QuickLinks - Data Protection (privacy)
QuickLinks - Data Protection (privacy)
Issue no. 344 - 18 September 2005
- DK - Privacy watchdog finds police data riddled with errors
The Danish Data Protection Agency has criticised Denmark's National Commissioner of Police for what it calls an "unacceptably high" number of errors in reporting individuals to the Schengen Information System, or SIS.
- EU - Clarke tells MEPs to back data retention law
The legal framework in which enforcement agencies try to gather and collect vital intelligence data is "very difficult and in some cases impossible", UK Home Secretary Charles Clarke told MEPs in Strasburg. He urged the European Parliament to support plans for EU laws on the retention of telecommunications data, updating the Schengen Information System (which allows citizens from participating Member States to travel throughout those states without checks at internal borders) and in establishing a new Visa Information System.
- EU - UK urges new phone record rules
EU states should keep mobile phone and e-mail records for longer to help fight terrorism and crime, Home Secretary Charles Clarke has told MEPs. Without such measures, European states would be fighting terrorism 'with both hands tied behind our backs', he said. Mr Clarke said telecommunications data proved valuable in the investigation of the London bombings. He rejected complaints about intrusion into privacy, saying there must be effective protection against abuse. Mr Clarke also said laws preventing suspects being deported to places where they faced persecution might have to change. He said he wanted judges to realise of "circumstances in the modern world" when they judging cases involving European human rights laws. See Liberty and Security: Striking the Right Balance (UK Presidency).
- EU moves slowly ahead with data retention law
Member states are slowly moving ahead with plans to harmonize data retention to fight crime and terrorism, despite concerns both about the costs of the proposal and the infringement of civil liberties. At an informal meeting on 8 September, justice ministers tackled both of these issues, during a discussion on the controversial proposal to store information from email and phone calls for up to three years. Afterwards, the European Commission justice spokesperson, said that the general opinion at the meeting had been that data retention was necessary, although details and time frames were to be agreed upon.
Issue no. 343 - 4 September 2005
- AU - Web pic law canvassed
Posting unauthorised photos of children on the internet could be outlawed in Australia. It is one of the options raised in a discussion paper, released on behalf of all state and territory attorneys-general, which reviews the adequacy of existing laws around Australia. The Discussion Paper calls for submissions from interested parties by 14 October 2005.
- Identity theft - a PIP of progress
A company, MyPublicInfo, has officially launched its product, called the PIP, or public information profile. For $79.95, Americans can now go to the firm's website and see, within hours, all the public records about themselves from thousands of databases across the country.
- UK - Getting hot about cold calls
Do you hate it when a company with which you've never done business telephones you to try and sell you something? Have you ever had a silent call when your phone rings but there's nobody there? Unsolicited telephone calls and most especially silent calls are hated by consumers. Around 9.5 million consumers and 500,000 businesses have registered under the Telephone Preference Scheme. A million customers have already signed up to BT's free service BT Privacy. Yet the Direct Marketing Association (DMA), which operates the TPS scheme, and the Information Commissioner's Office (ICO), which is responsible for combating unsolicited calls, apparently receive over 1,500 complaints a week and so far no company has yet been prosecuted.
- US - Court revives indictment in e-mail interception case
A federal appeals court has revived the government's online eavesdropping prosecution against an executive of a company that offered e-mail service and surreptitiously tracked its subscribers' messages. The case, closely watched by Internet privacy groups, had been dismissed in 2003 by a judge who found it was acceptable for the company - an online literary clearinghouse - to make copies of the e-mails so it could peruse messages sent to its subscribers by rival Amazon.com. Decision.
- US - Ex-AOL man jailed for e-mail scam
A former AOL employee has been sentenced to 15 months in prison for selling members' details to spammers. Jason Smathers, 25, said he turned into a 'cyberspace outlaw' after selling the database of 92 million screen names and e-mail addresses. As a result of his actions in 2003, about seven billion unsolicited spam e-mails flooded inboxes of AOL members.
Issue no. 342 - 31 July 2005
- EU - Commission proposal on data retention
The European Commission has finally produced its draft directive on data retention.EDRI has received a copy of the Interservice Consultation, which is circulated amongst Commission officials from several Directorate Generals. The final, possibly amended version is expected to be published some time in August 2005, before the informal JHA Council. According to the Commission, all fixed and mobile telephony traffic and location data from all private and legal persons should be stored for 1 year. Data about communications 'using solely the internet protocol' should be stored for 6 months.
- EU - Data retention may get support, but not 'blind obedience'
Britain's Home Secretary Charles Clarke told MEPs that security must take priority in the fight against terrorism in Europe, despite the concern of many MEPs that his plans for data retention laws could undermine citizens' rights. Addressing the Civil Liberties Committee six days after the London bombings that killed at least 48 people, Mr Clarke gave support to moves to speed up draft EU legislation. It would oblige the retention of communications data from phone calls and emails to help fight terrorism, a plan rejected by MEPs in June when they sent the proposal back to the parliamentary committee for further debate.
- EU - Public access to documents and data protection
A Background Paper by the European Data Protection Supervisor. Summary.
Issue no. 341 - 9 July 2005
- UK - ID cards academic attacks Clarke
The academic whose report on ID cards was branded 'technically incompetent' by Charles Clarke has launched a counter attack on ministers. Simon Davies was one of the authors of the London School of Economics paper which suggested the cost of the scheme could reach £19bn. The home secretary has described the findings as 'fabricated'. But Mr Davies said the government's reaction had been 'appalling, hypocritical' and 'desperate'.
Issue no. 340 - 23 June 2005
Issue no. 339 - 29 May 2005
- US calls for increased and earlier passenger data transfers
US Secretary of Homeland Security Michael Chertoff has told the EU to improve upon a controversial agreement that permits air passenger data transfers to the US, by providing more information and sending it sooner. At present an agreed amount of data is transferred to the US within 15 minutes of a US-bound plane taking off; but this sometimes results in planes being turned back, as has happened twice over the past month. Chertoff indicated that he would prefer the data to be transferred an hour before the plane departed.
Issue no. 338 - 7 May 2005
- FR - Surveillance des réseaux P2P : les règles du jeu de la Cnil
On attendait l'industrie du disque sur ce terrain, mais c'est celle du jeu vidéo qui a décroché la première l'autorisation de la Commission nationale informatique et liberté (Cnil) permettant d'automatiser la prévention et la gestion d'infractions en matière de contrefaçon. Les éditeurs de jeux vidéo ne pourront conserver les adresses IP qu'un mois et en vue d'actions judiciaires. La Cnil a eu son mot à dire sur le contenu des messages de prévention. Voir communiqué de presse (Cnil).
- UK - Passport applicants must give fingerprints
Ministers are to press ahead with the mandatory fingerprinting of new passport applicants using royal prerogative powers to sidestep the loss of their identity card legislation. The police are expected to be given the authority to carry out checks against this newly created national fingerprint database.
- Your Identity, Open to All
A search for personal data on ZabaSearch.com - one of the most comprehensive personal-data search engines on the net - tends to elicit one of two reactions from first-timers: terror or curiosity. Which reaction often depends on whether you are searching for someone else's data, or your own. ZabaSearch queries return a wealth of info sometimes dating back more than 10 years: residential addresses, phone numbers both listed and unlisted, birth year, even satellite photos of people's homes.
Issue no. 337 - 13 April 2005
- EU: Data Retention proposal partly illegal, say Council and Commission lawyers
The Legal Services of both the Council and Commission have argued that the controversial proposal for a Framework Decision on the retention of telephone and Internet data is partly illegal. The Legal Services examined whether part of the proposed Framework Decision falls within the scope of EC law (the 'first pillar', dealing with economic issues, among others) or within the scope of the 'third pillar' (Title VI of the TEU, dealing with criminal law and policing). Both Legal Services conclude that the obligations on service providers to retain and collect data on the use of phones and the Internet would be illegal, because this issue should instead be addressed by EC 'internal market' legislation on the regulation of telecommunications. see also Secret minutes EU data retention meeting (EDRI-gram).
- No delay for EU biometric passports
A new study Biometrics at the Frontiers: Assessing the impact on Society about the future of biometrics in the EU has been released. The study was ordered by the European Parliament Committee on Citizens' Freedoms and Rights, Justice and Home Affairs (LIBE) and carried out by the European Commission Joint Research Centre (DG JRC) Institute for Prospective Technological Studies. The study predicts a giant boost in the use of biometrics in everyday life, once businesses follow-up on the mass acceptation of biometrics in passports. This 'diffusion effect' will cause a need for new legislation. Another main conclusion of the study is the need to recognise the limitations of biometrics 'and the difference that can exist between the perception and the reality of the sense of security provided.' But, as long as the purposes of biometric applications are clearly defined and there is some fall-back procedure in case of failure, the study sees a very bright future for an EU biometrics industry.
- UK - Government abandons ID card bill
The UK government has slammed opposition to the biometric ID card bill after admitting it will be forced to shelve the plans after running out of legislative time in the run up to next month's expected general election. But Home Secretary Charles Clarke has vowed to re-introduce the ID card bill after the election if Labour wins a third term and branded Conservative and Liberal Democrat opposition as 'crazy'.
Issue no. 335 - 20 March 2005
- US - FTC action over customer data sharing
The US Federal Trade Commission has settled a dispute with a shopping cart software company that had been charged with renting customer shopping data to marketers, in breach of the privacy policies of the merchants who were using the software.
Issue no. 334 - 13 March 2005
- EU - EP debate on PNR and data retention
On 9 March the European Parliament debated in plenary in Strasbourg about the transfer of passenger data (PNR) to the US and asked the Commission about the Council plans for mandatory data retention. EU Justice Commissioner Frattini for the first time stated in public that the Commission sees no legal basis for a framework decision from the Council and he personally 'will try to convince' the Council of Justice and Home Affairs to withdraw the proposal. "As a consequence, the Commission will present an alternative proposal on data retention based on Article 95 of the Treaty of the European Community by early spring 2005." Frattini also announced that the Commission will carry out "an impact assessment to determine to what extent the creation of obligations to retain data will have economic implications."
- EU - Frattini will set new agenda on data protection
The question of collection of personal data by telecoms companies will be examined anew as Commissioner Frattini takes over the data potection brief from Commissioner McCreevy. Frattini announced to Parliament duing a debate on data retention in Strasbourg on 9 March that his department, Justice, Freedom and Security, is to take over the data protection portfolio from DG Internal Market. Mr Frattini said that he would table a new proposal on the retention of data by telecoms companies in spring 2005 and that a general proposal on data protection would follow in October or November.
- FR - E-marketing: la Cnil assouplit les règles de la prospection entre professionnels
Toute société de marketing direct peut désormais envoyer un message commercial sur l´adresse professionnelle d´une personne physique, sans son consentement préalable. Seule condition: cet e-mail doit être en rapport avec la fonction du destinataire. La Commission nationale de l'informatique et des libertés (Cnil) a entendu les revendications des sociétés de marketing direct qui s'inquiétaient d'une interprétation trop stricte des dispositions anti-spam de la loi pour la confiance dans l'économie numérique. Ses membres ont accepté de revoir leur position sur la prospection des personnes physiques via leur adresse professionnelle.
- IE - Ireland sneaks data retention into law
Ireland's Government has decided to pass a law on data retention. Data retention was snuck into the Criminal Justice (Terrorist Offences) Act, first introduced in 2002, in the final hours before the Bill became law in February 2005. The law now calls for three years data retention at all phone companies that provide fixed line and mobile services. The obligation does not extend to more complex information such as location data.
- UK - Child database 'will breach human rights'
The government's plans, outlined in a green paper Every Child Matters, for a national database containing details on every child in England and Wales risk breaching the European Convention on Human Rights. In a submission to the education and skills select committee, Richard Thomas, the Information Commissioner, has said that the plans, are in danger of being ruled illegal under European law and may not work in practice.
- US - Critics Question Impartiality of Panel Studying Privacy Rights
Even before recent security breaches exposed private data about millions of consumers, the Department of Homeland Security was assembling a public board to recommend how to best safeguard privacy, as the agency makes use of growing stores of information collected about U.S. citizens. But the 20-member panel has angered security and privacy-rights advocates who charge that it is tilted toward the industries that profit most from gathering, using and selling personal information, often to the government.
Issue no. 333 - 2 March 2005
- EU - Commission opposes framework decision on data retention
According to an update about developments in the JHA Council given to the Dutch Parliament, the Commission wants to initiate a proper first pillar legal initiative, with full co-decision rights for the European Parliament rather than a framework decision on mandatory data retention in the third pillar. The draft framework decision on data retention was introduced in April 2004 by the governments of France, the UK, Ireland and Sweden.
Issue no. 331 - 13 February 2005
- US - Students kept under surveillance at school
(San Francisco Chronicle)
Angry parents, saying their children's privacy rights are being violated, have asked a school board to rescind a requirement that all students wear badges that monitor their whereabouts on campus using radio signals.
Issue no. 330 - 30 January 2005
- US - Tesco 'spychips' anger consumers
Consumers Against Supermarket Privacy Invasion and Numbering (Caspian), a US consumer privacy group has called for a global boycott of Tesco stores over the company's trial of Radio Frequency Identification (RFID) chips. The technology allows products to be tracked via radio waves. Privacy groups have labelled them 'spy chips' because they fear the tags attached to products, can be used to track the behaviour of customers. But Tesco said the tags, being trialled on high value items in 10 stores, were only to help its distribution process.
Issue no. 329 - 23 January 2005
- EU - Commission approves new standard clauses for data transfers to non-EU countries
The European Commission has approved a new set of standard contractual clauses which businesses can use to ensure adequate safeguards when personal data is transferred from the EU to non-EU countries. The new clauses, submitted by a business coalition, will be added to those already available under the Commission's June 2001 decision. Use of standard contractual clauses offers companies and other organisations a straightforward means of complying with their obligation, under the 1995 EU Data Protection Directive, to ensure "adequate protection" for personal data transferred outside the EU. See Model Contracts for the transfer of personal data to third countries.
- EU - Proposal for a Regulation concerning the Visa Information System (VIS)
The European Commission has adopted a proposal for a Regulation concerning the Visa Information System (VIS) and the exchange of data between Member States on short-stay visas. The VIS will be a system for the exchange of visa data between Member States and thus primarily an instrument to support the common visa policy. The VIS shall be composed of a European central database, which will be connected to the national systems to enable consulates and other competent authorities of the Member States to enter and consult data on visa applications and the decisions taken thereto. The data to be processed in the VIS shall include alphanumeric data and photographs, but also fingerprint data of the applicants, to ensure exact verification and identification.
- UK Data protection fine for Special Constable
A Special Constable working for Dorset Police was fined £1,000 yesterday for using a police database to investigate people she knew, in breach of the UK's Data Protection Act.
Issue no. 326 - 5 December 2004
- EU - Rush vote European Parliament on biometrics
It is likely that the Council of European Justice and Home Affairs ministers will adopt a regulation on 3 December 2004, to fingerprint all EU citizens and residents, to take digital photographs of their faces and to store these data in a gigantic database of 450 million EU citizens. On 2 December the European Parliament adopted the proposal but introduced a large number of limitations. MEPs voted to limit the kinds of information to be stored on the passports, they voted against the storage of the data in a central database and in favour of giving Data Protection Authorities oversight over the process. But it is unlikely that the Council will take any of these amendments into consideration. Under the European Union's consultation procedure the Council can globally reject all of the Parliament's amendments. see also EU - biometrics in passports - EDRI Open Letter (EDRI) see also The Legality of the Regulation on EU Citizens' Passports (Statewatch) by Dr. Steve Peers, Professor of Law, University of Essex.
Issue no. 325 - 28 November 2004
- EU - European Parliament to rush through biometric passports?
The European Parliament has been asked by the Council of the European Union (the 25 EU governments) to use its 'urgency' procedure to rush through the measure on mandatory fingerprinting and biometric passports for all EU citizens at its plenary session next week (1-2 December). The Council's letter to the parliament making the request encloses the latest version of the draft proposal (Draft Regulation on biometric passports). The letter seeks to emphasise that the original proposal was sent to the parliament in February and that the Action Plan adopted on 25 March called for the measure to be adopted by the end of the year. The Council itself substantially changed the measure on 25 October (making facial images and finger-prints mandatory).
- EU - PRIME: privacy and identity management for Europe. a legal perspective
(Katholieke Universiteit Leuven)
by Anna Buchta. PRIME is a 4-year research project conducted within the European Union 6th Framework Programme. Its objective is to perform research and to develop practical solutions that would enable individuals to manage digital identities and to regain control over their personal data in cyberspace. PRIME focuses on solutions for privacy-enhancing identity management that support end-users' sovereignty over their privacy and privacy-compliant data processing by enterprises. The emphasis is put on legal context of anonymity and the need to balance the right to privacy with the needs of public security and law enforcement. see also Requirements - Part 1: Legal Requirements.
- ICC - Overseas data transfers
A report published by the International Chamber of Commerce (ICC) provides guidance on drafting and implementing company policies to provide a workable legal solution for the overseas transfer of personal data. These policies are called 'binding corporate rules' (BCRs). A number of companies are already using BCRs in their corporate operations worldwide, but uncertainty remains about their binding legal status in some jurisdictions. The ICC hopes its report will dispel such uncertainty.
- UK - ID card scheme unveiled by Queen
A bill to introduce a compulsory identity card scheme for the UK has been unveiled in the Queen's Speech. The home secretary believes identity cards will help tackle international terrorism, identity theft and help the work of the UK immigration services.
Issue no. 324 - 21 November 2004
- EU - Opinion on data retention
(Art 29 Working Party)
Opinion 9/2004 on a draft Framework Decision on the storage of data processed and retained for the purpose of providing electronic public communications services or data available in public communications networks with a view to the prevention, investigation, detection and prosecution of criminal acts, including terrorism. [Proposal presented by France, Ireland, Sweden and Great Britain (Document of the Council 8958/04 of 28 April 2004)] Adopted on 9th November 2004
- EU - US implementation of Safe Harbour privacy Principles
The implementation of Commission Decision 520/2000/EC on the adequate protection of personal data provided by the Safe Harbour privacy Principles and related Frequently Asked Questions issued by the US Department of Commerce. see also Safe Harbour Decision Implementation Study. EU: Transatlantischer Datenschutz bedarf der Verbesserung (Heise) von Monike Ermert
- Privacy International & EPIC Release Annual Global Privacy Study
A major international privacy report has concluded that governments across the world have substantially increased surveillance in the past year. The report warns that threats to personal privacy have reached a level that is dangerous to fundamental human rights. The 7th annual Privacy and Human Rights survey, published by Privacy International & the US based Electronic Privacy Information Center (EPIC) reviews the state of privacy in sixty countries and warns that invasions of privacy across the world has increased significantly in the past twelve months.
Issue no. 322 - 17 October 2004
- US - Bahamas Firm Screens Personal Data To Assess Risk
It began as one of the Bush administration's most ambitious homeland security efforts, known until recently as the second generation of the Computer Assisted Passenger Pre-screening Program, or CAPPS II, a passenger screening program designed to use commercial records, terrorist watch lists and computer software to assess millions of travelers and target those who might pose a threat. The system has cost almost $100 million. But it has not been turned on because it sparked protests from lawmakers and civil liberties advocates, who said it intruded too deeply into the lives of ordinary Americans. The Bush administration put off testing until after the election. Now a private company in the Bahamas plans to use some of the same concepts, technology and contractors to assess people for risk, outside the reach of U.S. regulators.
Issue no. 321 - 10 October 2004
- US - Q&A: Fingerprinting foreigners
As of 30 September, most foreign travellers entering the US will be subject to the requirements of what is called the US-Visit scheme. BBC News Online looks at the new procedures and explains how your experience of arriving and leaving the US is likely to change.
Issue no. 320 - 25 September 2004
- EU - Commission consultation on data retention 21.09.2004
The consultation from the European Commission on new EU plans for mandatory retention of telecom traffic data resulted in 65 answers, most of them negative about any regime of mandatory data retention. Two thirds of the answers came from industry (telephony and internet providers, both individual companies as well as associations) and almost one third from civil society, including the one from Privacy International and European Digital Rights signed by 90 civil rights organisations across Europe, the United States and other countries around the world. The results were presented during an open workshop in Brussels on 21 September 2004.
- IE - Privacy guidelines for Irish web sites
Ireland's Data Protection Commissioner has published Guidelines for the content and use of privacy statements on web sites to help businesses comply with the country's rules on data protection. It appears that Irish sites may find compliance easier than UK sites.
- US - Man arrested over GPS 'stalking'
A Californian man has been arrested for allegedly using global positioning system technology to stalk a former girlfriend. Ara Gabrielyan is said to have attached a mobile phone with the tracking system to the woman's car, allowing him to follow her movements.
Issue no. 318 - 5 September 2004
- EU - Consultation on traffic data retention
DG Information Society and DG Justice and Home Affairs have launched a public consultation on the issue of traffic data retention. They will also hold a public workshop on this matter on 21 September 2004, in Brussels. The intention is to identify and discuss existing data retention practices for both business and law enforcement purposes in the EU Member States, and to address the extent of the need for, and the possible characteristics of, an EU-wide regime of data retention for law enforcement purposes. Consultation document. The results of this consultation will be taken into account in the further development of the position of the Commission services in this area, including in relation to the proposal for a Council framework decision on data retention tabled by four Member States following the European Council Declaration on combating terrorism of 25 March 2004. The deadline for sending contributions is 15 September 2004.
- US - Strange Bedfellows in E-Mail Case
Civil liberties groups made common cause with the Justice Department, a traditional target of their lawsuits, by filing court papers supporting the government's appeal of a court ruling that said internet service providers are allowed to snoop on their customers. The friend of the court brief (PDF) argues the 1st Court of Appeal ruling 'rewrites the field of internet surveillance law in ways that no one in Congress ever imagined.' The brief was filed by the Center for Democracy and Technology, the Electronic Frontier Foundation and the American Library Association. The case centered on Bradford C. Councilman, an online bookseller who offered his customers free e-mail accounts and then sifted through e-mails from Amazon.com to his customers.
Index page see also Security and encryption
Links to news items about legal and regulatory aspects of Internet and the information society, particularly those relating to information content, and market and technology.
QuickLinks consists of
QuickLinks is edited by Richard Swetenham firstname.lastname@example.org
- a free newsletter appearing approximately once a week. The newsletter is distributed by electronic mail through an "announcement only" mailing list.
- a Web site with frequent updates, an events page, news items organised by category as well as chronologically by issue and full text search.
This work is licensed under a Creative Commons Licence.