contrôle sur les informations publiées, c'est-à-dire les données nominatives.

Labels:

06 March 2008

Phorm fires privacy row for ISPs

(Guardian)
Web users are up in arms over what they see as an invasion of privacy by a company that will track surfing patterns to serve targeted ads. See also Ad system 'will protect privacy' (BBC).

Labels: ,

04 March 2008

EU - Protection of children's personal data

(Europa)
Working Document 1/2008 on the protection of children's personal data (General guidelines and the special case of schools). WP 147.Adopted by the art. 29 Data Protection Working Party, 18.02.2008,

Labels:

FR - Le site de notation des profs recalé

(Libération)
Les profs ne pourront plus être évalués par leurs élèves. C´est ce que le tribunal des référés de Paris a fait valoir en enjoignant le site Note2be.com à suspendre «l´utilisation de données nominatives d´enseignants aux fins de leur notation et de leur traitement ainsi que leur affichage sur les pages du site». Dans son jugement, le tribunal parle de ces limites qui portent atteinte aux activités d´enseignement, mais aussi de la liberté d´information et d´expression.

Labels:

03 March 2008

CoE - Declaration on protecting the dignity, security and privacy of children on the internet

(Council of Europe)
The traceability of children's activities on the internet may expose them to criminal activities (for example the solicitation or "grooming" of children for sexual purposes, discrimination, bullying, stalking and other forms of harassment). Children need to be informed about the enduring presence of, and the risks associated with, the content they create on the internet. The right to privacy and the secrecy of correspondence is not respected on the internet. The profiling of information and the retention of personal data regarding children's activities can be used for commercial purposes. The Committee of Ministers asks member states to work together to explore the feasibility of removing or deleting such content and its traces within a reasonably short period of time. See Full text of the Declaration

Labels: ,

01 March 2008

UK - Private data, public interest?

The use of material taken from personal profiles on social networks by newspapers is to be the subject of a major consultation undertaken by industry watchdog the Press Complaints Commission (PCC). This comes in the wake of increasingly numbers of newspaper stories that include images and text taken from sites like Bebo, MySpace and Facebook.

Labels:

26 February 2008

EU privacy watchdogs say any processor must obey EU rules

(OUT-LAW News)
Europe's data protection watchdogs have said that internet companies that do any personal data processing in Europe must comply with its privacy laws even if they are based outside of Europe. The Article 29 Working Party, a committee of all of the EU country's privacy or data protection commissioners, said that its data protection rules must apply to personal data processed by companies that do not even have offices in the EU. "[The EU's] provisions also apply to such controllers who have their headquarters outside the EU, but only an establishment in one of the EU Member States, or who use automated equipment based in one of the Member States for the purposes of processing personal data," said a Working Party statement. The EU's privacy watchdogs are locked in a battle with search engine companies such as Google over the processing of personal data. There are debates about whether companies are subject to the EU's rules as well as what those rules mean.

Labels:

AU - Judge on privacy: Computer code trumps the law

(CNET News) Australian Judge Kirby says computer code is more potent than the law--and that legislators are powerless to do anything about it. Technology has outpaced the legal system's ability to regulate its use in matters of privacy and fair use rights.

Labels: , ,

24 February 2008

EU guidelines on RFID aim to protect privacy

(Reuters)
RFID chips embedded in items ranging from pets to retail products will have to be deactivated at the point of sale to protect purchasers' privacy under draft guidelines proposed by the European Commission. A public consultation is being launched into the "soft law" guidelines that EU information society and media commissioner Viviane Reding hopes will be adopted by the European Union executive to be applied in all the bloc's 27 member states. The consultation will be open until 25 April. The Commission services will then analyse the received contributions and put forward a draft Recommendation for adoption before the summer of 2008.

Labels:

Call to scrap children's database

(BBC)
The government faces calls to scrap a database containing the details of every child in England after a report said it could never be secure. The report, by accountants Deloitte and Touche, was ordered after last year's missing data discs crisis. ContactPoint will begin operation in September or October this year, five months later than planned. It will list the name, address and date of birth of every child in England and contact details for their parents, doctors and schools. Every child will be given a "unique identifying number"

Labels:

Personal data privacy 'at risk'

(BBC)
Millions of people are leaving themselves open to identity theft when using social networking websites, according to the consumer group Which? Members of sites such as Facebook can join large networks which reveal personal information to thousands of others on the network. Which? says people are at a greater risk of being targeted by fraudsters than they think.

Labels:

Google argues against calling IP addresses "personal data"

(Ars Technica)
European data protection leaders are considering a plan that would make IP addresses "personal information." Google wants to make sure it doesn't happen, and today it took the fight to the blogosphere. In a new public policy posting, Google software engineer Alma Whitten made the case that IP addresses aren't so much personal information as potentially personal information. Many IP addresses assigned to consumers don't reliably map to a single machine (due to the wonders of DHCP), and even when they do, it's only the machine and not the person who is identified. Google clearly hopes to avoid a "black-and-white declaration that all IP addresses are always personal data."

Labels:

17 February 2008

EU - EC plans biometric border checks

(CNET News)
Visitors to Europe will face biometric screening and automated security checks under proposals for a shake-up of EU border controls. Under plans to strengthen checks at European borders laid out by the European Commission, international travelers would also have their stay logged and monitored by an electronic system, which could become operational by 2015.

Labels: , ,

10 February 2008

US - Teens posting personal info: Study

(NetFamilyNews)
We now have further insights into teens' info-sharing practices in the Journal of Adolescence. According to this, 8.8% revealed their full name, 57% included a picture, 27.8% listed their school and 0.3% provided their telephone number. The authors concluded that "the problem of personal information disclosure on MySpace may not be as widespread as many assume, and the overwhelming majority of adolescents are responsibly using the web site." Personal information of adolescents on the Internet: A quantitative content analysis of MySpace by Sameer Hindujaa and Justin W. Patchin

Labels: , ,

04 February 2008

DE - StudiVZ-Chef fordert runden Tisch zum Datenschutz im Web 2.0

(Heise)
Der Geschäftsführer von StudiVZ, Marcus Riecke, hat sich bei einer Diskussion mit Schülern zum 2. Europäischen Datenschutztag an der Robert-Jungk-Oberschule in Berlin für die Einberufung eines runden Tischs zum Datenschutz im Web 2.0 ausgesprochen. Andere Plattformanbieter, Hüter der Privatsphäre, Werbetreibende, Jugendschützer und Innenpolitiker sollten zusammenkommen, um Rahmenbedingungen für soziale Netzwerke und andere Plattformen im Mitmach-Web abzustecken. Dabei sei etwa der "Zielkonflikt zwischen Daten- und Jugendschutz" bei der Frage der Speicherung von Logfiles der Nutzer zu erörtern.

Labels: ,

DE - Lehrerbenotungen im Internet: 3:0 für Spickmich

(Heise)
Das Landgericht Köln hat im Rechtsstreit zwischen einer Gymnasiallehrerin und dem Schülerportal "Spickmich" erneut gegen die Lehrerin entschieden. Diese will gerichtlich erzwingen, dass ihre persönlichen Daten und Bewertungen gelöscht werden. Bei "Spickmich" können Schüler Bewertungen über ihre Lehrer in Kategorien wie "cool und witzig", "faire Noten" oder "menschlich" abgeben. Die Gymnasiallehrerin, die zunächst lediglich die Note 4,3 erhalten hatte, sieht darin eine Verletzung ihrer Persönlichkeitsrechte und klagt auf Unterlassung. Das Gericht wies die Klage der Lehrerin jedoch als "unzulässig" ab. Das Grundrecht auf Meinungsfreiheit gelte zwar nicht unbeschränkt, sondern finde seine Grenzen bei reinen Schmähkritiken und Beleidigungen, doch davon könne bei "Spickmich" nicht die Rede sein. "Durch die Bewertungen sind nicht das Erscheinungsbild oder die allgemeine Persönlichkeit der Klägerin betroffen, sondern die konkrete Ausübung ihrer beruflichen Tätigkeit", argumentierten die Richter.

Labels: ,

31 January 2008

UK - Watchdog calls for 'reckless data-breach' offence

(ZDNet.co.uk)
The Information Commissioner's Office has called for amendments to UK data-protection laws, including making "reckless" data breaches an offence. In a document submitted to governemnt submitted to government, information commissioner Richard Thomas called for the Data Protection Act (DPA) to be amended to include a penalty for data controllers "knowingly or recklessly failing to comply with the principles" of the DPA.

Labels:

30 January 2008

EU - Countries can choose whether or not to force disclosure of file-sharers

(OUT-LAW News)
The European Court of Justice (ECJ) has ruled that EU law does not force the disclosure of internet users' details in file-sharing cases. The judgment will be a blow to record labels but could also put ISPs in the UK at a commercial disadvantage, a copyright expert has said. The ECJ has said that it is up to each country to decide how to balance the rights of the copyright holders to protect their intellectual property and the rights of internet users to protect their privacy. See Judgment of the Court of Justice in Case C-275/06 Productores de Música de España (Promusicae) v Telefónica de España SAU (ECJ Press Release). See also EU court ruling on file-sharers is not what it seems (OUT-LAW News).

Labels: , ,

28 January 2008

UK - Facebook faces privacy questions

(BBC)
Facebook is to be quizzed about its data protection policies by the UK Information Commissioner's Office. The investigation follows a complaint by a user of the social network who was unable to fully delete their profile even after terminating their account. Currently, personal information remains on Facebook's servers even after a user deactivates an account. Facebook has said it believes its policy is in "full compliance with UK data protection law".

Labels:

UK - Marks & Spencer ordered to encrypt data after laptop theft

(OUT-LAW News)
Marks & Spencer broke the law when it allowed the details of 26,000 employees to be held on a laptop without the protection of encryption, according to the Information Commissioner's Office (ICO). The laptop, and the information on it, has been stolen. The retailer must ensure that all laptop hard drives are encrypted by April of this year. If it fails to comply with an enforcement notice issued against it by the ICO it could face criminal charges.

Labels:

25 January 2008

Social sites prove hard to leave behind

(BBC)
Thousands of final-year students who've put a lot of information on social networks are starting to worry about what potential employers may find if they take a look. But one student at Nottingham Trent University has found just how hard it can be to leave one of the networks, MySpace.

Labels: ,

23 January 2008

UK - Whitehall staff face laptop ban

(Press Association)
A new ban on Whitehall staff removing unencrypted laptops containing personal data from their offices has begun. A massive operation to ensure that civil servants comply with the new rule, laid down by Cabinet Secretary Sir Gus O'Donnell on Monday night, is now under way. As well as communicating the policy to all staff, departments will have to ensure that officials can continue to do their jobs within the constraints of the ban.This is likely to involve the encryption of large swathes of data.

Labels: ,

UK - Ministry of Defence lost three unencrypted laptops

(ZDNet.co.uk)
Secretary of state for defence Des Browne has admitted that the laptop lost by the Ministry of Defence containing details of up to 600,000 defence personnel was not encrypted, and also that services personnel have previously lost two more laptops containing similar unencrypted recruitment information. On 9 January, the unencrypted laptop was stolen from a recruiting officer's car which had been left overnight in a car park in Edgbaston, Birmingham. The information on the stolen laptop included 3,700 people's bank details, as well as other data on up to 600,000 people, including their names. Approximately 153,000 people also had data including addresses, passport details, national insurance numbers, driver's licence details, doctors' addresses and National Health Service numbers compromised.

Labels: ,

22 January 2008

EU - Do internet companies protect personal data well enough?

(EP Press Service)
Claims that big internet companies, such as Google or Yahoo, track the on-line behaviour of millions of users, so as to be able to sell the resulting data to on-line advertisers, raise difficult issues, such as whether these data could also be used for other purposes that violate personal privacy, said data protection, industry and consumer protection bodies at a public hearing held by the Civil Liberties Committee on 21 January. see also EU Official: IP Is Personal (AP). IP addresses, string of numbers that identify computers on the Internet, should generally be regarded as personal information, the head of the European Union's group of data privacy regulators said.

Labels:

21 January 2008

MySpace Bug Leaks 'Private' Teen Photos to Voyeurs

(Wired)
A backdoor in MySpace's architecture allows anyone who's interested to see the photographs of some users with private profiles - including those under 16 - despite assurances from MySpace that those pictures can only be seen by people on a user's friends list. Info about the backdoor has been circulating on message boards for months. Since the glitch emerged last fall, it has spawned a cottage industry of ad-supported websites that make it easy to access the photographs, spurring self-described pedophiles and run-of-the-mill voyeurs to post photos pilfered from private MySpace accounts.

Labels:

19 January 2008

UK - Facebook faces privacy questions

(BBC)
Facebook is to be quizzed about its data protection policies by the Information Commissioner's Office. The investigation follows a complaint by a user of the social network who was unable to fully delete their profile even after terminating their account. Currently, personal information remains on Facebook's servers even after a user deactivates an account. Facebook has said it believes its policy is in "full compliance with UK data protection law".

Labels: ,

16 January 2008

FBI takes biometrics database proposal to U.K.

(CNET News.com)
Police in the U.K. are in talks with the FBI about establishing an international biometric database for tracking down the world's most wanted criminals and terrorists. The so-called "server in the sky" database would share criminals' biometric data, such as fingerprints and iris scans, internationally. The Washington Post reported last month that the FBI is spending $1 billion to develop the world's largest centralized biometrics database, a system the agency calls Next Generation Identification.

Labels: , ,

08 January 2008

UK - TV presenter hoist with own petard

(Press Association)
Top Gear presenter Jeremy Clarkson has admitted he was wrong to brand the scandal of lost CDs containing the personal data of millions of Britons a "storm in a teacup" after falling victim to an internet scam. The outspoken star printed his bank details in a newspaper to try and make the point that his money would be safe and that the spectre of identity theft was a sham. He also gave instructions on how to find his address on the electoral roll and details about the car he drives. However, in a rare moment of humility Clarkson has now revealed the stunt backfired and his details were used to set up a £500 direct debit payable from his account to the British Diabetic Association. see also Twice bitten: acts of stupidity can lead to identity theft (Cnet).

Labels: ,

03 January 2008

Big Brother gets bigger, says global privacy study

(CNet)
According to a new international privacy report, governments around the world are increasingly invading the privacy of citizens with surveillance, identification systems, and archiving of private data. Driven by concern over immigration and border control, countries have been quick to implement database, identity, and fingerprinting systems, according to the 2007 International Privacy Ranking report. See also UK is Europe's worst in privacy league (Info4Security).

Labels:

01 January 2008

EU - EDPS expresses serious concerns about EU PNR proposal

(RAPID)
The European Data Protection Supervisor (EDPS) has issued his Opinion on the recent proposal of the Commission for a Council Framework Decision on the use of Passenger Name Record (PNR) data for law enforcement purposes. The proposal involves obligations for air carriers to transmit data about all passengers on flights to or from an EU Member State. The Opinion emphasizes the major impact the proposal would have on privacy and data protection rights of air passengers. While acknowledging that the fight against terrorism is a legitimate purpose, the EDPS expresses serious concerns about the necessity and proportionality of the proposal which, in his view, are not sufficiently established in the proposal. In addition, the EDPS takes a critical stance on the lack of clarity in relation to various aspects of the proposal, in particular the applicable legal framework, the identity of the recipients of personal data, and the conditions of transfer of data to third countries.

Labels:

EU - Commission welcome intervention by Dutch regulator OPTA against spyware and malware

(RAPID)
The Dutch Telecom Regulator OPTA has imposed a fine totalling 1 million euro on three Dutch enterprises for illegally installing software - so called spyware and adware - on more than 22 million computers in the Netherlands and elsewhere. The companies fined now by OPTA operated together under the name DollarRevenue, which was considered to be among the 10 largest spyware distributors in the world. They managed to install the software on personal computers via downloads from the Internet and by exploiting security loopholes in computer programmes. The illegally installed software allowed the companies to spy on the consumer's on line behaviour and triggered pop-up windows containing specific advertising material. Unlawful access to a personal computer to stall information such as spyware and adware is prohibited under European law, namely article 5(3) of the EU's ePrivacy Directive of 2002. National regulators are called upon to enforce this prohibition by deterrent measures. Yesterday's decision by OPTA is the first time that a national regulator has resorted to drastic fines against a company acting in violation of the EU ban.

Labels: ,

17 December 2007

UK - Millions of L-drivers' data lost

(BBC)
The details of three million candidates for the driving theory test have gone missing, Ruth Kelly has told MPs. Names, addresses and phone numbers - but not financial data - were among details on a computer hard drive which went missing in the US in May. It belonged to a contractor to the Driving Standards Agency, the transport secretary told MPs.

Labels: ,

05 December 2007

UK - Government offers reward in hunt for lost data

(Guardian)
The government has offered a £20,000 reward for the safe return of two missing CDs containing personal details of half the British population. The Metropolitan police, which has been heading the search for the data, has asked thousands of government workers to check their desks and homes "in case the package or discs have turned up".

Labels: , ,

01 December 2007

EU - Public Security, Privacy and Technology:

(RAPID)
Technology developments can enhance the protection of privacy and at the same time allow law enforcement authorities for a secure and timely access to information, including personal data. The Conference on Public Security, Privacy and Technology, organised by the European Commission brings together public and private sectors representatives to discuss this topics. See Closing speech on Public Security, Privacy and Technology by Franco Frattini, European Commissioner responsible for Justice, Freedom and Security. Programme.

Labels: ,

UK - Police target rubbish tips in hunt for missing data discs

(Scotsman)
POLICE hunting for the two missing data discs containing sensitive data about millions of people have searched rubbish tips in London, Scotland Yard said. The discs, containing 25 million child benefit claimants' personal details, went missing when a junior official sent them by courier in the internal mail from the Child Benefit office in Washington, Tyne and Wear, to the National Audit Office in London on October 18.

Labels: ,

Facebook in privacy U-turn over Beacon

(FT)
Privacy advocates declared victory after Facebook, the social networking website, moved to placate users concerned about the intrusiveness of its new Beacon advertising system. Changes to Beacon will allow users to ?opt-in? to sharing information through the service, which broadcasts purchases made on outside websites to Facebook users? friends.

Labels: ,

23 November 2007

UK - Young warned over social websites

(BBC)
Millions of young people could damage their future careers with the details about themselves they post on social networking websites, a watchdog warns. The Information Commissioner's Office found more than half of those asked made most of their information public.

Labels: , ,

22 November 2007

UK - Watchdog: Protecting data is not 'rocket science'

(ZDNet.co.uk)
In the wake of the largest-ever data breach to hit the UK, the Information Commissioner's Office has criticised the apparent lack of technological safeguards in government departments and called for "privacy-enhancing technologies" to be built into future projects.

Labels: , ,

21 November 2007

UK - Ministers under fire over records

(BBC)
The UK government's "basic competence" has been questioned by the Tories after the loss in the post of computer discs with 25m people's personal details on them. The child benefit data on them includes names, ages, bank and address details.

Labels: , ,

01 November 2007

UK - Data breaches misunderstood by gov't, say Lords

(Silicon News)
The government has failed to understand the threat to the continued growth of the internet posed by cyber crime, according to the influential House of Lords Science and Technology Committee.

Labels: ,

24 October 2007

US - NSA cooperation: OK for e-mail, IM companies?

(CNET News)
A new Senate bill would protect not only telephone companies from lawsuits claiming illegal cooperation with the National Security Agency. It would retroactively immunize e-mail providers, search engines, Internet service providers and instant-messaging services too.

Labels: , , ,

30 September 2007

Learning to live with Big Brother

(Economist)
These days, data about people's whereabouts, purchases, behaviour and personal lives are gathered, stored and shared on a scale that no dictator of the old school ever thought possible. Most of the time, there is nothing obviously malign about this. Governments say they need to gather data to ward off terrorism or protect public health; corporations say they do it to deliver goods and services more efficiently. But the ubiquity of electronic data-gathering and processing - and above all, its acceptance by the public - is still astonishing, even compared with a decade ago. Nor is it confined to one region or political system.

Labels:

29 September 2007

US - Google defends DoubleClick bid

(Computing)
Google has stepped up its battle to acquire advertising group DoubleClick, as the company's chief legal officer appeared before the US Congress. David Drummond told the Senate hearing that the proposed $3.1bn deal would be beneficial to the public and US enterprise. A subcommittee of the Senate Committee on the Judiciary will decide if the merger risks infringing on privacy and antitrust rules. The attack on Google's planned purchase has been led by key rival Microsoft. The software giant's general counsel, Brad Smith, told the hearing that acquiring DoubleClick would make Google, "the overwhelmingly dominant pipeline for all forms of online advertising."

Labels: ,

28 September 2007

Google's Gmail cookie vulnerability exposes user's privacy

(CNET News)
The "ethical hacking" group GNUCitizen has developed a proof-of-concept program to steal contacts and incoming e-mails from Google Gmail users. "This can be used to forward all your incoming e-mail," Pure Hacking security researcher Chris Gatford said. "It's just a proof of concept at the moment, but what they're demonstrating is the potential to use this vulnerability for malicious purposes."

Labels:

16 September 2007

FR - Is the IP address still a personal data in France?

(EDRI)
Two decisions from the Paris Appeal Court held that collection of IP addresses does not constitute a processing of personal data, and consequently was not subject to CNIL prior authorization, as required by the French Data Protection Act. In the mean time, the Advocate General of the European Court of Justice, in case C-257/06 Productores de Música de España (Promusicae) v. Telefónica de España, an entirely separate case lodged for reference by a Spanish Court under the preliminary ruling procedure, took the position that the EU legislation on personal data protection should prevail on the Community law on e-commerce, copyright protection and IP enforcement.

Labels: ,

15 September 2007

Do social network sites genuinely care about privacy?

(Guardian)
Very deeply, because it's only by guarding it jealously and parcelling it up and then selling it to someone else that they can make any money. Thus this season's poster child for social networking, Facebook, announced on its blog that in a few weeks, it will make parts of its 40 million users' details, such as their names and pictures, available to the major search engines - Google, Yahoo! and MSN Live - and so visible to anyone online. Why? Simple: money.

Labels: ,

Google calls for international privacy laws and policies

(OUT-LAW News)
The head of privacy at Google is urging the governments of the world to adopt a unified set of privacy laws to protect personal data online. A non-binding framework that is already used by Asia Pacific nations is recommended for global use.

Labels:

BE - ISP claims court ruling will force it into 'illegal' behaviour

(OUT-LAW News)
A Belgian court ruling would force internet service providers into conducting "invisible and illegal" checks on internet users' actions, according to Belgian ISP Scarlet, who were recently ordered by a Belgian court to block its users from engaging in illegal file-sharing. It has now lodged an appeal against that ruling. "This measure is nothing else than playing Big Brother on the Internet,'' said Scarlet managing director. "If we don't challenge it today, we leave the door open to permanent, and invisible and illegal, checks of personal data."

Labels: , , ,

Google calls for web privacy laws

(BBC News)
Google has been attacked for its own privacy policy : now the company has called on governments and business to agree a basic set of global privacy rules. Without global standards the health of the internet was at risk, the firm's privacy chief told a UN agency conference in Strasbourg. He said that the rise of the net meant vast amounts of personal data was now regularly shipped around the globe.

Labels: ,

02 September 2007

Who's afraid of Google?

(Economist)
The world's internet superpower faces testing times. Rarely if ever has a company risen so fast in so many ways as Google, the world's most popular search engine. The list of constituencies that hate or fear Google grows by the week. And now come the politicians. Libertarians dislike Google's deal with China's censors. Conservatives moan about its uncensored videos. But the big new fear is to do with the privacy of its users.

Labels:

01 September 2007

Second Monster hack affects millions

(vnunet.com)
Monster.com has admitted that the number of job seekers on its website who had their personal data stolen is greater than the 1.3 million originally reported. Monster.com kept the original attack secret for five days before alerting users to the problem. The company's database holds around 73 million CVs. Iannuzzi claimed that only a few hundred had cancelled their accounts, along with a "handful" of employers.

Labels: ,

19 August 2007

Facebook users pretty willing to add strangers as 'friends'

(News.com)
IT security firm Sophos has released the results of its Facebook ID Probe, a test to see just how many users of the site are willing to divulge highly personal information to potential identity thieves. The results, to say the least, show that more than a few Facebook members might not be taking their privacy seriously enough. Sophos created a fake Facebook profile, and randomly requested 200 members to be friends with 'Freddi.' Out of those 200, 87 accepted the friend request and 82 of those gave 'Freddi' access to "personal information" such as e-mail addresses, dates of birth, addresses and phone numbers, and school or work data.

Labels: ,

18 August 2007

UK - Press Complaints Commission raps paper over online video

(OUT-LAW News)
The Press Complaints Commission (PCC) has issued its first ever ruling on video content published online by a newspaper. It said that the Hamilton Advertiser breached school pupils' rights to privacy with a video of an unruly classroom.

Labels: ,

14 August 2007

UK - Honesty the best online policy

(BBC News)
Columnist Bill Thompson says firms should tell customers when their computer security has been breached. UK organisations have no legal duty to tell if personal data has been compromised. The situation may change, if the House of Lords Select Committee on Science and Technology has its way. They have spent the last year looking at internet security and how it affects us all and they published their final report, called Personal Internet Security.

Labels: , ,

04 August 2007

EU - MEPs fear that new PNR agreement fails to protect citizens' data

(EP Press RElease)
The European Parliament looked into the recent agreement signed by the EU-US administration for the transfer of air passengers' data and concluded in its resolution that the new deal still fails to offer an adequate level of data protection and it has been concluded without any involvement of parliaments from both sides, lacking democratic oversight. While recognising the difficult conditions under which the negotiations took place, MEPs regret that the EU-US agreement for the transfer of Passenger Name Records (PNR) is 'substantively flawed', in particular by 'open and vague definitions and multiple possibilities for exception'.

Labels:

02 August 2007

EU - EDPS - Data Protection Directive should be fully implemented

(EDRI-gram)
The EDPS (European Data Protection Supervisor), Peter Hustinx, issued on 25 July 2007 an opinion on the European Commission communication regarding the improved implementation of the EC Data protection directive (95/46), considering that the Directive should not be amended and asking for its full implementation before applying any changes.

Labels:

01 August 2007

EU finds clerical solution to PNR privacy concerns

(OUT-LAW News)
A new passenger name records (PNR) deal was announced this week by the EU and the US. It covers how much information can be handed to US authorities about passengers on flights from Europe to the US and the conditions on which it was kept. The US won major concessions from the EU, winning its demands to keep data for far longer and the ability to pass it on to other US agencies. The EU appeared to win one argument, reducing the amount of data transferred. However, the reduction of the number of data fields handed to US security services announced by the European Union was achieved by squeezing almost the same amount of data on to fewer lines. The news undermines what was seen as a concession won by EU negotiators.

Labels:

UK - Data retention law passed

(OUT-LAW News)
UK telecoms companies will have to keep phone call logs for a year under a new law to come into force in October. The law does not apply to records of internet activity, such as web surfing, email and Voice over Internet Protocol (VoIP) phone calls. The Data Retention (EC) Regulations transpose into UK law most of the European Union's Data Retention Directive. The Regulations will come into force on 1st October, two weeks after the deadline set by the EU, but they will not apply to internet traffic data. The Directive allows member states to extend the rules to internet data at a later date, provided these rules are in force by 15th March 2009.

Labels:

30 July 2007

UK - Caught on camera ? and found on Facebook

(BBC)
Facebook, the social networking website, is being used as a disciplinary tool by university authorities. Staff at Oxford University are searching the website, collecting photographs of students who they say have broken rules on post-examination celebrations, and handing down fines. The student union has branded the move a "disgraceful" intrusion into privacy and has e-mailed every common room advising how to prevent dons viewing the photographs.

Labels: ,

23 July 2007

Search sites tackle privacy fears

(BBC)
User worries are driving search firms to let people manage how much data they reveal when they visit the sites. The top four search sites, Google, Microsoft, Yahoo and Ask, have unveiled plans to cut how much data they hold and how long they store it. Going furthest Ask said it would let users search without surrendering any data about themselves and their PC.

Labels:

22 July 2007

US - Identity theft? What identity theft?

(Infoworld)
The GAO reports that identity theft really isn't a problem. The problem, apparently, is that the process of notifying consumers whenever their personal financial information has been compromised is confusing us simple-minded folks.

Labels: ,

21 July 2007

Google cookies will 'auto delete'

(BBC)
Google has said that its cookies, tiny files stored on a computer when a user visits a website, will auto delete after two years. They will be deleted unless the user returns to a Google site within the two-year period, prompting a re-setting of the file's lifespan. The company's cookies are used to store preference data for sites, such as default language and to track searches.

Labels:

06 July 2007

US - Appeals court dismisses suit against NSA spy program

(CNET News)
In a setback for foes of a controversial Bush administration wiretapping program, a federal appeals court threw out an American Civil Liberties Union lawsuit that alleged illicit snooping on Americans' calls and e-mails.

Labels: ,

EU - Our data retention is not data protection watchdogs' business, says Google privacy boss

(OUT-LAW News)
The retention of search engine query data is a security matter and not one for Europe's data protection officials, according to Google's global privacy chief. Google said that it had to keep the records because the Data Retention Directive demanded it, but the Article 29 Working Party said that the Directive does not apply to search engines.

Labels:

05 July 2007

EU / USA - Final agreements on PNR and SWIFT

(EDRI-gram)
After a long and difficult period of negotiations, on 28-29 June 2007, final agreements were reached between EU and USA on the data regarding European financial transactions operated by Belgian consortium SWIFT and on the passenger name records (PNR) issue respectively. Regarding the access to financial data from SWIFT, the US has committed to use any data received from SWIFT exclusively for counter-terrorism purposes, the data retention period being of 5 years. An "agreement was reached on the substance of the new Passenger Name Records (PNR) system, with only technical details and EU national parliaments' opinion still to be resolved".

Labels:

EU proposes anti-terror measures

(BBC)
The European Commission is drafting new Europe-wide measures to bolster the fight against terrorism, including sharing air passenger data. EU Justice Commissioner Franco Frattini said that all states needed to co-operate more closely. The measure is expected to require air passengers travelling into the EU to submit data for security agencies. Other proposals include creating a "rapid-alert" system for stolen explosives, a network of bomb disposal squads and making the spread of bomb-making instructions online a criminal offence.

Labels: , ,

DE - German legislation troubles the big Internet companies

(EDRI-gram)
Yahoo and Google seems to have problems adapting their business to the tough requirements of the German law regarding content harmful to minors and the implementation of the data retention directive, respectively. Yahoo has recently changed the way the content filter setting for its photo-sharing service Flickr works for German members so that they can't view photos labelled as "moderate" or "restricted" via the search function. The German draft law for the implementation of the data retention directive also raises problems with the online service providers. The draft foresees that providers of e-mail services will basically have to keep records of the following: the user's IP address for each e-mail sent and for each access to the inbox as well as the sender's network ID for every e-mail received. Peter Fleischer, Google privacy counsellor considered the draft law as "a severe blow to privacy " and praised the possibility to have anonymous email accounts.

Labels: ,

01 July 2007

OECD - Net growth prompts privacy update

(BBC)
The world's leading industrialised nations have been forced to update privacy laws made obsolete by the huge volume of data moving around the net. Of particular concern to the 30 OECD states was the increasing amount of personal data flowing between nations. These cross-border torrents made it tricky to prevent unlawful use of people's data and for authorities to enforce existing laws, the OECD said. The newly adopted recommendations update a 27-year-old agreement. The 1980 guidelines laid the foundations of privacy laws amongst OECD states but did not account for the internet age, with instant access to global information. OECD Recommendation on Cross-border Co-operation in the Enforcement of Laws Protecting Privacy.

Labels:

28 June 2007

BR - YouTube wins "supermodel sex on the beach" case

(Ars Technica)
A Brazilian judge has ruled in favor of YouTube, Globo Comunicações e Participações, and Internet Group do Brasil (iG) this week in a case involving Brazilian model Daniella Cicarelli and a sex video. Cicarelli and her boyfriend, Tato Malzoni, had sued YouTube after a video of the couple having sex on a public beach in Brazil appeared on the site. The pair argued that YouTube was violating their privacy. Judge Gustavo Santini Teodoro ruled that the couple's privacy claims were unfounded and ordered Cicarelli to pay fees to each of the defendants.

Labels: , ,

15 June 2007

EU - Police will share data across Europe against privacy chief's advice

(out-law.com)
The Council of Ministers agreed the new deal at a meeting of justice and home office ministers this week. It will open up police databases, including DNA databases, to queries from all other EU nations. The deal has been agreed against the advice of the European Data Protection Supervisor (EDPS), whose role is to advise Europe's governing bodies on privacy and data protection issues.

Labels:

EU - Data retention laws do not cover Google searches

(out-law.com)
Google is not bound by the Data Retention Directive when it comes to search engine logs, Europe's data protection committee has said. Google has used the Directive to justify keeping data, but OUT-LAW has learned that the law does not apply. Google has come under increasing pressure in Europe to anonymise its server data, but the company says that it will wait until 18?24 months have passed before anonymising. Among its reasons for this was the Data Retention Directive.

Labels:

14 June 2007

US - TorrentSpy ruling a 'weapon of mass discovery'

(CNET News)
A judge in Los Angeles found that a computer server's RAM, or random-access memory, is a tangible document that can be stored and must be turned over in a lawsuit. It was a pro-copyright ruling that stunned nearly everyone dealing with the issue of online piracy. You may have to surrender what's in your RAM if sued. Legal experts say decision may cost businesses big bucks and threaten Web privacy.

Labels: ,

Open new window when link clicked
Subscribe to Newsletter
text | HTML
Daily Digest
RSS feed