The group of European data protection authorities has told Facebook in a letter that it is unacceptable that the company fundamentally changed the default settings on its social-networking platform to the detriment of a user. Facebook made the change only days after the company and other social networking sites providers participated at a hearing during the Article 29 Working Party's plenary meeting in November 2009. The Article 29 Working Party, which held its 75th plenary session in Brussels on May 10 and 11, 2010, sent letters to 20 social network operators that have signed the Safer Networking Principles for the EU. The Working Party emphasised the need for a default setting in which access to the profile information and information about the connections of a user is limited to self-selected contacts. Any further access, such as by search engines, should be an explicit choice of the user. The letters also address the issue of third-party applications Providers of social network services should grant users a maximum of control about which profile data can be accessed by a third party application on a case-by-case basis. see also Facebook’s open disdain for privacy and Facebook faces fresh privacy criticism (FT), Facebook Executive Answers Reader Questions (New York Times).
oogle has defended its privacy practices following a letter of complaint from data protection commissioners around the world. The original letter expressed concerns on privacy issues surrounding Google's social networking tool Buzz and its Street View service. In response Google said it was "committed to ensuring privacy is designed into our products". But it admitted that mistakes were made with the launch of Buzz.
European privacy regulators and advocates have reacted angrily to the disclosure by Google, the world’s largest search engine, that it had systematically collected private data since 2006 while compiling its Street View photo archive. After being pressed by European officials about the kind of data the company compiled in creating the archive — and what it did with that information — Google acknowledged that it had collected snippets of private data around the world. In a blog post on its Web site, the company said information had been recorded as it was sent over unencrypted residential wireless networks as Google’s Street View cars with mounted recording equipment passed by.
Issue no. 408 - 25 April 2010
- Apple’s Plans for iPhone Location Privacy
(New York Times)
When Apple gave a preview of the next version of the iPhone operating system, OS 4, it was great to hear about the new features that could help consumers cope with the privacy and security issues involving location-based services. To make it clearer just how often approved apps are collecting data about users’ physical whereabouts, Apple will display an arrow in the status bar at the top of the screen, right next to the battery-life indicator, whenever a user’s location is being tracked. Mr. Forstall said users would also get “fine-grained settings,” akin to those provided for choosing how notifications are delivered, that will let you disable or enable location data-gathering on an app-by-app basis.
- CA - Reaching for the Cloud(s): Privacy Issues related to Cloud Computing
(Office of the Privacy Commissioner of Canada)
A discussion document. The term "cloud computing" is seemingly omnipresent these days – it appears in media reports, in business literature, in technology literature. At the same time, the term is so nebulous that many consumers may not be fully aware of what cloud computing actually is.
- DE - German minister pens open letter to Mark Zuckerberg, threatens to quit Facebook
- Google Buzz Educates Teens About Privacy
Google has released a new video aimed at teens about making Google Buzz a safer experience. The video was released in conjunction with the new Buzz privacy reset. This new focus on privacy and privacy options comes amidst class-action lawsuits and a request for FTC investigation regarding the service’s launch and explanation to consumers. Although aimed at teens, the tips are good for anyone using Buzz to keep in mind.
- Google rapped over privacy issues by 10 nations
Canada's Privacy Commissioner Jennifer Stoddart has sent an open letter to Google Chief Executive Eric Schmidt. The letter raises concerns about privacy issues surrounding social network tool Google Buzz and Google Street View. It calls for Google to adhere to a set of "fundamental privacy principles" when creating new services in future. Ms Stoddart's counterparts in nine other countries, France, Germany, Ireland, Israel, Italy, the Netherlands, New Zealand, Spain and the UK., have signed it too.
- Google rolls out privacy reset for Buzz social network
Google has said that it will begin to roll out a privacy reset for its controversial social network Buzz. The search giant will ask all its users to confirm or change their privacy settings, starting on 5 April. The firm was forced to make a series of changes to Buzz just days after launch, following a backlash from users worried about privacy intrusions. The latest tweaks will also show every aspect of a user's profile, from public settings to the websites users are connected to, and who they are following or being followed by.
- Privacy and Control
(Schneier on Security)
In January, Facebook Chief Executive, Mark Zuckerberg, declared the age of privacy to be over. A month earlier, Google Chief Eric Schmidt expressed a similar sentiment. Add Scott McNealy's and Larry Ellison's comments from a few years earlier, and you've got a whole lot of tech CEOs proclaiming the death of privacy - especially when it comes to young people. It's just not true. People, including the younger generation, still care about privacy.
- Privacy issues? Google engineers leaving Facebook in droves
There are concerns that Facebook, by default, now opts you in to allowing third party sites like Yelp to ‘personalise’ your experience, and there are questions about how much information is given away. The result is that lots of geeks are considering leaving Facebook, and perhaps even more interestingly, veritable droves of Google software engineers are among them. see also How to Opt-Out of Facebook’s Instant Personalization (New York Times).
- US - FTC seeks comments on Children's Online Privacy Protections
the Federal Trade Commission is seeking public comment on the costs and benefits of an FTC rule designed to protect children online. The FTC's Children's Online Privacy Protection Act (COPPA) Rule became effective on April 21, 2000. COPPA imposes requirements on operators of Web sites or online services that are aimed at children under 13 years of age, or that knowingly collect personal information from children under 13. Among other things, the Rule requires that online operators notify parents and get their permission before collecting, using, or disclosing personal information from children. It also requires that the operators keep the information they collect from children secure, and prohibits them from requiring children to turn over any more personal information than is reasonably necessary to participate in activities on their Web sites. In 2005, the FTC initiated a congressionally required review of the Rule, and after considering extensive public comment decided to retain it without change. However, the Commission believes that changes to the online environment over the past five years, including children's increasing use of mobile technology to access the Internet, warrant reexamining the Rule.
Issue no. 407 - 28 March 2010
- EU - ECJ: Data Protection Authorities must be completely independent
A European Court of Justice (ECJ) decision in the case of the European Commission vs. Germany rules that the Data Protection Authorities (DPAs) established in accordance with the Data Protection Directive 95/46 needs to be completely independent. In this case the German regional DPAs were considered as not independent, since they are part of the regional administration and subject to State scrutiny. Labels: Data protection / privacy
- EU - Google Street View May Breach EU Law, Officials Say
by Stephanie Bodoni. Google Inc.'s Street View may break European Union privacy laws, according to data-protection regulators who say the mapping service stores images for too long. The EU's privacy watchdog said in a letter to Google that "it is disproportionate to retain unblurred copies of the images for one year," and urged the company to cut the period to six months. Street View, which offers photos of roads and intersections, was introduced in early 2007 in the U.S. and is being rolled out across Europe.
- EU - Privacy advisor calls for 'privacy by design' laws
Data protection laws should change to force people creating new technologies to design privacy features into them, the EU's data protection advisor has said. European Data Protection Supervisor (EDPS) Peter Hustinx has told the European Commission that the law should change, and be applied to three areas of technology development as a priority. These are social media, RFID and targeted advertising. The EDPS has adopted an opinion and submitted it to the Commission, which is developing a 'digital agenda' to guide its government of emerging and existing technologies.
- EU Data Protection Supervisor Warns Against ACTA, Calls 3 Strikes Disproportionate
Peter Hustinx, the European Data Protection Supervisor, has issued a 20-page opinion expressing concern about ACTA. The opinion focuses on three key issues: three strikes legislation, cross-border data sharing as part of enforcement initiatives, and transparency. Although the EDPS acknowledges the importance of enforcing intellectual property rights, he takes the view that a three strikes Internet disconnection policy constitutes a disproportionate measure. It can be questioned whether data transfers to third countries in the context of ACTA are legitimate. The principles of necessity and proportionality of the data transfers under ACTA would be more easily met if the agreement was expressly limited to fighting the most serious IPR infringement offences, instead of allowing for bulk data transfers relating to any suspicions of IPR infringements. The EDPS strongly encourages the European Commission to establish a public and transparent dialogue on ACTA, possibly by means of a public consultation.
- Google Buzz & kids' privacy
Because Buzz is brand-new and a hybrid of Gmail, micro-blogging, cellphone social mapping, and social networking, we're all at the early stages of figuring out its implications for kids - a lot of whom use Gmail. Charlene Li, a mom and well-known social-media-industry analyst, blogged that she had discovered her 9-year-old daughter was using and really enjoying Buzz. The child had had one conversation on it with her friends. The problem was that the kids didn't know their conversation was public.
- MySpace jumps into bulk data sales
MySpace has taken a bold step and put a large quantity of bulk user data up for sale on startup data marketplace InfoChimps. Data offered includes user playlists, mood updates, mobile updates, photos, vents, reviews, blog posts, names and zipcodes. Friend lists are not included. This user data is intended for crunching by everyone from academic researchers to music industry information scientists. The 22 sets of data being made available are cheap. Prices range from $10 for raw dumps from the MySpace API to $300 for everything broken out by latitude and longitude. Subsequently derived data sets can be put on sale by InfoChimps users as well, with a revenue split.
- Privacy is Not Dead, Just Evolving
Danah Boyd, a social media expert for Microsoft Research, presented a keynote speech Making Sense of Privacy and Publicity at the South by Southwest Interactive (SXSWi) festival in Austin spotlighting the fate of privacy. Boyd was clear that she does not feel privacy is dead. Contrary to Facebook CEO Mark Zuckerberg's claim, people do still care about privacy. As one blog summed up her speech "Boyd says that privacy is not dead, but that a big part of our notion of privacy relates to maintaining control over our content, and that when we don't have control, we feel that our privacy has been violated."
- Redrawing the Route to Online Privacy
(New York Times)
olicy and privacy experts agree that the relentless rise of Internet data harvesting has overrun the old approach of using lengthy written notices to safeguard privacy. These statements are rarely read, are often confusing and can't hope to capture the complexity of modern data-handling practices. As a result, experts say, consumers typically have little meaningful choice about the online use of their personal information - whether their birth dates, addresses, credit card numbers or Web-browsing habits.
Issue no. 406 - 21 February 2010
- An engineer's perspective on privacy
(European Public Policy Blog)
Ever wondered what data Google's search engine collects and why we retain search logs for certain periods of time? Here's a hint: it's not to personalise advertising as many people wrongly assume. Our first ever Brussels Tech Talk was about this and other questions on online privacy, given that it was Data Protection Day. Dr Alma Whitten, Google's engineering lead for privacy, addressed a full room of policy makers and other interested stakeholders. Alma demonstrated how we harness the power of data to "learn from the good guys, fight the bad guys, and invent the future." You can watch the video of the talk, and follow along with her presentation.
- CA - Privacy Commissioner launches public consultations on emerging technologies
The Privacy Commissioner of Canada announced an upcoming consultation with Canadians on privacy issues related to the online tracking, profiling and targeting of consumers by marketers and other businesses. This will be the first in a series of public consultations focused on emerging technological trends that are likely to have a significant impact on the privacy of Canadians. A second consultation on the privacy issues emerging from the growing movement toward cloud computing will be announced in the near future.
- EU - Commission launches legal action against Italy over databases for telemarketing purposes
The European Commission has taken legal action against Italy for not respecting EU ePrivacy rules. According to EU law, subscribers who are included in a public subscriber directory must be informed about the objectives of the directory and consent to the use of their personal data contained therein for marketing purposes. As Italy failed to comply with this obligation, the Commission decided to send a letter of formal notice (the first step of an infringement proceeding).
- EU - Privacy: the challenges ahead for the European Union
Keynote Speech at the Data Protection Day by Viviane Reding, Member of the European Commission responsible for Information Society and Media, 28 January 2010, European Parliament, Brussels. See also Press Release
- European Swift bank data ban angers US
The European Parliament has blocked a key agreement that allows the United States to monitor Europeans' bank transactions - angering Washington. The US called the decision a "setback for EU-US counter-terror co-operation". The vote was a rebuff to intensive US lobbying for EU help in counter-terrorism investigations. EU governments had negotiated a nine-month deal which would have allowed the US to continue accessing the Swift money transfer system.
- Google Alters Buzz to Tackle Privacy Flaws
(New York Times)
Google moved quickly to contain a firestorm of criticism over Buzz, its new social network, taking the unusual step of announcing changes to the product over the weekend to address privacy problems. Google has decided to alter one of the most vehemently criticized features in Buzz: the ready-made circle of friends that Buzz gives new users based on their most frequent e-mail and chat contacts. Now, instead of automatically connecting people, Buzz merely suggests to new users a group of people that they may want to follow or want to be followed by. See also HOW TO: Integrate Facebook, Twitter, and Buzz into Your Gmail (Mashable), Buzz or Bust by Leslie Harris, President and CEO of the Center for Democracy & Technology, Google boss says 'nobody was harmed' by Buzz debacle (Guardian) and Google facing lawsuit over Buzz privacy in federal court (Ars Technica).
- Google publishes privacy principles
(Google Public Policy blog)
Known as Data Privacy Day in North America and Data Protection Day in Europe, 28 January is meant to increase public awareness about privacy in the information age. To mark this occasion, on the Official Google Blog we've unveiled our Privacy Principles, which guide the decisions we make as we create products and services that offer transparency and control.
- The 3 Facebook Settings Every User Should Check Now
by Sarah Perez. In December, Facebook made a series of bold and controversial changes regarding the nature of its users' privacy on the social networking site. Those of you who edited your privacy settings prior to December's change have nothing to worry about - that is, assuming you elected to keep your personalized settings when prompted by Facebook's "transition tool." The tool, a dialog box explaining the changes, appeared at the top of Facebook homepages this past month with its own selection of recommended settings. Unfortunately, most Facebook users likely opted for the recommended settings without really understanding what they were agreeing to. If you did so, you may now be surprised to find that you inadvertently gave Facebook the right to publicize your private information including status updates, photos, and shared links.
- UK - Teachers complain of 'e-spying'
Teaching unions are complaining that e-safety software is increasingly being used to keep track of their members. They say thousands of teachers are having their every mouse-click monitored, eroding trust. So-called spyware has increasingly been adopted by schools to tackle cyber-bullying and to stop pupils accessing unsuitable websites. Such software can record online activity by individuals, including web pages visited and messages sent. Leader of the NASUWT teachers' union Chris Keates says monitoring of teachers' computer use is common - and a symptom of "a growing culture of surveillance".
Issue no. 405 - 24 January 2010
- Facebook's Zuckerberg Says The Age of Privacy is Over
Facebook founder Mark Zuckerberg told a live audience that if he were to create Facebook again today, user information would by default be public, not private as it was for years until the company changed dramatically in December. In a six-minute interview on stage with TechCrunch founder Michael Arrington, Zuckerberg spent 60 seconds talking about Facebook's privacy policies. His statements were of major importance for the world's largest social network - and his arguments in favor of an about-face on privacy deserve close scrutiny. Zuckerberg offered roughly 8 sentences in response to Arrington's question about where privacy was going on Facebook and around the web. The question was referencing the changes Facebook underwent last month. Your name, profile picture, gender, current city, networks, Friends List, and all the pages you subscribe to are now publicly available information on Facebook. This means everyone on the web can see it; it is searchable. Labels: Social_networking.htm">Social_networking
- FR - France ponders right-to-forget law
Social networking websites have ensured that everyone who has an opinion can put it out in the public domain. The impact of all those online revelations has made France consider the length of time that personal information should remain available in the public arena. A proposed law in the country would give net users the option to have old data about themselves deleted. This right-to-forget would force online and mobile firms to dispose of e-mails and text messages after an agreed length of time or on the request of the individual concerned.
- UK - Government confirms £500,000 fines for worst data protection offenders
Organisations responsible for major breaches of personal information security will face fines up to £500,000 from 6th April this year. The long-awaited penalties for serious data protection breaches have been approved by the Government. see Draft Order laid before Parliament The Data Protection (Monetary Penalties) Order 2010 and statutory guidance from Information Commissioner's Office.
Issue no. 404 - 21 December 2009
- An Open Letter from Facebook Founder Mark Zuckerberg
Facebook's current privacy model revolves around "networks" - communities for your school, your company or your region. The plan we've come up with is to remove regional networks completely and create a simpler model for privacy control where you can set content to be available to only your friends, friends of your friends, or everyone. We're adding the ability to control who sees each individual piece of content you create or upload. In addition, we'll also be fulfilling a request made by many of you to make the privacy settings page simpler by combining some settings.
- Being online: identity, anonymity, and all things in between
by Andy Oram. Social networking is the Internet phenomenon of the year and deserves an end-of-the-year profile. In a recent 19-month period, Facebook rose from 75 million to 300 million members, and Twitter has gone from perhaps 1.3 million users (depending on how you count them) to an estimated 18 million. Before the end of the year, I'll post eight related entries that add up to a treatise titled "Being online: identity, anonymity, and all things in between:"
- DE -StudiVZ adds support for 3rd party apps - user privacy is paramount
Facebook's German clone StudiVZ follows the US social network's most successful move by adding support for third-party applications. The 15.7m users of StudiVZ and its siblings MeinVZ and SchülerVZ can now play games from Plinga or Wooga, sing online Karaoke with Mikestar or order Italian food from Pizza.de. CEO Markus Berger-de León has applied tight security policies to third-party apps to avoid the type of scams that TechCrunch recently dug up on Facebook and MySpace. German online privacy laws are among the strictest in the world, even Google Analytics is in danger of being banned in our country. To address this, VZ-Netzwerke works with so-called "business cards": For every app, users have to complete a form with the information they want to share. False names and incomplete data are also possible.
- Facebook gives users more control of privacy
- Yahoo! Introduces Ad Interest Manager
Yahoo! has released a beta version of a new consumer tool called Ad Interest Manager, which takes transparency in online advertising to a new level for building user trust. Ad Interest Manager http://privacy.yahoo.com/aim is a central place where Yahoo! visitors can see a concise summary of their online activity and make easy, constructive choices about their exposure to interest-based advertising served from the Yahoo! Ad Network.
Links to news items about legal and regulatory aspects of Internet and the information society, particularly those relating to information content, and market and technology.
QuickLinks consists of
- a free newsletter appearing approximately every two to three weeks. The newsletter is distributed by electronic mail through an "announcement only" mailing list.
- a Web site with frequent updates, an events page, news items organised by category as well as chronologically by issue and full text search.
This work is licensed under a Creative Commons Licence.