Issue no. 389 - 22 June 2008

• Watching while you surf (Economist)
  Is it a worrying invasion of privacy for web surfers, or a lucrative new business model for online advertising? A new "behavioural" approach to targeting internet advertisements, being pioneered by companies such as Phorm, NebuAd and FrontPorch, is said to be both of these things. The idea is that special software, installed in the networks of internet-service providers (ISPs), intercepts webpage requests generated by their subscribers as they roam the net. The pages in question are delivered in the usual way, but are also scanned for particular keywords in order to build up a profile of each subscriber's interests. These profiles can then be used to target advertisements more accurately.

Issue no. 388 - 1 June 2008

• A simple way to avoid being the next Star Wars Kid (Times)
  by Jonathan Zittrain. Embarrassing images can find their way onto the web all too easily, ruining the lives of the people depicted, but a 'privacy tag' could prevent it.

• CA - Facebook 'violates privacy laws' (BBC)
  A Canadian privacy group has filed a complaint against the social networking site Facebook accusing it of violating privacy laws. The Canadian Internet Policy and Public Interest Clinic (CIPPIC) has listed 22 separate breaches of privacy law in its country. Facebook rejects the charge, claiming some of the highest standards around. The basis of the complaint, filed with the Office of the Privacy Commissioner, states that Facebook collects sensitive information about its users and shares it without their permission. It goes on to say that the company does not alert users about how that information is being used and does not adequately destroy user data after accounts are closed.

• EU - Commission replies on Phorm (Cable Forum)
  The ePrivacy Directive obliges Member States to ensure the confidentiality of communications and related traffic data through national legislation. In particular, they shall prohibit listening, tapping, storage or other kinds of interception or surveillance of communication and the related traffic data by persons other than the users without their consent, which must be freely given, specific and informed indication of the user's wishes. The data concerned in this particular matter i.e. the content of search queries, constitute communication within the meaning of this Directive and the URLs used in the packets constitute traffic data. This data should therefore be protected appropriately.

• FR - Passeports biométriques : avis défavorable de la CNIL (Le Monde)
  Le gouvernement est passé outre l'avis de la Commission nationale de l'informatique et des libertés (CNIL) en créant le nouveau passeport biométrique, qui devra contenir, outre une photo numérisée, les empreintes digitales de huit doigts. Selon la CNIL, don’t l'avis du 11 décembre 2007 a été publié au Journal officiel du 10 mai, "un sujet d'une telle importance devait passer devant le Parlement et nous n'avons pas obtenu les éléments qui permettent de justifier la création de cette banque de données", a résumé à l'AFP son président, Alex Türk.

• Google blurs the privacy issue (Guardian)
  Google is hoping to avoid a fight with European privacy campaigners as it prepares to launch its controversial Street View service this side of the Atlantic later in the year, by introducing new technology that blurs the faces of people its cameras inadvertently snap while scanning the streets.

• Google founders in web privacy warning (FT)
  Social networks and other companies' "aggressive" attempts to target advertising according to users' search behaviour risk damaging the internet industry's reputation, Google's co-founders have warned. Google has faced particular resistance in Europe to its policy of retaining users' search history to improve search results, but comments made by Sergei Brin and Larry Page to journalists at a Google conference in Hertfordshire seemed designed to identify others as the bigger threat to internet users' privacy.

Issue no. 387 - 12 May 2008

• EU - EDPS Opinion on ePrivacy Directive review (RAPID)
  On 10 April, the European Data Protection Supervisor (EDPS) adopted an Opinion on the European Commission's proposal amending the Directive on Privacy and electronic communications, usually referred to as the ePrivacy Directive. Peter Hustinx, EDPS, says: "I welcome the approach followed by the proposal which is in line with views expressed in previous opinions. However, the proposed amendments to the Directive are not as ambitious as they should be. In dealing with new issues, such as the setting up of a mandatory security breach notification system, the proposal remains too restrictive in its scope."

• IT - Publish and be taxed (Economist)
  At the end of April, without warning or consultation with the data-protection authority the Italian tax authorities put all 38.5m tax returns for 2005 up on the internet. The site was promptly jammed by the volume of hits. Before being blacked out at the insistence of data protectors, vast amounts of data were downloaded, posted to other sites or, as eBay found, burned on to disks.

Issue no. 386 - 20 April 2008

• EU - Search engines must delete data after six months, say watchdogs (OUT-LAW News)
  Search engines must delete search logs after six months if they are to comply with data protection laws, according to a committee of EU countries' privacy watchdogs. The Article 29 Working Party has published a long-awaited report into search engines and privacy which is the result of months of consideration. That report says that search engine companies must delete personal data as soon as they have used it for the purpose for which it was gathered, and that it should not be routinely kept for longer than six months.

• US - Groups seek to shield minors' Web data (Los Angeles Times)
  A coalition of medical groups and child advocates called for guidelines that would prevent Internet companies from tracking the behavior of minors online, contending that many adolescents are divulging more than they realize and aren't digesting complex privacy policies. The American Academy of Pediatrics and the American Psychological Assn. were among those asking the Federal Trade Commission to encourage the Internet industry to stop profiling young Web surfers by monitoring the sites they visit and the interests they list on social networks such as MySpace and Facebook. Childrens' Advocy Group filing. See also Microsoft not opposed to regulation of online privacy (CNet). See Online Behavioral Advertising: Moving the Discussion Forward to Possible Self-Regulatory Principles Public Comments (FTC).

Issue no. 385 - 21 March 2008

• AU - Judge on privacy: Computer code trumps the law (CNET News)
  Australian Judge Kirby says computer code is more potent than the law - and that legislators are powerless to do anything about it. Technology has outpaced the legal system's ability to regulate its use in matters of privacy and fair use rights.

• CoE - Declaration on protecting the dignity, security and privacy of children on the internet (Council of Europe)
  The traceability of children's activities on the internet may expose them to criminal activities (for example the solicitation or "grooming" of children for sexual purposes, discrimination, bullying, stalking and other forms of harassment). Children need to be informed about the enduring presence of, and the risks associated with, the content they create on the internet. The right to privacy and the secrecy of correspondence is not respected on the internet. The profiling of information and the retention of personal data regarding children's activities can be used for commercial purposes. The Committee of Ministers asks member states to work together to explore the feasibility of removing or deleting such content and its traces within a reasonably short period of time. See Full text of the Declaration.

• EU - Protection of children's personal data (Europa)
  Working Document 1/2008 on the protection of children's personal data (General guidelines and the special case of schools). WP 147.Adopted by the art. 29 Data Protection Working Party, 18.02.2008,

• EU privacy watchdogs say any processor must obey EU rules (OUT-LAW News)
  Europe's data protection watchdogs have said that internet companies that do any personal data processing in Europe must comply with its privacy laws even if they are based outside of Europe. The Article 29 Working Party, a committee of all of the EU country's privacy or data protection commissioners, said that its data protection rules must apply to personal data processed by companies that do not even have offices in the EU. "[The EU's] provisions also apply to such controllers who have their headquarters outside the EU, but only an establishment in one of the EU Member States, or who use automated equipment based in one of the Member States for the purposes of processing personal data," said a Working Party statement. The EU's privacy watchdogs are locked in a battle with search engine companies such as Google over the processing of personal data. There are debates about whether companies are subject to the EU's rules as well as what those rules mean.

• Facebook opens door to second-class friends (Times)
  Facebook is to allow its users to create a hierarchy of friends within their profiles - in a move that threatens to complicate the already delicate social etiquette that governs the site. As part of new controls to be introduced in the social networking site's privacy settings, Facebook users will be given the option of banning certain friends from seeing what they are up to and accessing sensitive information in their profile. The change will mean that, for instance, a particular friend - a former partner, say - could be prevented from seeing that a person had changed their relationship status, while others could be banned from knowing the person's political or religious views.

• FR - Le site de notation des profs recalé (Libération)
  Les profs ne pourront plus être évalués par leurs élèves. C´est ce que le tribunal des référés de Paris a fait valoir en enjoignant le site Note2be.com à suspendre «l´utilisation de données nominatives d´enseignants aux fins de leur notation et de leur traitement ainsi que leur affichage sur les pages du site». Dans son jugement, le tribunal parle de ces limites qui portent atteinte aux activités d´enseignement, mais aussi de la liberté d´information et d´expression.

• FR - Note2be.com jugé « illégitime » par la Cnil (ZDNet.fr)
  Le très controversé site Note2be.com qui permet aux élèves de noter leurs profs, est épinglé par la la Commission nationale de l'informatique et des libertés (Cnil) qui dénonce notamment le fait que les intéressés ne disposent pas de leur droit de contrôle sur les informations publiées, c'est-à-dire les données nominatives.

• Phorm fires privacy row for ISPs (Guardian)
  Web users are up in arms over what they see as an invasion of privacy by a company that will track surfing patterns to serve targeted ads. See also Ad system 'will protect privacy' (BBC).

• UK - Information Commissioner to focus on reducing risk, not enforcement (OUT-LAW News)
  The Information Commissioner's Office (ICO) has said that its aim is to protect people from the risks associated with abuses of their personal data rather than strictly enforce the law. It has announced its broad aims in a new strategy document. The document will guide its activities overall, prioritising the use of its resources which it said were not sufficient to do everything it could in the data protection arena. See the new ICO strategy (24-page / 832KB PDF).

• UK - Private data, public interest? (BBC)
  The use of material taken from personal profiles on social networks by newspapers is to be the subject of a major consultation undertaken by industry watchdog the Press Complaints Commission (PCC). This comes in the wake of increasingly numbers of newspaper stories that include images and text taken from sites like Bebo, MySpace and Facebook.

more items

QuickLinks consists of

• a free newsletter appearing approximately every two to three weeks. The newsletter is distributed by electronic mail through an "announcement only" mailing list.
• a Web site with frequent updates, an events page, news items organised by category as well as chronologically by issue and full text search.