This article is also available in:
Deutsch: Privatsphäre-Kampagne Nakedcitizens.eu
On 25 April 2013, a coalition of international digital human rights groups launched a campaign to warn that current European Parliament proposals could strip citizens of their privacy rights. Unprecedented lobbying efforts, mainly led by corporations, have contributed to these developments.
The final vote in the Civil Liberties Committee (LIBE) of the European Parliament on the Data Protection Regulation was initially scheduled for the end of May, but has now been postponed a few weeks to take place before the summer break. Rapporteur MEP Albrecht commented that the Parliament needed “more time” to consider more than 4000 amendments.
In order to urge Parliamentarians to put their constituencies' rights first and vote against harmful proposals, the coalition launched a report listing the worst amendments, as well as a website, nakedcitizens.eu. The web portal allows concerned citizens to send “naked” postcards to their representatives in the European Parliament.
On 13 May 2013, the coalition will also organise a privacy camp for activists in Brussels – if you are interested to participate, you can contact office (at) edri.org.
Members of the coalition are European Digital Rights (representing 35 European organisations), Privacy International, Access, Digitale Gesellschaft, Bits of Freedom, Panoptykon, Open Rights Group and La Quadrature du Net.
Press release: Regulation set to strip citizens of their right privacy
(25.04.2013)
http://edri.org/PR-eudatap
International privacy organisations: Don't let corporations strip
citizens of their right to privacy (25.04.2013)
http://edri.org/files/2013-campaign-report.pdf
Photos from the press event (25.04.2013)
http://www.flickr.com/photos/weidenholzer/8679666053/in/photostream
Video from the press event (25.04.2013)
http://www.youtube.com/watch?v=IBa0s-RP4cM
EU data protection vote delayed again (7.05.2013)
http://www.pcworld.com/article/2038072/eu-data-protection-vote-delayed...
EDRi Organises European Activist Barcamp and Safari on Threats to
Citizens’ Privacy Rights (13-15 May) (8.05.2013)
http://www.edri.org/eudatap_camp
(Contribution by Kirsten Fiedler - EDRi)
This article is also available in:
Deutsch: LIBE-Ausschuss des EP gegen EU-weiten Austausch von PNR-Daten
The directive obliging airlines to pass personal details of EU passengers to the authorities of the EU member states was rejected by the Civil Liberties Committee (LIBE) of the European Parliament (EP) on 24 April 2013.
The proposal was presented in February 2011 as an anti-terrorism measure to be applied for passengers flying in and out the EU, much the same with the agreement of the EU with the US, and had in view passenger data such as name, address, phone number and credit card details. The supporters of the bill have shown their disappointment. Timothy Kirkhope, the British conservative MEP and Rapporteur on this dossier, considered the vote "did not show parliament in a good light” as such an agreement “would have enabled us to track terrorists, people traffickers and other serious criminals and it would put in place strong protections for passenger data."
The proposal has been strongly criticised because it allows storing of data by the police for five years and PNR profiling. Civil rights organisations and even the European Union Agency for Fundamental Rights raised a number of issues related to the bill, including privacy violations, lack or disproportionate control, lack of protection against discrimination, ambiguity of the text, lack of evidence needed to point out suspects.
"This disproportionate proposal would have been a grave departure from the constitutional presumption of innocence. This unacceptable paradigm shift in security policy would reverse the presumption of innocence, as well as breaching rulings of constitutional courts in Europe and the European Court of Human Rights,” said home affairs and civil liberties spokesperson Jan Philipp Albrecht MEP who added: "Thankfully, MEPs have voted to prevent this and to defend the rule of law and fundamental rights in Europe. This decision must now be respected: the European Commission must withdraw this wrongheaded proposal."
Juan Fernando López Aguilar, the Civil Liberties Committee chair, proposed the bill to be put to the Parliament’s Conference of Presidents (EP and political group presidents) for a decision if the draft directive would go for a vote in the plenary or not.
In a nutshell, the future of the EU PNR directive is unclear.
MEPs vote down air passenger data scheme (24.04.2013)
http://euobserver.com/justice/119926
MEPs reject EU passenger data storage scheme (24.04.2013)
http://www.euractiv.com/infosociety/meps-reject-eu-passenger-data-st-n...
Civil Liberties Committee rejects EU Passenger Name Record proposal
(24.04.2013)
http://www.europarl.europa.eu/news/en/pressroom/content/20130422IPR075...
Directive on passenger data: EU internal committee votes against
retention of traveller data (only in German, 24.04.2013)
http://www.nopnr.org/richtlinie-uber-fluggast-daten-eu-innenausschuss-...
Timothy Kirkhope press conference
http://www.europarl.europa.eu/ep-live/en/other-events/video?event=2013...
EDRi-gram: Commission's proposal for PNR Directive fails to impress MEPs
(9.02.2011)
http://www.edri.org/edrigram/number9.3/commission-pnr-directive
According to a series of articles in the Danish edition of Computerworld on 6 May 2013, a Danish mobile phone provider has kept telephone call records since the company started its operations in 2000. The company, Telmore, currently has about 700 000 subscribers and a 10% market share in Denmark. Since 2004, Telmore has been a subsidiary of TDC, the largest Danish telecommunications company.
A 10-year retention period of telephone call records is a blatant violation of the Danish law that transposes the e-privacy directive 2002/58/EC. Article 6 of the directive states that traffic data (which includes call records) must be deleted or anonymized when they are no longer needed for business purposes such as subscriber billing or accounting documentation.
The e-privacy directive is, of course, modified by the data retention directive 2006/24/EC which requires storage of, among other things, telephone call records for 6-24 months. In Denmark, the mandatory retention period is 12 months. However, telephone call records are, in practice, kept for a longer period for billing or accounting purposes.
Judging from the articles in Computerworld, there appears to be some uncertainty about the precise interpretation of the maximum retention period that is allowed under the Danish law that transposes article 6 of the e-privacy directive.
The Danish Business Authority, which is the regulatory agency for telecommunications in Denmark, told Computerworld that the retention of call records for more than five years was illegal. The Danish accounting law requires that bookkeeping documentation is kept for a minimum of five years. However, the official guidelines for the bookkeeping also state that itemized telephone call records are not required for retention once the customer has been presented with an invoice for the calls, and the dispute resolution period has expired.
In response to the Computerworld article and the statements by the Danish Business Authority, Telmore told Computerworld that they would limit the retention of call records to three years, as soon as technically possible. Three years is the general statutory limitation period for simple claims in Denmark. However, the dispute resolution period for telephone customers in Denmark is about one year after the invoice has been received, so it could be argued that the allowed retention period should really be shorter than three years (or five years).
A recent parliamentary question to the Danish government focused on the interplay between mandatory data retention and the e-privacy rules. The minister responsible for the Danish Business Authority was asked whether she could guarantee that telecommunication data was deleted when required by law, and whether the agency had sufficient resources to supervise industry practices in this area. The question has not been answered yet.
Danish telephone company in violation of the law: your data is retained
too long (only in Danish 06.05.2013)
http://www.computerworld.dk/art/226413/dansk-telefirma-bryder-loven-op...
This is the problem which causes a Danish telephone company to break the
law (only in Danish 06.05.2013)
http://www.computerworld.dk/art/226414/her-er-det-gaaet-galt-for-dansk...
Telmore admits: the reason why we have broken the law (only in Danish
06.05.2013)
http://www.computerworld.dk/art/226417/telmore-erkender-derfor-har-vi-...
E-privacy directive 2002/58/EC
http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32002L0058...
Website of the Danish Business Authority (in English)
http://www.dba.erhvervsstyrelsen.dk/home/0/2
Parliamentary question about deletion of telecommunication data (only in
Danish, not answered yet as of 06.05.2013)
http://www.ft.dk/samling/20121/lovforslag/l142/spm/13/index.htm
(Contribution by Jesper Lund, EDRi member IT-Pol Denmark)
This article is also available in:
Deutsch: Griechenland: Justiz muss über Netzsperren durch ISPs entscheiden
AEPI, the Greek Society for the Protection of Intellectual Property, has filed an action in court to have several major torrent sites, among which KickAssTorrents, isoHunt, 1337x and H33T, blocked by ISPs, according to a report from Torrentfreak.
The Greek anti-piracy group AEPI has first filed a temporary injunction against several ISPs (including OTE, Wind, Vodafone, Forthnet, Hellas Online, On Telecoms and the academic GRNET) to force them to block the respective sites by IP and DNS. According to TorrentFreak sources, The Pirate Bay will also be targeted by AEPI.
AEPI’s request was heard on 30 April by the Athens Court. AEPI asked for an immediate interim injunction to stop the sites from infringing the copyrights of their members. The ISPs replied that as the respective sites had been operating for years, there was hardly a case of urgency.
On 2 May 2013, the preliminary injunction demanded by AEPI was rejected by the court which considered there was no character of urgency of the matter. However, the substance of the case is yet to be ruled on, with the next hearing to take place on 21 August 2013.
“It should be noted that this is the first time a case of this magnitude and importance has appeared before a (local) court, even for temporary measures. The option to block access to sites raises serious questions on the issue of the protection of Net Neutrality.” stated Greek news outlet ADSLGR for TorrentFreak.
Anti-Piracy Group Demands Blocks of KickAss, isoHunt, 1337x and H33T
(2.05.2013)
http://torrentfreak.com/anti-piracy-group-demands-blocks-of-kickass-is...
Court Papers (only in Greek)
http://www.sillogi.gr/pakat/peirates/dikografa_aepi_vs_paroxoi.pdf
Rejected the application for a temporary injunction AEPI against
providers (only in Greek, 2.05.2013)
http://bit.ly/10fLgts
This article is also available in:
Deutsch: Niederlande: Polizei will die Geräte ihrer Bürger hacken
The police should be allowed to hack into mobile phones and computers, even when these are located abroad. This is proposed in a draft law by the Dutch government on 2 May 2013.
While this appears to be a powerful asset for law enforcement, in reality it creates unnecessary vulnerabilities for citizens. Also, the proposal ignores several alternative solutions. The police already has the necessary means to fight cybercrime, but fails to apply them, due to limited resources and knowledge. Cybercrime must be addressed by expanding the resources of the police. Therefore the solution lies in expanding these resources rather than expanding the powers of the police.
The controversial proposal doesn’t only allow the hacking of mobile phones and computers, it extends to spying on users and the deletion of data. It would also include devices which are located abroad. Furthermore, the police would also gain the power to order the handing over of passwords and decryption keys. Failing to comply with the order would be punishable.
Combating cybercrime is important, but through this proposal we’re rushed into legislation which is unnecessary and raises serious safety risks for citizens.
Dutch hacking proposal puts citizens at risk (2.05.2013)
https://www.bof.nl/2013/05/02/dutch-hacking-proposal-puts-citizens-at-...
Opstelten strengthens the approach on cybercrime (only in Dutch, 1.05.2013)
http://www.rijksoverheid.nl/ministeries/venj/nieuws/2013/05/02/opstelt...
(Contribution by Simone Halink - EDRi member Bits of Freedom - Netherlands)
On 25 April 2013, the European Commission invited all interested parties to comment on Google’s proposed commitments to meet the Commission’s concerns formally drafted in March 2013 regarding to Google’s four types of businesses that might violate EU antitrust rules prohibiting the abuse of a dominant position.
The Commission has concerns that Google might abuse its dominant
position on the market by a favourable treatment of links to Google’s
own specialised web search services as compared to links to competing
specialised web search services. The practices under discussion are:
- the use without consent of original content from third party web sites
in Google’s specialised web search services;
- the agreements that oblige third party web sites (“publishers”) to
obtain all or most of their online search advertisements from Google;
- contractual restrictions on the transferability of online search
advertising campaigns to rival search advertising platforms;
- the management of such campaigns across Google's Adwords and rival
search advertising platforms.
In response, Google has made proposals to try to address the Commission's concerns. The proposals are now offered by the Commission for consultation and comments may be made during a month. The Commission will take the comments into account in its analysis, and in case it reaches the conclusion that Google’s proposals address the four competition concerns, it may adopt a decision to make them legally binding on Google. Even if there is no proof of infringement of EU antitrust rules, if the company breaks such commitments, the Commission can impose a fine of up to 10% of its annual worldwide turnover.
Google proposes, for a 5-year period, for the European Economic Area:
- to label promoted links to its own specialised search services so that
users can distinguish them from natural web search results, clearly
separating these promoted links from other web search results by clear
graphical features (such as a frame);
- to display links to three rival specialised search services close to
its own services, in a clearly visible place for users;
- to offer all websites the option to opt-out from the use of all their
content in Google's specialised search services, providing at the same
time that any opt-out does not negatively affect the ranking of those
web sites in Google's general web search results;
- to offer all specialised search web sites focusing on product search
or local search the option to mark certain categories of information so
that such information is not indexed or used by Google;
- to provide a mechanism allowing newspaper publishers to control the
display of their content in Google News, on a web page per web page basis;
- to stop including in its agreements any written or unwritten
obligations that would require publishers to source online search
advertisements exclusively from Google;
- to stop imposing obligations preventing advertisers from managing
search advertising campaigns across competing advertising platforms.
Some opinions on Google’s proposals are already critical, explaining that the proposals are too little and come too late: “While the three competitive links are likely to drive some traffic to Google alternatives, from a user experience standpoint this is not the radical change I was imagining. In addition there’s apparently no requirement or constraint around where Google can put universal search results on the page. In other words, it can still show products, maps, flight search and so on, where it likes,” says Search Engine Land contributing editor Greg Sterling.
“Labelling results will do little or indeed nothing to prevent Google from manipulating search results and discriminating against competing services. It may even shepherd consumers towards clicking on Google services now highlighted in a frame. Labelling should not be the sole solution…The proposal to display links to three rival specialised services raises the natural question of who decides the promotional criteria. If that is Google, it leaves too much discretion in their lap while most importantly, not solving the problem of non-discriminatory choices for consumers,” was the statement of BEUC, the European Consumer Organisation.
Anyone can send the Commission observations on the commitments proposed by Google. The deadline to send the observations to the Commission is one month from publication in the Official Journal of the European Union.
EC press Release - Antitrust: Commission seeks feedback on commitments
offered by Google to address competition concerns (25.04.2013)
http://europa.eu/rapid/press-release_IP-13-371_en.htm
CE memo - Commission seeks feedback on commitments offered by Google to
address competition concerns – questions and answers
http://europa.eu/rapid/press-release_MEMO-13-383_en.htm
Roundup of Comments on Google’s Proposed Commitments to European
Commission (25.04.2013)
http://www.fairsearch.org/deceptive-display/roundup-of-comments-on-goo...
Google’s commitments: too little, too late? (25.04.2013)
http://www.i-comp.org/blog/2013/googles-commitments-too-little-too-lat...
Iceland’s Supreme Court ruled on 24 April 2013 that Valitor, Visa’s local partner in Iceland, had to resume processing online donations to WikiLeaks within two weeks or face a daily fine of around 5200 Euro in case of non-compliance, thus backing up the decision taken by a lower Icelandic court in July 2012.
“This is a victory for WikiLeaks and freedom of information. The arbitrary blocking of payments put in place by financial service companies was completely illegal and has now been condemned as such by a country’s highest court”, stated Reporters Without Borders which urged all the other financial companies involved, directly or indirectly, in blocking payments to Wikileaks, “to comply with the logic of Iceland’s supreme court ruling without waiting to be legally forced to do so.”
"We thank the Icelandic people for showing that they will not be bullied by powerful Washington-backed financial services companies like Visa and we send out a warning to the other companies involved in this blockade - you're next," stated Mr Assange for AP news agency.
The case started in 2010 when several financial institutions including Visa and MasterCard stopped processing donations and other payments to WikiLeaks, after Wikileaks had decided to start publishing about 250 000 US State Department emails, letters and other information.
According to WikiLeaks the financial blockade resulted in a 95% drop in revenue which came mostly from donations. DataCell, a company collecting donations for WikiLeaks, filed a complaint with the European Commission against Visa Europe, MasterCard Europe and American Express accusing them of violating European Union competition rules.
A preliminary decision of the Commission in November 2012 said blocking of processing donations was unlikely to have violated EU anti-trust rules. On 19 November 2012, the European Parliament passed a resolution asking the European Commission to take measures to prevent credit card companies from refusing to process payments to companies and NGOs. Yet, the Commission continued to allow the blocking.
Court orders Visa subcontractor to lift block on payments to WikiLeaks
(26.05.2013)
http://en.rsf.org/iceland-court-orders-visa-subcontractor-to-26-04-201...
French version
http://fr.rsf.org/islande-le-sous-traitant-islandais-de-visa-26-04-201...
Wikileaks in Iceland court victory over payments blockade (25.04.2013)
http://www.bbc.co.uk/news/business-22294108
Wikileaks Press release - Milestone Supreme Court Decision for WikiLeaks
Case in Iceland (24.04.2013)
http://www.twitlonger.com/show/n_1rjulqn
EDRi-gram: Banking blockade on Wikileaks broken by the Icelandic court
(18.07.2012)
http://www.edri.org/edrigram/number10.14/ruling-banking-blocade-wikile...
This article is also available in:
Deutsch: ENDitorial: Letzte Chance für die Do-Not-Track-Initiative des W3C
As we write this the W3C DNT working group is convening in Sunnyvale, California. This working group has been trying to come up with a mechanism to allow users to express their preferences regarding cross-context tracking of their web usage. This effort has been going on since September 2011 and with little result to show for it, despite various participants bending over backwards to meet the demands of the advertising platforms' apparent unlimited data hunger. The results so far instill little-confidence that this multi-stakeholder process will arrive to a consensus that meets an acceptable minimum standard for privacy of users. We fear that this will result in a counter-productive technical arms race that can only reduce the utility of the world wide web. Contrary to what many actors in the Data Protection Regulation legislative process think, this working group is not a good example of working industry self-regulation.
At this stage some minimum core principles of data protection have to be met to prevent this process from becoming a privacy farce:
1. Data minimisation
As it stands now, there is some lip-service being paid to this
principle, but on substance the current documents appear to be mostly
geared to justify as much data collection as possible. Especially the
parts about browser compliance appear to gear towards the idea that it
should be possible to provide pretexts to ignore non-consent to
tracking. Moreover, there is a worrisome tendency to confuse
pseudonymisation with anonymisation.
2. Siloisation
While we believe there are limits to data collection as a first party
(to use the standard's vernacular), the primary problem the working
group is supposed to tackle is data collection across different
contexts. The current editor's draft explicitly allows industry players
that both operate in a direct relationship with users as well as track
usage on behalf of other websites to correlate and cross-link such data.
This is a fundamental threat to privacy as well as enshrining the
current competitive landscape of social media in a (mostly) technical
standard. Contexts should be kept fully separate unless there is
explicit and informed consent from users for cross-correlation and
mixing of tracking data.
3. Knowing who the user deals with
For the purpose of providing informed consent it is essential for users
to know with whom they are dealing with. Right know the documents fail
to delineate the many parties that often are involved with a single web
page in way that is useful for this purpose. Another Another concept
that touches an essential part of the issue of various contexts is that
of 'affiliate' and the sharing of collected data with other parties.
Under EU law there is consent needed for sharing data with other parties
(meaning real third-parties, the vernacular of the drafted is
problematic here).
This is not an exhaustive list in the sense that it covers every little detail, it is about the fundamentals. And to our understanding of the current proposals, the fundamentals of it just aren't sound. And that is not a failure of the editors, it is a failure of the major web platforms to face the reality that their business models are incompatible with fundamental rights.
The goals of this standard should be to provide:
a) a meaningful opt-out mechanism, as well as
b) a meaningful opt-in mechanism against data collection across
different contexts.
So far we see little that satisfies either of these two goals.
This working group needs to have a drastic change of its course or to come to a mutual agreement to disagree and not have to let this drag on any further. There is no need to have it soil the good name of W3C any further than it perhaps already has. It is closing time.
DNT draft standard April 2013
http://www.w3.org/TR/2013/WD-tracking-dnt-20130430/
EDRi-gram: Most Internet users would use DNT settings if easily
available (13.02.2013)
http://www.edri.org/edrigram/number11.3/most-users-will-use-do-not-tra...
EDRi-gram ENDitorial: The Microsoft IE10 Do Not Track “controversy” (7.11.2012)
http://www.edri.org/edrigram/number10.21/microsoft-ie10-dnt
(Contribution by Walter van Holst, invited expert to the W3C DNT WG - EDRi member Vrijschrift - Netherlands)
This article is also available in:
Deutsch: Mitmachen!
Don't let big businesses strip you of your privacy rights!
Take control of your data!
https://www.nakedcitizens.eu/
This article is also available in:
Deutsch: Lesestoff
Twenty years of a free, open web (30.04.2013)
On 30 April 1993 CERN published a statement that made World Wide Web
technology available on a royalty free basis, allowing the web to flourish
http://info.cern.ch/
re:publica 2013 - Joe McNamee: Freedom of speech, nipples and the rule
of law (6.05.2013)
https://www.youtube.com/watch?v=REP4eqvwkR0
Global Coalition Of NGOs Call To Investigate & Disable FinFisher’s
Espionage Equipment in Pakistan (3.05.2013)
http://digitalrightsfoundation.pk/global-coalition-of-ngos-call-to-inv...
http://www.businessinsider.com/countries-with-finfisher-spying-softwar...
The Right to Share: Principles on Freedom of Expression and Copyright in
the Digital Age (25.04.2013)
http://www.article19.org/resources.php/resource/3716/en/
The Sky is Rising (2013)
Regional study of the entertainment industries in Germany, France, the
UK, Italy, Russia and Spain.
https://www.documentcloud.org/documents/561023-the-sky-is-rising-2.htm...
The Right to Blog (3.05.2013)
In this policy paper, ARTICLE 19 proposes a set of recommendations to
state actors and policy makers about what they should do to promote and
protect the rights of bloggers domestically and internationally.
http://www.article19.org/resources.php/resource/3733/en/the-right-to-b...
http://www.article19.org/data/files/medialibrary/3733/Right-to-Blog-EN...
This article is also available in:
Deutsch: Agenda
13-15 May 2013, Brussels, Belgium
Privacy Barcamp
http://www.edri.org/eudatap_camp
29 May 2013, Brussels, Belgium
Mission impossible – the Internet without borders?
Deutsche Welle and Reporters without Borders host a panel discussion on
the topic of internet censorship.
http://edri.org/docs/Invitation_BXL.pdf
30 May 2013, Gent, Belgium
BBA Belgium 2013
http://www.bigbrotherawards.be
8 June 2013, London, UK
ORGCon 2013
http://orgcon.openrightsgroup.org
20-21 June 2013, Lisbon, Portugal
EuroDIG 2013
http://www.eurodig.org/
25-26 June 2013, Barcelona, Spain
9th International Conference on Internet Law & Politics: Big Data:
Challenges and Opportunities.
http://edcp.uoc.edu/symposia/idp2013/?lang=en
25-26 June 2013, Washington, DC, USA
23rd Computers, Freedom and Privacy Conference (CFP)
http://www.cfp.org/2013
31 July – 4 August 2013, Geestmerambacht, Netherlands
Observe. Hack. Make. - OHM2013
https://ohm2013.org/
14-15 September 2013, Vienna, Austria
Daten, Netz & Politik 2013 - DNP13
https://dnp13.unwatched.org/
17-18 September 2013, Geneva, Switzerland
2013 Open Knowledge Conference (OKCon)
Call for Proposal is open until 24 May
http://okcon.org/call-for-proposals/
23-26 September 2013, Warsaw, Poland
Public Voice Conference 2013
35th International Data Protection and Privacy Commissioners conference
http://www.giodo.gov.pl/259/id_art/762/j/en/
24-25 September 2013, Brussels, Belgium
EU hackaton - hack4yourrights
This year’s theme is privacy
Application by 15 June 2013
http://2013.euhackathon.eu/
25-27 October 2013, Siegen, Germany
Cyberpeace - FIfF Annual Meeting 2013
http://www.fiff.de/