An excellent appraisal of the APEC Privacy Framework against the EU Data Protection Directive by Dr Chris Pounder at out-law.com.
Month: April 2010
The U.S. Electronic Communications Privacy Act of 1986 due for overhaul thinks Microsoft
Interesting development concerning the Electronic Communications Privacy Act of 1986, again following on from one of Jack’s twitters 🙂
Big companies such as Microsoft and AT&T and advocacy groups from different parts of the political spectrum have joined forces in the newly formed Digital Due Process coalition intent on strengthening online privacy and to lobby the government on this. Other members include the left-leaning Electronic Frontier Foundation and American Civil Liberties Union as well as the libertarian Progress and Freedom Foundation and Competitive Enterprise Institute.
U.S. privacy laws in a cloud
Jack’s been twittering a lot about cloud computing and privacy laws that are lacking in the U.S. InfoWorld report that:
-
“The fact of the matter is that the United States has not updated its privacy laws since 1986. With the rapid rise of cloud computing and the fact that more and more sensitive data will be stored off-premise, many believe it’s high time to revisit those rules to accommodate today’s reality.”
Well it’s good to know that the U.S. has some privacy laws 😉
Joking aside, they do have sectoral laws, and vertical specific, such as for healthcare and finance for example, but their privacy laws are in no way as far reaching as those enacted in the E.U. member states that gives the data subject rights to know ‘what is being stored on them, what it’s being used for’ along with the right ‘to contest integrity of personal data stored on them’. As the article states the U.S. has some way to go in updating their privacy laws!
Agreement on CCTV surveillance
The Swedish Data Inspection Board has agreed to new industry regulations regarding CCTV surveillance in apartment buildings (link in Swedish).
The board had previously declared that CCTV surveillance was not allowed in public areas of apartment buildings. This because of the possibility to monitor habits and daily life of the tenants and their acquaintances. This in turn led to the new regulations now published.
The regulations only allow CCTV monitoring the public areas of a building, not the apartments themselves. It also states that areas that are necessary to pass to get in and out of the apartments are not to be monitored except in very special cases. Examples of such case is if an area has been the haunt of persons which frequently act violent and threatening, or are stealing or causing severe damage to the property.
CCTV in areas not frequently accessed, such as storage areas or similar, are not to be considered a violation of the personal integrity. Therefore it will be easier to get a permit for CCTV surveillance for these.
It is stated that the time for surveillance shall be kept to a minimum in all cases. This means for instance that if vandalism occurs during a specific period of time, the monitoring shall be limited to that time period.
It is an pretty well formulated directive regarding CCTV in public places. But of course we will have to wait and see how it will be used in practice. Also, there is no direct proof regarding CCTV will stop crime. The proof that exists actually rather point to the CCTV not adding any security at all. I’ll link to Bruce Schneiers lates post on this, since it contains several good links and is an excellent read on the subject.
The new industry regulations regarding CCTV surveillance of apartment buildings are available (in Swedish only) as a pdf download here.
privacy of personal e-mails accessed at work enforced in U.S. court
This is an interesting development in the U.S. on the rights of the employee to not have their emails read by their employer when the email account is private although accessed using a company PC.
Google’s privacy conviction in Italy
I think that this is a bit strong. 3 of Google execs charged concerning the content on their site in Italy even though this content was removed within 24 hours of notification. This brings to mind the question of how third-party providers can be expected to take responsibility for content uploaded by end-users… I believe that so long as the provider acts responsibilly by removing content as soon as notified, that this is the best they can do without creating some manual approval process. After all this content was the bullying of a disabled boy, which is really bad, but how do you identify this as inappropriate content using some sort of filtering technology, just not possible, it is not like pornographic material. I guess if bad language is used that this may work?
Getting control of identities in India
Things are really getting hot in India. They are launching a new census in which every person aged over 15 will be photographed and fingerprinted to create a biometric national database. This is all part of the plan to ID every person in the national id scheme. Read more at BBC News.