QuickLinks - Data Protection (privacy)
QuickLinks - Data Protection (privacy)
Issue no. 377 - 5 July 2007
- EU - Police will share data across Europe against privacy chief's advice
The Council of Ministers agreed the new deal at a meeting of justice and home office ministers this week. It will open up police databases, including DNA databases, to queries from all other EU nations. The deal has been agreed against the advice of the European Data Protection Supervisor (EDPS), whose role is to advise Europe's governing bodies on privacy and data protection issues.
- EU / USA - Final agreements on PNR and SWIFT
After a long and difficult period of negotiations, on 28-29 June 2007, final agreements were reached between EU and USA on the data regarding European financial transactions operated by Belgian consortium SWIFT and on the passenger name records (PNR) issue respectively. Regarding the access to financial data from SWIFT, the US has committed to use any data received from SWIFT exclusively for counter-terrorism purposes, the data retention period being of 5 years. An "agreement was reached on the substance of the new Passenger Name Records (PNR) system, with only technical details and EU national parliaments' opinion still to be resolved".
- OECD - Net growth prompts privacy update
The world's leading industrialised nations have been forced to update privacy laws made obsolete by the huge volume of data moving around the net. Of particular concern to the 30 OECD states was the increasing amount of personal data flowing between nations. These cross-border torrents made it tricky to prevent unlawful use of people's data and for authorities to enforce existing laws, the OECD said. The newly adopted recommendations update a 27-year-old agreement. The 1980 guidelines laid the foundations of privacy laws amongst OECD states but did not account for the internet age, with instant access to global information. OECD Recommendation on Cross-border Co-operation in the Enforcement of Laws Protecting Privacy.
Issue no. 376 - 10 June 2007
- A Race to the Bottom - Privacy Ranking of Internet Service Companies
This report has been prepared by Privacy International following a six-month investigation into the privacy practices of key Internet based companies. The ranking lists the best and the worst performers both in Web 1.0 and Web 2.0 across the full spectrum of search, email, e-commerce and social networking sites. The analysis employs a methodology comprising around twenty core parameters. We rank the major Internet players but we also discuss examples of best and worst privacy practice among smaller companies. Interim Rankings. See also An Open Letter to Google.
- Anger over DRM-free iTunes tracks
The launch of music tracks free of digital locks on iTunes has been overshadowed by the discovery that they contain data about who bought them. Some fear this data could be used to identify the owner of the tracks if they turn up on file-sharing sites.
- EU - Data protection watchdogs letter to Google goes public
A letter from an influential group of privacy experts in Europe saying that Google's new privacy policies appear to breach the requirements of the EU's data protection regime was published today. The letter is from the Article 29 Working Party, an independent European advisory body on data protection and privacy.
- EU - Promoting Data Protection by Privacy Enhancing Technologies (PETs)
The Commission has adopted a Communication with the purpose of identifying the benefits of Privacy Enhancing Technologies (PETs) and laying down the Commission's objectives in this field, to be achieved by a number of specific actions supporting the development of PETs and their use by data controllers and consumers. see also Privacy Enhancing Technologies (PETs) MEMO and Edri-gram article.
- Google may use games to analyse net users
Internet giant Google has drawn up plans to compile psychological profiles of millions of web users by covertly monitoring the way they play online games. The company thinks it can glean information about an individual's preferences and personality type by tracking their online behaviour, which could then be sold to advertisers. Details such as whether a person is more likely to be aggressive, hostile or dishonest could be obtained and stored for future use.
- New software can identify you from your online habits
If you thought you could protect your privacy on the web by lying about your personal details, think again. In online communities at least, entering fake details such as a bogus name or age may no longer prevent others from working out exactly who you are. That is the spectre raised by new research conducted by Microsoft. The computing giant is developing software that could accurately guess your name, age, gender and potentially even your location, by analysing telltale patterns in your web browsing history. But experts say the idea is a clear threat to privacy - and may be illegal in some places.
- US - MySpace to provide sex offender data to state AGs
MySpace.com unveiled a plan for cooperating with requests from state attorneys general for data pertaining to registered sex offenders. MySpace will provide the Multi-State Attorney General Executive Committee with data from Sentinel Safe, the database of information on registered sex offenders that the company has compiled through its partnership with identity verification firm Sentinel Tech Holding.
Issue no. 375 - 9 May 2007
- EU - Privacy watchdog slams sharing of police data
Europe's privacy watchdog has expressed 'grave concern' about a proposal to share personal information between police forces across Europe, calling it a 'lowest common denominator approach that would hinder the fundamental rights of EU citizens'. Peter Hustinx, the European Data Protection Supervisor (EDPS), issued his opinion on a proposal put forward in January by the German Presidency of the EU. The German plan is a revision of a long-running proposal for sharing data between European police forces.
- FR - French Government Decree on data retention - another Big Brother act
The French Government, during this election period, is preparing a decree for the application of the law on the confidence in the numerical economy (LCEN) of 21 June 2004, which requires webmasters, hosting companies, fixed and mobile telephony operators and Internet service providers to retain all information and on Internet users and telephone subscribers and to deliver it to the police or the State at a simple request.
- FR - Le décret qui inquiète l´Internet français
Le gouvernement veut imposer à tous les éditeurs de contenu en ligne, aux FAI et aux hébergeurs de conserver les traces des internautes passant sur leurs sites. Le Net français s'indigne. Apparemment sans fin, le feuilleton de l'instauration de mesures destinées à surveiller les réseaux vient de connaître un nouveau rebondissement. La publication d'une version« de travail » d'un décret d'application de la loi LCEN de juin 2004 (Loi pour la confiance dans l'économie numérique) a en effet soulevé une vague de protestations, tant de la part des professionnels du Net que de l'association de défense des libertés IRIS (Imaginons un réseau Internet solidaire). voir aussi Conservation des données d'identification et de connexion : toujours plus et plus longtemps (IRIS).
- UK - Private investigators fined for data 'blagging' from DWP
A firm of private investigators has found itself on the wrong side of the law after pleading guilty to unlawfully obtaining data from the Department for Work and Pensions (DWP). The company, Infofind, "blagged" information on 250 individuals from the government unit in an attempt to trace debtors, in order to sell the details on to a finance business.
Issue no. 374 - 1 April 2007
- EU - follow-up on implementation of Data Protection Directive
Communication on the follow-up of the Work Programme for better implementation of the Data Protection Directive Protection Directive COM(2007) 87.
- EU - Public to shape smart tag policy
European citizens are getting the chance to shape policy on smart tags. The European Commission is setting up a group made up of citizens, scientists, data protection experts and businesses to discuss how the tags should be used. Radio Frequency Identification (RFID) tags store data about the objects they are attached to, and are already used by some firms and supermarkets.
- EU - RFID chips will force changes to Privacy and Electronic Communications Directive
The European Commission will make changes to the Privacy and Electronic Communications Directive to take account of the exploding market in radio frequency identification (RFID) chips, it has said. Amendments will be proposed by the middle of this year. The Commission has published a Communication, intended as 'a step towards a policy framework,' for dealing with RFID chips, whose usefulness is seen by some to be at odds with privacy and data protection.
- Privacy bodies back Google step
Privacy bodies have welcomed Google's decision to anonymise personal data it receives from users' web searches. The firm previously held information about searches for an indefinite period but will now anonymise it after 18 to 24 months.
Issue no. 373 - 11 March 2007
- US - Justice Department takes aim at image-sharing sites
by Declan McCullagh. The Bush administration has proposed that Web sites keep records of who uploads photographs or videos in case police determine the content is illegal and choose to investigate. That proposal surfaced in a private meeting during which U.S. Department of Justice officials tried to convince industry representatives such as AOL and Comcast that data retention would be valuable in investigating terrorism, child pornography and other crimes. A second purpose of the meeting was to ask Internet service providers how much it would cost to record details on their subscribers for two years.
Issue no. 372 - 25 February 2007
- EU - Governments' plan to track phone and Net use
(International Herald Tribune)
European governments are preparing legislation to require companies to keep detailed data about people's Internet and phone use that goes beyond what the countries will be required to do under a European Union directive.
- EU / CoE - Data Protection Day
Statement from Vice-President Frattini, on behalf of the European Commission, on the occasion of Data Protection Day (28 January). Data protection issues affect everyone, but are not always well understood. That is why I welcome and support the Council of Europe's initiative to raise the profile of data protection by declaring 28 January 2007 'Data Protection Day', date of signature of the Convention 108 regulating the processing of personal data.
- EU concern at US data transfers
Euro MPs have expressed concern at the way the US is gathering information from EU citizens that may be used in identifying terrorism suspects. The EU justice commissioner told MEPs that banks in several EU countries were unaware details of transactions were going to the US treasury. Franco Frattini also said negotiations over a new EU-US deal on air passenger data would be "a real challenge". The US has had access to data about European air passengers since 2004.
Issue no. 371 - 28 January 2007
- 2007-01-28 CoE Data Protection Day
An initiative of the Council of Europe with the support of the European Commission. A 2003 Eurobarometer survey on the protection of privacy in the European Union showed that 70% of European citizens feel they know little about what is done in their country to protect their personal data. In 2007, for the first time, the Council of Europe will be celebrating a Data Protection Day on 28 January. This will be the occasion for European citizens to become more aware of personal data protection and of what their rights and responsibilities are in that regard.
- EU - Data protection and transfer of PNR data
Franco Frattini, European Commissioner responsible for Justice, Freedom and Security, European Parliament, Strasbourg, 13 December 2006.
- UK - Giant ID computer plan scrapped
The UK government has abandoned plans for a giant new computer system to run the national identity cards scheme. Instead of a single multi-billion pound system, information will be held on three existing, separate databases. see also UK - Government drops iris scan plan (OUT-LAW News) Iris scans will not form part of the UK Government's planned identity card system the National Identity Register (NIR). The only biometric information to be held on ID cards will now be fingerprints, in contrast to previously stated plans.
- UK - What price privacy now?
Richard Thomas, Information Commissioner, is repeating his call for a two year jail term to deter those convicted of trading unlawfully in personal information. The report What price privacy now? reflects the six months progress made since his initial report What price privacy? was published in May 2006.
Issue no. 370 - 3 December 2006
- DE - Court says customers can order deletion of IP logs
The Supreme Court in Germany has ruled that internet service providers (ISPs) must delete all customer logs when asked to by a user. The decision threatens to undermine entertainment industry and law enforcement attempts to urge ISPs to keep records.
- EU - Ombudsman and Data Protection Supervisor sign Memorandum of Understanding
The European Ombudsman (EO), P. Nikiforos Diamandouros, and the European Data Protection Supervisor (EDPS), Peter Hustinx, today signed a Memorandum of Understanding in Brussels. The purpose of the agreement is to ensure the consistent treatment of complaints concerning data protection and to avoid unnecessary duplication.
- Privacy chiefs vow to fight surveillance together
A group of international data and privacy protection commissioners has decided to act together to challenge the surveillance society which they claim is developing. Commissioners from the UK, France, Germany and New Zealand will adopt common policies. At the annual Conference of Data Protection and Information Commissioners, held in London, a joint set of objectives was adopted by the international commissioners aimed at tackling what they see as a growing international issue of constant citizen surveillance.
- UK - Database details 'harm children'
Serious dangers exist from the growth of government databases on children, a report has said. The Foundation for Information Policy Research (FIPR) said guidelines ignored family values and privacy. The study was carried out for the Information Commissioner's Office (ICO) which said the details on databases need to be 'looked at carefully'.
Issue no. 369 - 5 November 2006
- EU - Radio tags spark privacy worries
A perceived threat to privacy posed by radio tags has emerged as the main fear in an EU study of the technology. Unveiling the study, EU commissioner Viviane Reding said citizens needed re-assuring that radio tags would not lead to large-scale surveillance. Many of those contributing to the EU study also wanted the radio frequency ID tags to be turned off if needed. Ms Reding said she was ready to draft new laws to control how the radio frequency tags could be used.
- EU - RFID: Why we need a European policy
Speech by Viviane Reding, Member of the European Commission responsible for Information Society and Media. EU RFID 2006 Conference: Heading for the Future, Brussels, 16 October 2006. see also Radio Frequency Identification Devices (RFID): Frequently Asked Questions on the Commission's Public onsultation.
- How to hide in a connected world
As we enter a more connected world, where devices talk to each other and make sense of the masses of data we create, the issue of how much control we have over this process becomes more important.
- IGF - Dynamic Coalition on Privacy launched at Athens
At the Internet Governance Forum (IGF), a diverse group of stakeholders has agreed to launch a Dynamic Coalition on Privacy, which will address emerging issues of internet privacy protection such as digital identities, the link between privacy and development, and the importance of privacy and anonymity for freedom of expression. It will initiate an open process to further develop and clarify the public policy aspects of privacy in internet governance in the perspective of the next IGF meeting in Brazil in 2007.
- Most countries issue passports with radio tags
Despite security and privacy concerns, all but three of the countries required by the U.S. to issue passports with radio tags are now doing so, the Department of Homeland Security said Thursday. Except for Andorra, Brunei and Liechtenstein, all of the 27 countries whose citizens can travel to the U.S. without a visa are now issuing "e-Passports," the department said in a statement. The passports include a radio frequency identification, or RFID, chip with the holder's information and a biometric identifier, such as a digital photograph.
- UK - Britain is 'surveillance society'
Fears that the UK would 'sleep-walk into a surveillance society' have become a reality, the government's information commissioner has said. Richard Thomas, who said he raised concerns two years ago, spoke after research found people's actions were increasingly being monitored. "
Issue no. 368 - 15 October 2006
- Passenger data deal for US and EU
The US and the European Union have struck a new deal for sharing airline passenger data. The new interim agreement will replace a deal struck down by the European Court of Justice in May. EU officials described the deal, as a "very important result" for the EU.
- US - Class action suit over ID theft tossed out
A federal judge has thrown out a class action lawsuit against Acxiom, which exposed massive amounts of Americans' personal information in a high-profile Internet security snafu three years ago. Even though a spammer had downloaded more than one billion records from the company, U.S. District Judge William Wilson ruled that there was no evidence that Acxiom's purloined database had been used to send junk e-mail or postal mail.
Issue no. 367 - 23 September 2006
- EU - ICC hopes to makes data transfer out of EU simpler
The International Chamber of Commerce has produced a standardised application form that can be used to seek permission from all 25 EU countries to send personal information from within the EU to outside it. It awaits approval by EU data protection authority the EC Article 29 Data Protection Working Party. The form relates to Binding Corporate Rules (BCRs), agreements which companies can enter into to control the passing of personal information from within Europe to out with it.
- EU - Ireland brings case against data retention to Europe
The Irish government has filed its case against the European Union's data retention directive in the European Court of Justice. Although it backs the principles of data retention, Ireland submits that the choice of Article 95 of the Treaty establishing the European Community as the legal basis for the Directive is fundamentally flawed.
- EU - Terrorism must not mean privacy breaches, says EU data guru
The EU's data protection head has hit out at claims that privacy advocates are blocking governments' attempts to pass so-called anti-terror legislation. The EU Data Protection Supervisor (EDPS) Peter Hustinx said effective legislation cannot exist without data protection controls. Including such measures in new laws can only improve them by introducing safeguards to make sure only the right individuals can access sensitive details, added Hustinx. Hustinx said in a statement: 'It is a misconception that protection of privacy and personal data holds back the fight against terrorism and organised crime.' see EU and the right to privacy: EDPS on mid-term state of play.
- Follow you, follow me
GPS tracking can be used to stay in touch with friends, or more sinister purposes such as spying on a spouse. Ronan Fitzgerald examines the potential for abuse.
- FR - La Cnil condamne le Crédit Lyonnais à 45.000 euros
Pour la première fois, la Commission nationale de l'informatique et des libertés a eu recours aux pouvoirs de sanction dont elle dispose depuis 2004, à l'encontre des entreprises ou autre entité violant la loi informatique et libertés. Le 28 juin, elle a prononcé une amende de 45.000 euros contre Le Crédit Lyonnais ( LCL) pour sanctionner une «entrave à l'action de la Commission» et l'«inscription abusive» de plusieurs clients dans un fichier central de la Banque de France.
- US - Social networking site fined $1m for gathering children's data
A social networking website, Xanga , has agreed to pay a $1 million fine to settle with the Federal Trade Commission in the US over allegations that it collected, used and disclosed personal details of children under 13, an offence under the Children's Online Privacy Protection Act (COPPA).
Issue no. 366 - 3 September 2006
- AOL executive leaves after breach
One of AOL's top executives has left the internet firm soon after a privacy breach in which the search queries of 650,000 subscribers were released. AOL apologised for accidentally giving details of 20 million search queries by US customers earlier this month, admitting the breach was a 'screw-up'. see also Heads Roll in AOL Affair (Reuters) and They know all about you (Guardian) .
- AT&T hack exposes 19,000 identities of customers
AT&T said hackers broke into one of its computer systems and accessed personal data on thousands of customers who used its online store. The information that was illegally accessed includes credit card numbers, AT&T said in a statement. The cyberattack affects about 19,000 customers who purchased equipment for high-speed DSL Internet connections through AT&T's Web site.
- US - Verizon gaffe lets cell phone customer details slip
Verizon Wireless has accidentally distributed a file with limited details on more than 5,000 customers outside the company, potentially giving identity thieves a toehold. The spreadsheet file was e-mailed on Monday and includes names, e-mail addresses, cell phone numbers and cell phone models of 5,210 Verizon Wireless customers. All of the customers have Motorola Razr phones.
Issue no. 365 - 15 August 2006
- AOL apologizes for release of user search data
AOL has apologized for releasing search log data on subscribers that had been intended for use with the company's newly launched research site. The randomly selected data, which focused on 658,000 subscribers, was among the tools intended for use on the recently launched AOL Research site. But the Internet giant has since removed the search logs from public view. see also AOL's disturbing glimpse into users' lives. EFF complaint to FTC.
- IE - Call for end to alleged surveillance by Gardai
Lobby group Digital Rights Ireland (DRI) has instructed its solicitors to prepare legal action if the Government does not discontinue its alleged breach of the constitutional rights of Irish citizens. DRI has alleged that the Irish police are engaging in collecting, storing and accessing the personal private information of every Irish citizen with a mobile phone.
- UK - Voicemail hacking 'rife at tabloids'
Former Daily Mirror journalist James Hipwell says voicemail hacking has long been widespread at tabloid newspapers. This technique, long a dirty secret of tabloid newspaper journalism, has come to light this week after the News of the World royal editor, Clive Goodman, and another man were charged with intercepting phone messages.
Index page see also Security and encryption
Links to news items about legal and regulatory aspects of Internet and the information society, particularly those relating to information content, and market and technology.
QuickLinks consists of
QuickLinks is edited by Richard Swetenham firstname.lastname@example.org
- a free newsletter appearing approximately every two to three weeks. The newsletter is distributed by electronic mail through an "announcement only" mailing list.
- a Web site with frequent updates, an events page, news items organised by category as well as chronologically by issue and full text search.
This work is licensed under a Creative Commons Licence.