This article is also available in:
Deutsch: Materialien zur Datenschutz-Kampagne
There are countless half-truths and misconceptions spreading about the proposed data protection reform. EDRi has therefore decided to produce a broad range of materials about the most worrying problems.
The mythbusting series seeks to correct the many myths surrounding this legislative reform. The #eudatap series looks at the lobbying efforts by the industry and at the reasons why we need stronger data protection rules in the digital age. The « I don't care » papers ironically provide those who don't care about data protection with handy examples of the kinds of activity they don't care about.
All documents are published under a CC-BY licence. Feel free to translate into your language, to distribute and, most importantly, explain these issues to your Parliamentarians. You can also find them on http://privacycampaign.eu.
Myth-busting, issue 01
http://edri.org/files/dataprotection-myths-1.pdf
Myth-busting, issue 02
http://www.privacycampaign.eu/wp-content/uploads/2013/04/dataprotectio...
EUDataP series, issue 1: Privacy? Why care?
http://edri.org/files/eudatap-01.pdf
EUDataP series, issue 2 EU: The global standard setter for privacy and data protection
http://edri.org/files/eudatap-02.pdf
EUDataP series, issue 3: Industry lobbying & astroturfing against the data protection reform
http://edri.org/files/eudatap-03.pdf
I don't care about data protection and privacy, issue 01
http://edri.org/files/care.pdf
I don't care about data protection and privacy, issue 02
http://edri.org/files/policecare.pdf
Your Privacy is in Danger
http://www.privacycampaign.eu/wp-content/uploads/2013/02/YourPrivacyin...
Quick guide to the key issues of the data protection regulation
http://www.edri.org/files/Keyissues-EUDataP.pdf
Booklet: An introduction to data protection
http://www.edri.org/files/paper06_datap.pdf
This article is also available in:
Deutsch: Google soll Löschanträge löschen
Google has recently refused to comply with the take down requests sent by several copyright holders asking for the taking down of their own take down requests (under the US Digital Millennium Copyright Act - DMCA) which have now reached almost 20 million per month.
The reason for these requests is that by Google’s publishing the take down requests, there is actually a public index of links to alleged infringing material, thus the take down requests becoming themselves infringing material.
It is possible that these notices might be a by-product of the automated tools used to find infringing URLs. But this only reveals the faults of automated censorship which, in this case, can lead to an endless loop of DMCA notices, meaning that Google may be asked to remove links to links, to links...to copyrighted material. Which means that the DMCA procedures are leading to absurd situations and therefore should be revised.
There is also good news. Not all copyright holders are stuck on the idea that allegedly illegal downloading is bad for the business.
Talking about the illegal downloading of the Game of the Thrones TV show, HBO's president of programming, Michael Lombardo, considered it rather like a compliment: "I probably shouldn't be saying this, but it is a compliment of sorts. The demand is there. And it certainly didn't negatively impact DVD sales. (Piracy is) something that comes along with having a wildly successful show on a subscription network."
Lombardo only recognises what net freedom activists and specialists have kept on saying for some time now. Maybe there is still hope!
Movie Studios Want Google to Take Down Their Own Takedown Request
(4.04.2013)
http://torrentfreak.com/fox-wants-google-to-take-down-its-own-takedown...
Movie bosses demand Google take down takedown notices (5.04.2013)
http://www.theregister.co.uk/2013/04/05/google_takedown_notice_links/
This article is also available in:
Deutsch: Licences for Europe: Die Diskussion muss breiter werden
In December 2012, the European Commission announced a stakeholder dialogue to discuss innovative solution to improve cross-border access to online content. The stated aim of the initiative was to work with stakeholders on modernising copyright while the Commission theoretically would also look at the functioning of the legal framework.
Since its launch on 4 February 2013, the stakeholder dialogue (Licences for Europe) has been heavily criticised for restricting the scope of discussion to contractual solutions without any public discussion of the current legal framework. The Commission has already received letters from stakeholder groups requesting improvements in the "Licences for Europe" process. There are widespread concerns, most particularly in relation to text and data mining and user generated content. The problems have been caused by the legal framework, so it is quite obviously absurd to ban discussions on this topic.
In a joint letter sent on 8 April 2013 to Vice-President Kroes, Commissioner Vassiliou and Commissioner Barnier, EDRi and EBLIDA (European Bureau of Library, Information and Documentation Associations) requested the broadening of the scope of discussion for working group 1 on cross-border access and service portability. The letter alerts the Commissioners that the process is unlikely to solve the issues at stake if it restricts itself to contractual and technological solutions. The stakeholders should be able to discuss all factors that create barriers and that can explain the lack of choice and availability of content in the European Union. The letter strongly urges the Commission to broaden the scope of the discussion, without breaking the working group into different parts (based on a sectoral approach). The first task should be to identify the main restrictions and the reasons for their existence, to allow a fruitful debate on the solutions to allow greater access to content.
Letter sent by EDRi and EBLIDA (8.04.2013)
http://edri.org/files/Licences-for-EuropeWG1_letter_EDRi-EBLIDA.pdf
Commission agrees way forward for modernising copyright in the digital
economy (5.12.2012)
http://europa.eu/rapid/press-release_MEMO-12-950_en.htm?locale=en
Press release of the European Commission on Licences for Europe
http://europa.eu/rapid/press-release_IP-12-1394_en.htm
“It´s about more copyright, stupid!” (07.04.2013)
http://tacd-ip.org/archives/907
The EU Commission's Outrageous Attempt to Avoid Copyright Reform (4.02.2013)
http://www.laquadrature.net/en/the-eu-commissions-outrageous-attempt-t...
EDRi-gram: ENDitorial: Licences for Europe and fight club... only one
rule (13.03.2013)
http://www.edri.org/edrigram/number11.3/licences-for-europe-fight-club
Letter sent to the Commissioners requesting fairness in the discussion
during the stakeholders' dialogue (28.02.2013)
http://www.copyright4creativity.eu/Public/C4CLetterEuropeanCommissione...
Letter on Working Group 2 (User-Generated Content)
(28.02.2013)
http://edri.org/files/l4e_wg2.pdf
Letter on Working Group 4 on data and text mining (26.02.2013)
http://www.libereurope.eu/news/licences-for-europe-a-stakeholder-dialo...
(Contribution by Marie Humeau - EDRi)
This article is also available in:
Deutsch: Französischer Geheimdienst verlangt Löschung eines Wikipedia-Artikel...
The Wikimedia Foundation was asked on 4 March 2013, by French spy agency Direction Centrale du Renseignement Intérieur (DCRI), to remove its article in French “Station hertzienne militaire de Pierre sur Haute” (the military station of Pierre sur Haute) considered by the agency to contain classified military information the publication of which violated the French Penal Code.
According to a judicial source quoted by AFP, the request for the deletion of the article was due to the fact that the French-language Wikipedia article was deemed by DCRI to have compromised "classified material related to the nuclear firing orders chain of transmission".
Wikipedia refused to delete the article which had been online for almost 4 years already without having raise any such problems, and which contained information already well and publicly known, so much the more as the agency did not bring any arguments for its request, nor did it indicate exactly what part of the information was considered classified. Actually, it seems that a large part of the information comes from a publicly available video in which Major Jeansac, the chief of the respective military, gives a detailed interview and a tour of the station for a reporter.
As a result of Wikipedia’s refusal, on 30 March 2013, the agency contacted a random volunteer Wikipedia admin that was living in France and forced him, by threatening him with jail, to delete the respective article, although the volunteer had had nothing to do with the article. This extra-judicial action raises serious concerns regarding the respect of the human rights by the intelligence agency.
“While we have never received a request of this nature from the DCRI before, it is unfortunately not unheard of for governmental entities to contact, or even harass, local users. The Foundation strongly opposes any governmental attempts to intimidate the volunteers who dedicate their time and energy to build one of the world’s great educational resources that everyone can freely share in. We are saddened and disappointed to discover that the DCRI believes the tactics they employed in the name of security in this matter could be acceptable under any moral or legal authority. The Foundation was, and remains, willing to work with the DCRI to resolve this matter if possible, but we cannot condone any harassment of individuals who have done nothing wrong,” was Wikipedia’s statement.
The article was restored by other volunteers and there is now an English article with the same subject. The entire affair has resulted in a dramatic increase of the number of views for the respective article. Thus, DCRI has obtained the exact reverse effect of what it wanted.
French spies demand removal of a Wikipedia entry, threaten random
Wikipedia admin in France when they don't get their way (7.04.2013)
http://boingboing.net/2013/04/07/french-spies-demand-removal-of.html
Wikimedia Foundation elaborates on recent demand by French governmental
agency to remove Wikipedia content. (8.04.2013)
https://meta.wikimedia.org/wiki/Legal_and_Community_Advocacy/Statement...
DCRI intimidates a Wikipédia administrator due to an article (only in
French, 6.04.2013)
http://www.numerama.com/magazine/25610-la-dcri-intimide-un-administrat...
La Quadrature du Net condemns the pressure made by DCRI on a Wikimedia
France responsible (only in French, 7.04.2013)
http://www.laquadrature.net/node/6533
Military Hertzien station of Pierre-sur-Haute (only in French)
https://fr.wikipedia.org/wiki/Station_hertzienne_militaire_de_Pierre-s...
This article is also available in:
Deutsch: Selbstregulierung: Irische Polizeidatenbank – quasi ein "sozial...
Alan Shatter, the Irish Minister of Justice, has demanded an end to the abuse of the PULSE police database. In a sharply worded speech to the Association of Garda Irish police Sergeants and Inspectors (AGSI) conference, he said that it was necessary “to ensure that individuals who have done no wrong do not have their privacy violated” and that in no circumstances should the database “be used as some sort of social network to be accessed out of curiosity by members of the Force”. The incident provides several very important lessons for the current EU data protection reform (Mr Shatter is the President-in-office of the EU Justice Council).
The abuses of the database have been happening almost continuously since the adoption of a “self-regulation” agreement in 2007. This means that the enforcement of the law through "self-regulation" has led to six years of abuses that could have been avoided.
This experience also shows how misguided the efforts are in the Council and Parliament to remove the public sector from the Data Protection Regulation. As important as it is to ensure that companies like Facebook are effectively regulated, this is of limited value if public databases can be abused so comprehensively and for so long due to failures of incompetent national approaches.
The Minister's statement highlights just how unfit for purpose the Irish data protection regime has become. In the course of the six years of the operation of the “self-regulation” regime, the data protection authority expressed “disappointment” in its 2010 annual report and promised an audit of the system. Two years later, in response to abuse of a completely different database, the data protection commissioner announced.... an audit of PULSE. Five months after the last promise of action by the data protection commissioner, it is unsurprising that the Minister said in his speech that he is turning to the police commissioner to solve the problem.
Minister Shatter appears to be the first Irish Justice Minister ever to take data protection seriously. Despite the financial crisis, he has increased the data protection authority's budget by 20% in one year, leading to the appointment of specialist staff, including a chief technology adviser, a legal adviser and additional support staff. He is undoubtedly aware of the fact that resources alone will not change the culture of the organisation overnight and that more fundamental changes are almost certainly needed. Hopefully, these changes will be facilitated by the current review of the European data protection framework – if this is not derailed by excessive lobbying or short-sighted politics.
2010 Irish DPA Annual report
http://www.dataprotection.ie/documents/annualreports/2010AR.pdf
Tax official used data on woman to proposition her (24.02.2012)
http://www.independent.ie/irish-news/courts/tax-official-used-data-on-...
Minister Shatter stresses Government Support for the Office of the Data
Protection Commissioner (27.03.2013)
http://www.justice.ie/en/JELR/Pages/PR13000105
Address by Alan Shatter TD, Minister for Justice, Equality and Defence
on the occasion of the 2013 AGSI Conference (25.03.2013)
http://www.inis.gov.ie/en/JELR/Pages/SP13000102
(Contribution by Joe McNamee - EDRi)
This article is also available in:
Deutsch: Skype: Auskunftsbegehren von Strafverfolgungsbehörden 2012
Microsoft released its first-ever transparency report, the 2012 Law Enforcement Requests Report, explaining its approach to criminal law enforcement data requests around the globe. The report includes detailed information and data about the communications platform Skype, making it the first official public clarification of the company’s legal standing and jurisdiction since Microsoft acquired Skype in 2011.
The release of the report comes after pressure on Microsoft from civil society, most notably in the form of a January 2012 open letter signed by more than forty organizations (including Access and EDRi members Digitale Gesellschaft and DFRI) and sixty individuals, led and organised by Cryptocat developer Nadim Kobeissi. The letter, which called for Microsoft to release a transparency report and clarify the company’s obligations, practices, and disclosures, generated significant media coverage.
There is good reason for the public attention to Skype: the platform serves more than 663 million users worldwide, and is a crucial tool for activists and human rights defenders who depend on the service. In the absence of other meaningful or workable options for secure, unfettered channels of communications, these users urgently need to know whether they can trust Skype for sensitive conversations.
The Microsoft report disaggregates Skype data from the rest of Microsoft data, explaining that Skype operates under the laws of Luxembourg and the European Union, where it is headquartered, and continues to process and record law enforcement requests differently than its corporate parent. The effect of these parallel reporting structures means that there is less holistic data about the nature of Skype requests, including rejections of invalid requests, but more clarity about the volume of requests directed specifically at Skype versus other Microsoft products.
In a statement accompanying the release, Microsoft indicated that Skype’s “reporting policies and practices have now been brought in line with Microsoft reporting policies and going forward all data will be provided in a consistent format.” Although it does not say so explicitly, the statement does indicate that as long as Skype remains headquartered in the European Union its data will continue to be reported separately from other Microsoft products.
While it is certainly encouraging to see Microsoft release its first Transparency Report including Skype data, many points made by civil society in the January 2012 open letter remain unaddressed. We therefore urge Microsoft and Skype to release further information as detailed in the January 2012 open letter from the civil society.
What the Microsoft transparency report does—and does not—tell us about
Skype (3.04.2013)
https://www.accessnow.org/blog/2013/04/03/what-the-microsoft-transpare...
2012 Law Enforcement Requests Report
http://www.microsoft.com/about/corporatecitizenship/en-us/reporting/tr...
Access joins open letter calling on Skype to clarify user security,
release transparency report (25.01.2013)
https://www.accessnow.org/blog/access-joins-open-letter-calling-on-sky...
(Contribution by Raegan MacDonald - EDRi Observer)
This article is also available in:
Deutsch: DFRI verlangt fehlende ACTA-Dokumente von EP-Präsident Schulz
Swedish EDRi-member DFRI (Föreningen för digitala fri- och rättigheter) has asked the president of the European Parliament about a question from the Court of Justice of the European Union to the Commission that, according to a Commission spokesperson, made the Commission withdraw its referral of ACTA to the Court.
The Commission has stated that "the question asked by the Court of Justice as well as the letter of the Commission of 20 December 2012 have been served also on the European Parliament."
DFRI board member Andreas Jonsson commented that "without the Court's question we cannot understand why the Commission decided to withdraw its ACTA case". Therefore "without the Court's question there can be no proper closure of the ACTA dossier, and that's not a good start for other negotiations on the material ACTA was covering" concluded Jonsson.
Andreas email on "Missing ACTA documents" (9.04.2013)
http://article.gmane.org/gmane.org.user-groups.dfri/439
European Commission college decision on ACTA (19.12.2012)
http://www.youtube.com/watch?v=VCBTFh3IhQY
Answer to a parliamentary question from 5 February 2013
http://www.europarl.europa.eu/sides/getAllAnswers.do?reference=E-2013-...
DFRI
https://www.dfri.se/
EDRi-gram: Total transparency on ACTA and TAFTA documents (13.03.2013)
http://edri.org/edrigram/number11.5/total-transparency-acta-tafta
This article is also available in:
Deutsch: Einstellung europäischer Verbraucher zum Datenschutz
Some interesting results from a quantitative and qualitative analysis made by the EU-funded CONSENT project to find out about the consumers' attitudes awareness of privacy issues online and service providers' practices were presented at the final conference of the project, that took place in Malta on 20-21 March 2013.
The results indicate that there is indeed a high variability between different EU countries in the perception of personal risks, privacy loss or unexpected problems related to giving personal information to websites. From an elevated level of perceived control on privacy in Germany or Austria to the concept of privacy as "little developed" in Romania, Bulgaria or Slovakia.
There are other results available for the whole EU level that are worth the attention:
- The correspondence between the awareness levels of website owners’ practices in relation to privacy and the awareness of technical protection measures
- More than 50% of all respondents indicate that they often or always change their privacy settings in UGCs and social networks. Four out of five actually make their privacy settings stricter than the default settings
- Generally, rather low portion of privacy policy readers (24%). Only 11% of readers claim to fully understand the privacy statement or policy they have read.
Another part of the project also looked at the practices of over 100 European and international social networks and UGCs website. To point just to one of the realities: Only 38 of those networks analysed required explicit consent to process personal data for commercial purposes.
But the situation of the European social networks is actually worse, because their main and powerful competitor (yes, you guessed - Facebook) seems to be totally disobeying every single EU data protection requirement, as the practical presentation of Max Schrems from Europe-v-Facebook clearly emphasized.
The conference also focused on several panels of DPAs or civil society representatives (including EDRi) that presented their feedback on the CONSENT draft policy brief that would be available to the policy makers, especially on the European legislative level by the end of April 2013.
The EDPS, Mr Peter Hustinx, also emphasized that the notion of consent as a key in the matter of the future of online privacy and definition of explicit consent needs to be maintained as one of the cornerstones of the data protection framework. He also showed his optimism for a positive outcome of the legislative process on the data protection Regulation, following the vote in the European Parliament Legal Affairs Committee.
Presenting CONSENT project results I. Consent and Social Networks (5.04.2013)
http://consent.law.muni.cz/view.php?cisloclanku=2013040001
Presenting CONSENT project results II. What Consumers Think (5.04.2013)
http://consent.law.muni.cz/view.php?cisloclanku=2013040002
Europe versus Facebook
http://europe-v-facebook.org/EN/en.html
Online privacy - Consenting to your future
http://www.onlineprivacyconference.eu/
EDRi: Parliament Legal Affairs Committee adopts improved position on privacy legislation (19.03.2013)
http://edri.org/juri_eudatap
This article is also available in:
Deutsch: Schwedische Polizei will härter gegen File-Sharer vorgehen
In a recent report, Sweden’s National Police Board proposes measures meant to increase its performance in fighting copyright infringements, as a result of meetings with entertainment company rightsholders. The changes proposed include the creation of a team focused on intellectual property crimes and additional, more accessible forensic resources for a more successful prosecution of copyright infringement cases.
The rightsholders had told the police that they could report “significantly more crimes” (referring of course to alleged online copyright infringements) if the police were better equipped and they also complained that the police response times were too long. Another complaint was that, in their opinion, the police investigators lacked technical competence leading to a lower quality of the investigations. The structure and organization of the police systems and personnel was also in question and the rightholders suggested that there was a need of more investigators, police officers, forensic staff and civilians involved.
As a result, the Swedish police proposes the creation of a single central group focused on the protection of intellectual property. Considering that intellectual property investigations are “often expensive and complicated”, the report says that such a collective group “would facilitate the prioritization of cases and also facilitate the contact with prosecutors and external parties, such as plaintiffs, international authorities and agencies. The group would consist of “a head, investigators, administrative assistance and designated IT forensic staff linked to the group. With the current starting point it is reasonable for the group to consist of around 20 people.”
Swedish Police Promise More Resources to Catch File-Sharers (4.04.2013)
http://torrentfreak.com/swedish-police-promise-more-resources-to-catch...
Police authorities handling cases on IPR violations (only in Swedish,
24.02.2013)
http://www.polisen.se/Global/www%20och%20Intrapolis/Rapporter-utrednin...
This article is also available in:
Deutsch: Mitmachen!
2013: EU consultations of importance to digital rights
http://edri.org/node/3195
Defend your Privacy! - Stop Lobby War on new EU Privacy Law!
Share this video and contact your MEPs
https://www.youtube.com/watch?v=NKZmQJQrTuY
Vote on data retention of travel data (EU-PNR) – Contact your MEPs
http://pnr.digitalegesellschaft.de
http://pnr.vibe.at
http://www.nopnr.org/vote-on-data-retention-of-travel-data-eu-pnr-cont...
This article is also available in:
Deutsch: Lesestoff
Google privacy policy: six European data protection authorities to
launch coordinated and simultaneous enforcement actions (2.04.2013)
http://www.cnil.fr/english/news-and-events/news/article/google-privacy...
European data protection authorities clarify principle of purpose
limitation (8.04.2013)
http://ec.europa.eu/justice/data-protection/article-29/press-material/...
Online Personal Data Processing and EU Data Protection Reform (8.04.2013)
http://ceps.eu/book/online-personal-data-processing-and-eu-data-protec...
German Law Enforcement Access to Cloud Data in Foreign Jurisdictions,
Including the U.S. (29.03.2013)
http://www.huntonprivacyblog.com/2013/03/articles/german-law-enforceme...
And some books:
Card declined: how Britain said no to ID cards, three times over, by SA Mathieson
http://www.samathieson.com/card-declined/
Regulating Code: Good Governance and Better Regulation in the
Information Age, by Ian Brown and Christopher Marsden
http://mitpress.mit.edu/books/regulating-code
Research Handbook On Governance Of The Internet, edited by Ian Brown
http://www.e-elgar.com/bookentry_main.lasso?id=14173
This article is also available in:
Deutsch: Agenda
12 April 2013, Biefeld, Germany
Big Brother Awards Germany
http://www.bigbrotherawards.de/
6-8 May 2013, Berlin, Germany
re:publica 2013
http://re-publica.de/en/
20-21 June 2013, Lisbon, Portugal
EuroDIG 2013
http://www.eurodig.org/
25-26 June 2013, Barcelona, Spain
9th International Conference on Internet Law & Politics: Big Data:
Challenges and Opportunities.
http://edcp.uoc.edu/symposia/idp2013/?lang=en
25-26 June 2013, Washington, DC, USA
23rd Computers, Freedom and Privacy Conference (CFP)
http://www.cfp.org/2013
31 July – 4 August 2013, Geestmerambacht, Netherlands
Observe. Hack. Make. - OHM2013
CfP by 1 May 2013
https://ohm2013.org/
14-15 September 2013, Vienna, Austria
Daten, Netz & Politik 2013 - DNP13
CfC by 15 April 2013
https://dnp13.unwatched.org/
23-26 September 2013, Warsaw, Poland
Public Voice Conference 2013
35th International Data Protection and Privacy Commissioners conference
http://www.giodo.gov.pl/259/id_art/762/j/en/
25-27 October 2013, Siegen, Germany
Cyberpeace - FIfF Annual Meeting 2013