I found a nice analysis of how the EU directive on data privacy has changed with reference to the loading of cookies on a user’s PC. Check this post out by Raul Mendez, it is nicely described.
Category: European Union
Revised EU clauses on DP in the cloud context
An article on the use of the revised EU model clauses applicable from 15 May 2010 written by Thomas Helbing, which also covers the use in a cloud context, could be worth a read 🙂
An appraisal of the APEC privacy framework
An excellent appraisal of the APEC Privacy Framework against the EU Data Protection Directive by Dr Chris Pounder at out-law.com.
EU DP a problem for Google maps
March 3 (Bloomberg) — Google Inc., the owner of the most popular search engine, may not map Europe again with photos for its Street View service if European Union data-protection regulators reduce the images’ storage time from 12 months to 6.
“I think we would consider whether we want to drive through Europe again, because it would make the expense so draining,” Michael Jones, Google’s chief technology advocate and founder of Google Earth, said in an interview at the Cebit Technology Fair in Hanover.
Google has negotiated with EU authorities, agreeing to one- year storage from the day the images are published on Street View, according to Jones. Shorter periods won’t be possible as Google can’t reprocess its data quicker because of software restraints, he said.
Golden rules on SNS
…one more related to Karen’s article “Facebook IDÂ theft” posted earlier this week…
SNS? I didn’t know there was an acronym for Social Networking Sites (SNSs). Somehow by being in this branch (IT) you tend to be fed with lots and lots of 3 letter combinations that depending on the context you are supposed to know what they mean, hmmm I’m sometimes -very often- overloaded but anyway that’s not the main reason for me to write here today.
The reason is to give you all advice about a new set of rules that have been created to protect us!! when we (or those who do) access SNSs from our mobile devices. The organisation behind this brilliant idea is ENISA (again another set of letters -sorry!) what stands for European Network and Information Security Agency. An extract comes here:
“The paper also gives a comprehensive view of the SNS world under the lens of the European directive on data protection (Dir. 95/46/EC).The Executive Director of ENISA, Dr. Udo Helmbrecht, comments:
“This report provides practical, hands-on advice to the users of how to more safely be online, anywhere and anytime, when enjoying mobile social networks.”
So this is in indeed gold for us users, worth to at least take a quick look at the full 49 pages report, specially if you are uch a user; here is the link
Here comes also the link to the whole article “Instantly online -17 golden rules for mobile social networks“
EU Data Retention Directive still not implemented in Sweden
In 2006 there was a directive approved in Brussels on the retention of telecommunications data, i.e. telecom operators’ customers phone and email information. This I understand to be, not contents, but of activity. This directive was born in the wake of Madrid and London terrorists’ activities. Sweden has been slow in implementing this, in fact they’ve done nothing. To understand why read more at The Local Sweden News in English.
As a side-note: The fact that telecom operators have the ability to do this type of logging activity built into their systems is no coincidence. Many of the international laws on wiretapping date back to a series of seminars hosted by the FBI in the United States
in 1993 at its research facility in Quantico, Virginia, called the International Law Enforcement Telecommunications Seminar (ILETS) together with representatives from Canada, Hong Kong, Australia and the EU. The product of these meetings was the adoption of an international standard called the International Requirements for Interception. In 1995 the Council of the European Union approved a secret resolution adopting the ILETS. Following its adoption and without revealing the role of the FBI in developing the standard, countries have adopted laws to this effect. Following adoption of the standard the European Union and the United States offered a Memorandum of Understanding (MoU) for other countries to sign to commit to the standards. All participating countries were encouraged to adopt the standards so it was natural that international standards organisations, such as the International Telecommunications Union (ITU) and the European Telecommunication Standardization Institute (ETSI), would adopt the standards. Read more in Virtual Shadows.
Search Giants Google & Microsoft Bing Compete on Privacy
In August 2008, Google cut the retention period of user search data to 9 months, down from 18 months. After 9 months it no longer retains the IP addresses that can be used to link a user search to an individual.
Recently Microsoft, not to be outdone, reduced the retention period of its users search data to a mere 6 months. Microsoft has accused Google of retaining a portion of the user’s IP address after it’s self-imposed 9 month retention period, while Microsoft claims it will remove the entire IP address.
“Quality of search won’t be reduced but privacy will be enhanced”
Brendon Lynch, Microsoft’s director of privacy policy
Microsoft’s actions appear to be in response to European Union data protection officials request that leading search engine makers respond to their privacy concerns by the end of this month over retaining IP address data.
We can only hope that increased competition will lead to improved privacy and data security by industry leaders, setting a course for others to follow.
Article here
Data Privacy Day 2010 is just around the corner
Data Privacy Day 2010 is occurring on January 28th. Data Privacy Day is an annual international celebration to raise awareness and generate discussion about information privacy. In 2009, both the U.S. Senate and House of Representatives recognized January 28th as National Data Privacy Day.
Over the past few years, privacy professionals, corporations, government officials and representatives, academics, and students in the United States, Canada, and 27 European countries have participated in a wide variety of privacy-focused events and educational initiatives in honor of Data Privacy Day. They have conducted discussions, examined materials and explored technologies in an effort to bring information privacy into our daily thoughts, conversations and actions.
“Despite all the benefits of new and innovative technologies, there are doubts and worries that persist about just how much personal information — our digital identity — is collected, stored, used, and shared to power these convenient and pervasive services.”
Richard Purcell, executive director of The Privacy Projects (www.theprivacyprojects.org), organizing sponsor of Data Privacy Day.
Data Privacy Day has also provided an opportunity to promote teen education and awareness about privacy challenges when using mobile devices, social networking sites and other online services.
Everyone is welcome to participate by sponsoring events, contributing writings and other educational resources, joining activities, and taking actions designed to raise privacy awareness.
More information can be found on the event website at: dataprivacyday2010.org.
EU ePrivacy Directive amendment
A recently passed amendment to the EU Privacy Directive will require Internet users’ consent before cookies can be placed on their computers. This is part of a revised ePrivacy Directive that is close to enactment, that includes improvements on security breach, cookies and enforcement. The new provisions will bring vital improvements in the protection of the privacy and personal data of all Europeans active in the online environment. The improvements relate to security breaches, spyware, cookies, spam, and enforcement of rules. The revised ePrivacy Directive must be implemented by the Member States within 18 months.
The changes introduced include:
-
For the first time in the EU, a framework for mandatory notification of personal data breaches . Any communications provider or Internetservice provider (ISP) involved in individuals’ personal data being compromised must inform them if the breach is likely to adversely affect them. Examples of such circumstances would include those where the loss could result in identity theft, fraud, humiliation or damage to reputation. The notification will include recommended measures to avoid or reduce the risks. The data breach notification framework builds on the enhanced provisions on security measures to be implemented by operators, and should stem the increasing flood of data breaches;
-
Reinforced protection against interception of users’ communications through the use of – for example – spyware and cookies stored on a user’s computer or other device. Under the new Directive users should be offered better information and easier ways to control whether they want cookies stored in their terminal equipment;
-
The possibility for any person negatively affected by spam , including ISPs, to bring effective legal proceedings against spammers;
-
Substantially strengthened enforcement powers for national data protection authorities. They will for example be able to order breaches of the law to stop immediately and will have improved means of cross-border cooperation.
What this means is that the current laws that the data subject has increased protection online. If their personal data has been exposed, they must be notified. As such they must be informed if personal information on them is being collected, and they should have the option to opt-out (or more preferably opt-in). This is not possible with the way cookies are used today where they are just downloaded onto the users’ PCs without warning. All security to warn the user of tracking cookies are provided by the web-browser. This will now have to be included in the cookie itself.. I think. Any experts out there that know how this could work in practice, please jump in here and comment 🙂
I also read some references to how the use of RFID for the collection of personal information falls in the scope of this amendment.
And finally enforceability is key. Hence each member state must have the appropriate legilsation implemented to make this amendment effective and enforceable.
Data protection guide
Thanks to David Lacey for highlighting that the Information Commissioner’s Office has just published a detailed Guide to Data Protection that is an excellent, well presented piece of work.