So which law applies?

Now this is a really interesting legal case. Facebook has a marketing and advertising business established as a separate legal entity in Germany. In December 2012, the Schleswig DPA issued orders against Facebook Inc. in the U.S. and Facebook Ltd. in Ireland, in which the DPA demanded that Facebook allow its German users to use pseudonyms.

So which law applies? Germany, Ireland, or US? In the end Germany lost. It was decided that the Irish DPU laws applied. The ruling stated that it was not considered a sufficient presence to warrant the application of German data protection law.

Draft rules on use of personal information in China

Really interesting post on rules concerning the use of personal information in China.

If you make it to the end of the article 😉 I am very much of the same opinion as the author, in that okay to have rules but what about enforcement. Also is the actual intentions of the Chinese authorities? Are they really after protecting the human rights of the Chinese citizen, or is this another ploy to enforce registration of identity, hence make anonymous access to online resources impossible. This restricts freedom of speech… as if it is not already enough given existing controls…

CISPA

Cyber Intelligence Sharing and Protection Act (CISA) is not aligned with civil and privacy rights of the individual according to privacy advocates such as Electronic Frontier Foundation and Avaaz.org.

Neither Microsoft or Facebook support this bill. Imagine that everything you post on FB to be available for government authorities? Fine if you trust them I suppose, but I don’t.

Why is not crowdsourcing used more in the fight against terrorism? Transparency and the power of the people, of whom most want a safe society could provide an all encompassing safetynet. Crowdsourcing for example is starting to be used to locate missing persons and children, it is very powerful. There are so many people out there that can make a positive difference to this broken world we live in.

Cloud and conflicting privacy laws

One of the biggest dilemmas with cloud services is that in theory it shouldn’t matter where your data is stored in the public cloud, just that it is secured appropriately, and only you get appropriate access and nobody else gets inappropriate access 😉

But it’s much more complicated. Every country has its own laws about the transparency of data stored and accessibility from nosing government authorities. The real problems occur when there is a conflict of privacy laws between different countries. So you have personal data stored in a Google public cloud, your data could be stored physically anywhere in the world. And the fact that Google is a US company means requirement to comply with US law (e.g. USA Patriot Act) for the organisation worldwide, not forgetting the regional laws where the data is physically stored. This conflicts with EU privacy law whereby the rights of the data subject are preserved.

Google have been quoted as follows “As a law abiding company, we comply with valid legal process, and that – as for any US based company – means the data stored outside of the U.S. may be subject to lawful access by the U.S. government.” Taken from Softpedia.

This could be an interesting time for organisations to set-up clouds but only in a single country in an organisation that is registered in the hosting country. Otherwise, can you really trust the data-holding authority to protect your rights as an EU citizen for example? I know I can’t!

National Crime Database Raises Privacy Concerns

The (quiet) introduction of a National Police Reference System in Australia has raised concerns on the impact on privacy.  The database (run by CRIMTRAC has millions of records – including DNA and fingerprints) and is able to be accessed by all Australian law enforcement officers.  There are up to 80,000 accesses to the data per day.

For more detail, please see http://www.smh.com.au/national/privacy-fears-growing-as-police-tighten-national-grip-20100117-mecr.html.

Guilty until proved innocent?

The largest DNA database not protected by any privacy law, that is the FBI DNA database of over 6.7 million profiles is in the throes of a new spurt of growth. Until now, the federal government genetically tracked only convicts. But starting this month, the Federal Bureau of Investigation will join 15 states that collect DNA samples from those awaiting trial and will collect DNA from detained immigrants — the vanguard of a growing class of genetic registrants.

I wonder what next?