This article is also available in:
Deutsch: EU Datenschutzreform: Was wir jetzt tun können
The data protection reform has entered the “hot” phase. More than 4000 amendments have been tabled in the European Parliament and MEPs are now trying to find compromises in order to vote on the Albrecht report before the summer break.
Last week, a coalition of European and international civil rights groups (Access, Bits of Freedom, Digitale Gesellschaft, La Quadrature du Net, Open Rights Group, Panoptykon, Privacy International and EDRi) organised a three-day barcamp and activist safari to establish a small counterweight to the massive industry lobbying efforts in the Parliament over the past several months.
The nakedcitizens.eu campaign is a response to these unprecedented lobbying activities. It was kicked off with the publication of a report on 25 April which revealed that many of the tabled amendments threaten to critically undermine the privacy of EU citizens. The goal of last week's privacy camp, as a part of the campaign, was to put civil society activists and privacy advocates in touch with their Parliamentarians and to explain why some proposals would be damaging for EU citizens' privacy rights.
What you can do now
Since the compromise amendments are being discussed at this very moment, the time to act is now. If all goes well, the lead committee on Civil Liberties, Justice and Home Affairs (LIBE) will vote on these compromises before the summer break. You can find the most important points in the “naked citizens” report. There are several options to take action - depending on the amount of time you have:
2 minutes: Watch and share this short video via your social networks:
https://www.youtube.com/watch?v=8N2eYE6koe8
5 minutes: Send a postcard to your Parliamentarian via
http://nakedcitizens.eu.
10 minutes: the best way to have your voice heard is to be as specific and as personal as possible – so with just a few more minutes, you can send an email to conservative and liberal members of the LIBE committee via
http://www.privacycampaign.eu.
15 minutes: Call your Parliamentarians. You can do so to follow up on your emails. Calling is free of charge via the PiPhone:
http://piphone.lqdn.fr/campaign/call2/DataProtection-LIBE-all#mep
Links:
Naked citizens report: Don't let corporations strip citizens of their right to privacy
http://edri.org/files/2013-campaign-report.pdf
European Parliament report on the Data Protection Regulation and
Amendments
http://www.europarl.europa.eu/committees/de/libe/amendments.html?linke...
Contact details of all Members of the LIBE committee
https://memopol.lqdn.fr/search/?q=committees%3ALIBE%20is_active%3A1
(Contribution by Kirsten Fiedler - EDRi)
This article is also available in:
Deutsch: TTIP – ein flüchtiger Sieg der Hoffnung über die Erfahrung
The European Commission this week started providing some insight into its plans for the Transatlantic Trade and Investment Partnership (TTIP) – in an event in the European Parliament organised by Dutch Liberal MEP, Marietje Schaake and in a “civil society” meeting in the Commission itself.
Both meetings started very promisingly. The Commission explained that it wasn't seeking to harmonise intellectual property legislation in both jurisdictions and said that it would only include such issues where a problem was identified by stakeholders – just a narrow range of issues and only “geographic indicators” have so far been selected. So, great, only identified problems would be addressed. That would be an appropriate, balanced and conservative approach.
This begs an obvious question, however, which we asked the Commission during its “civil society” meeting. If the list of issues to be addressed in the “IPR chapter” is limited and only includes clearly identified problems, will the Commission undertake to publish details of each such problem that is addressed in the final draft? The Commission responded that it would not make such an undertaking, because it could not be expected to provide details of “every single detail” of the agreement tackling intellectual property. Suddenly, we had moved from a narrow, focussed exercise to address a small number of identified problems, to a list of measures that was potentially so long that it would be unreasonable to ask the Commission to explain what problems it was seeking to solve.
The Commission then addressed the issue of enforcement, which was so controversial in ACTA. It said that no domestic enforcement would be addressed but – bizarrely – the agreement will probably include enforcement in third countries. Suddenly, we had moved from a narrow, focussed exercise to address barriers to trade between the EU and US to the setting up a joint EU/US “Team America: World Police” in order to enforce we don't quite know whose law in we don't quite know which country. The big question is whether it will promote or acknowledge privatised enforcement by US companies abroad – as it currently happens via payment providers and Google's global implementation of the Digital Millenium Copyright Act.
At both meetings, the Commission was careful to stress that TTIP was not a “new ACTA”. This too provided five minutes of hope that lessons had been learned and the same old mistakes would not be made again. Then, the discussion turned to transparency and the Commission confirmed that, as things currently stand, the level of transparency would be identical to what was done with ACTA. More bizarrely, the European Parliament's International Trade Committee supports this disastrous model. The text adopted is as follows:
“Recalls the need for pro-active outreach and continuous and transparent engagement by the Commission with a wide range of the stakeholders, including business, environmental, agricultural, consumer, labour and other representatives, throughout the negotiation process, in order to ensure fact-based discussions, build trust in the negotiations, obtain proportionate input from various sides and foster public support by taking stakeholders' concerns into consideration; encourages all stakeholders to actively participate and put forward initiatives and information relevant to the negotiations”
To paraphrase Churchill - never in the history of mankind was so little meaning conveyed by so many words to such little effect...
On a positive note, at the Commission “civil society” meeting, officials broke their long-standing rule and commented on a leaked document. The leaked draft mandate refers, in the context of the cost of legislation, to the need to “otherwise achieve legitimate regulatory objectives”. This sounds very much like the kind of privatised enforcement proposed in ACTA and blind support for “self-regulatory” measures that replace legislation (and democratic scrutiny). The Commission's response was clear that “cooperative enforcement” and other forms of “self-regulation” are indeed what is meant by this text. The inclusion of “investor-state” measures in the mandate also adds a further level of corporate power to the initiative (see FFII link below).
Citizen groups at the event were heavily outnumbered by other parts of what the European Commission apparently considers to be “civil society”. Groups understood to be “civil society” by the European Commission in this context include the European Patent Office, the Transatlantic Business Council, the International Federation of the Phonographic Industry, the German Chemical Industry Association, the Confederation of British Industry, the Confederation of European Community Cigarette Manufacturers and Eurocommerce.
The plan is to finish the negotiations at the end of the current session of the European Parliament and the current mandate of the European Commission. Therefore, a vote on approval of TTIP is likely to take place at the beginning of the new session of Parliament – a safe distance from the next elections.
“Civil Society” meeting participants (17.05.2013)
http://edri.org/files/civilsociety17052013.pdf
Leaked EU Mandate (12.03.2013)
http://www.s2bnetwork.org/fileadmin/dateien/downloads/EU_Draft_Mandate...
Investor-state relations: ACTA is back, completed with investment
protections (10.07.2012)
http://acta.ffii.org/?p=1622
(Contribution by Joe McNamee - EDRi)
This article is also available in:
Deutsch: Proteste gegen die Verletzung der Netzneutralität in Deutschland
Internet activists in Germany demanded a free and open Internet on 16 May 2013, protesting in front of the annual general assembly of major German ISP Deutsche Telekom (DT). They criticized the company’s plans to slow down internet connections after a certain amount of traffic had been used. The worst part is that the company is violating the principle of net neutrality – internet services can buy their way out of those limits.
In April 2013, the former state-owned monopoly telecommunications company Deutsche Telekom AG announced plans to enforce traffic limits on their DSL customers. After transferring a certain amount of data, something like 75 gigabytes a month, DSL-connections would be slowed down to 384 Kbit/s instead of the original 16 Mbit/s. Imagine a car usually driving 50 km/h, but after driving for 1 000 km it is slowed down to 384 meters per hour – it’s functionality is broken.
Making matters even worse, DT also openly announced that internet companies could pay to be excluded from those customer limits. Which is already being done with the music streaming service Spotify: their traffic will not be counted for the customer limit – and Spotify will remain available at full speed even when its competitors are slowed down. The market leader is trying to kill the principle of net neutrality – that all bits are created equal.
Needless to say, this has created quite a stir in German media and among net activists. Together with many others, EDRi member Digitale Gesellschaft worked on stopping DT's plans and advocating for net neutrality. Active for two years already, the campaign site EchtesNetz.de explains the concept of net neutrality and provides simple explanations on why it is essential to have a free and open internet.
When the plans were announced, activists shifted into full-fledged campaign mode, for example with Drossl.de calculating that with the new rules, DSL-connections would only work for a few hours a month with their advertised speed – and fall back to the digital stone-age for the rest of the month.
The highlights however were the protests on 16 May 2013, at the annual general assembly of DT in the German town of Cologne. An assembly of activists protested in front of the shareholder meeting with a massive 13.5 × 4.5m banner right above DT's welcome banner – a cooperation of Digitale Gesellschaft and Chaos Computer Club. The event was continued with a protest march through the city and a simultaneous online demonstration “occupying” DT website.
Activists have lately struggled to explain the abstract concept of net neutrality to the public. With unexpected support from the major ex-state ISP, the concept is now known to more people than ever. The free and open internet is in danger and DT must not succeed with their plans. Other countries like the Netherlands, Chile, Slovenia, Argentina, Colombia, Brazil and Mexico have understood this – and passed laws enforcing a neutral net. Although the EU Commission has acknowledged its importance, it had failed to adequately regulate it. If the EU doesn’t do it, it is time for individual Member States to enshrine net neutrality into law.
Protect the free and open internet – enforce net neutrality!
Drosselkom: Offline and Online-Protests against ISP Plans to slow down Internet Connections – and for Net Neutrality (16.05.2013)
https://netzpolitik.org/2013/drosselkom-offline-and-online-protests-ag...
Net Neutrality campaign website(only in German)
http://echtesnetz.de/
See how throttling the DT connection would affect your bandwidth (only
in German)
http://drossl.de/
(Contribution by Andre Meister - EDRi observer AK Zensur, Germany)
This article is also available in:
Deutsch: Beschwerden über die Untätigkeit der irischen Datenschutzbehörde in...
Ireland’s data protection authority, ODPC, seems to be deaf to citizens’ complaints against Facebook. According to the non-profit association "Europe versus Facebook", during the last two years, there have been about 1 000 complaints against Facebook which have not actually been processed by the Irish Data Protection Authority.
The association has made 22 complaints for which it has received only "non-binding reports" with shallow useless text. There has been no critical investigation and no in depth review of Facebook’s submissions. The authority responds to complaints only with standardized e-mails and apparently, ignores entirely any requests for formal decisions.
In a case taken against Facebook, the "europe-v-facebook.org" group has also complained that it has been refused access to files and evidence.
Therefore five MEPs of several political groups submitted on 25 April 2013 a series of parliamentary questions to the European Commission in the matter. The questions included the following:
1. How many complaints has the Commission received under file number CHAP (2012) 01144? How have these complaints been followed up and dealt with in the Commission?
2. How does the Commission monitor the uniform transposition of the data protection provisions under Directive 95/46/EC in the Republic of Ireland and in the other Member States?
3. Does the Commission take the view that the aforementioned data protection provisions are transposed to the same extent in the various Member States?
4. What are the consequences of the proposed data protection package for the work and budget of the data protection authorities?
Facebook: EU Parliamentarians raise questions about situation around
Irish ODPC (10.05.2013)
http://www.europe-v-facebook.org/EN/en.html
Press Release - EU Parliamentarians get involved into Fight between
Students and Facebook.
EU Commission shall look into situation at Irish Data Protection
Authority (10.05.2013)
http://www.europe-v-facebook.org/pa_en_10_5_.pdf
Parliamentary questions - Enforcement of European data protection
standards in the Member States (25.04.2013)
http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-%2f%2fEP%2f%2fTE...
This article is also available in:
Deutsch: Apples Datenschutzpolitik verstößt gegen deutsches Recht
The Berlin Regional Court ruled on 7 May 2013 that 8 of Apple’s privacy policy clauses are infringing the German data protection laws and asked the company to rectify them.
The case was brought to court by the German consumer rights group Verbraucherzentrale Bundesverband (VZBV) which complained about 15 of Apple’s privacy clauses. The German legislation allows recognized consumer groups to sue companies over illegal terms and conditions. Apple had already signed a binding declaration to stop using 7 of the 15 clauses before the German suit was filed, the remaining 8 being invalidated by the court’s decision. The court’s decision reinforces that Apple cannot use generalised or global consent for how it uses its customers’ data. The company must specifically tell its customers what the data is used for. The court also prohibited Apple to merge the users’ data with other information it has as well as the exchange of personal information with "affiliates" and "strategic partners" and the processing of location data.
One of the things Apple argued in court was that the German law did not apply because personal information was not collected by a branch office in Germany, but the court rejected the argument stating that German consumers were subject to the German Law. The decision is not final therefore it can be appealed by Apple which made no statement in this sense.
Apple is also facing a privacy lawsuit in the U.S. over its information-sharing practices, being accused of improperly collecting data on its customers’ location through iPhones (even with the device’s geo-location feature turned off) and of sharing personal information with third parties.
Apple's user data-sharing takes a hit in Germany after court objects to
privacy policy (8.05.2013)
http://www.zdnet.com/apples-user-data-sharing-takes-a-hit-in-germany-a...
Apple’s Customer Data-Privacy Rules Struck Down by German Court (7.05.2013)
http://www.bloomberg.com/news/2013-05-07/apple-s-customer-data-privacy...
Illegal Apple’s data clauses (only in German, 7.05.2013)
http://www.vzbv.de/11558.htm
Landgericht Berlin: Apple's privacy rules are partly unlawful (only in
German, 8.05.2013)
http://www.spiegel.de/netzwelt/netzpolitik/landgericht-berlin-apples-d...
This article is also available in:
Deutsch: Russland ratifiziert die Datenschutz-Konvention 108 des Europarats
The Russian Federation strengthened its commitment to the protection of personal data by ratifying, on 15 May 2013, the Council of Europe (CoE) Convention for the protection of individuals with regard to Automatic Processing of Personal Data, also known as “Convention 108”.
Council of Europe Secretary General Thorbjørn Jagland received Russia´s instrument of accession from Alexander Alekseev, the Permanent Representative and Ambassador of the Russian Federation to the Council of Europe.
The Convention is today the only legally binding international instrument in its field. Open to any country, it has the potential to become a global standard, providing legal certainty and predictability in international relations.
The treaty will enter into force in respect of the Russian Federation on 1 September 2013. Russia is the 46th state to become a party to the convention.
Russia signs international data protection convention (15.05.2013)
http://www.neurope.eu/article/russia-signs-international-data-protecti...
Convention 108
http://www.conventions.coe.int/Treaty/Commun/QueVoulezVous.asp?NT=108&...
On 14 May 2013, the German Federal Court ruled that Google auto-complete feature may, under certain circumstances, constitute an infringement of the personality right, under the German Civil Code and the German Basic Law.
Since April 2009, Google has introduced an "autocomplete" feature integrated into the search engine, which automatically brings forth suggestions, as word combinations, when a user enters a search in a window. The displayed suggestions are made on the basis of an algorithm including the number of related search queries entered by other users. By introducing keywords into the search engine, users may thus obtain access to third party content posted to the Internet via a displayed list of related searches.
The case was brought to court by a public company and its CEO who had discovered that when introducing his name on google.de, Google's autocomplete suggested the terms “scientology” and "fraud".
This raises a serious question of possible defamation and it can create a serious possibility for anti-sale attacks just by introducing negative keywords related to certain companies or people, especially as there are several countries where there is no risk of legal liability for the use of the autocomplete feature.
In a decision that overruled two previous lower court decisions, the Federal Court decided that Google must ensure that the terms generated by auto-complete are not offensive or defamatory and that it must remove defamatory word combinations when notified.
Google has defended itself in the past by arguing that it has no control over the combinations of words that auto-complete suggests. The court took this into consideration by deciding that Google was legally liable only when becoming aware of a case of defamatory word suggestions. "The operator is, as a basic principle, only responsible when it gets notice of the unlawful violation of personal rights."
Autocomplete: can Google turn bad news into good profit? (14.05.2013)
http://ipkitten.blogspot.co.uk/2013/05/autocomplete-can-google-turn-ba...
Federal Supreme Court decides on the admissibility of personality
infringing of the Search addenda to "Google" (only in German, 14.05.2013)
http://juris.bundesgerichtshof.de/cgi-bin/rechtsprechung/document.py?G...
Germany tells Google to tidy up auto-complete (14.05.2013)
http://www.bbc.co.uk/news/technology-22529357
This article is also available in:
Deutsch: ENDitorial: Die European Privacy Association – gut, böse oder einfa...
The European Privacy Association, after being caught out for failing to respect the rules of the European Transparency Register, has issued a defence of its actions. An article published by IDG News Service describes Google, Microsoft and Yahoo as the “secret backers” of the organisation. The EPA, in its defence, explains that it is a “small organisation”, with a budget of 50 000 to 100 000 Euro. Furthermore, it is “primarily” a voluntary association.
As a “small” organisation, it has major corporations paying at least ten thousand Euro to it. This money is used to ensure the services of a former Member of the European Parliament and an Italian lobbying company (Competere). That lobbying company's personnel overlaps with that of the US lobbying organisation DCI Group. DCI Group lobbying specialism is using “3rd party organisations” to “re-frame” issues and define them in “more favourable terms”. This sounds more than a little like the European Privacy Association.
As a “small organisation”, that has used the services of both Competere and DCI Group, the EPA has managed to run an impressive number of plush lunches and breakfasts in the European Parliament. This year alone, there was:
The companies behind the European Privacy Association also appear to be making something of a habit of accidentally failing to disclose all relevant information in the Transparency Register. Only last year, an e-mail was sent by the “Initiative for a Competitive Marketplace” (iCOMP) to Members of the European Parliament. The e-mail included a transparency register number. However, the number was not that of iCOMP but of lobbying company Burston Marsteller, whose transparency register entry provided no reference at all to iCOMP. In reality, Microsoft was instrumental in setting up iCOMP and Burston Marsteller also represents Microsoft. As a result of a complaint to the Transparency Register, changes were made that were considered satisfactory by the Transparency Register secretariat and no sanctions were imposed.
Google, Microsoft and Yahoo are secret backers behind European Privacy
Association (20.05.2013)
http://www.pcworld.com/article/2039249/google-microsoft-and-yahoo-are-...
Complaint against EPA (15.05.2013)
http://corporateeurope.org/sites/default/files/attachments/complaint_e...
EPA Press Statement (17.05.2013)
http://www.europeanprivacyassociation.eu/agenda_news.php?function=read...
DCI Group
http://www.dcigroup.com/what-we-do
Microsoft Funding Anti-Google Trade Group Since 2007 (6.12.2010)
http://searchengineland.com/microsoft-funding-anti-google-trade-group-...
(Contribution by Joe McNamee - EDRi)
This article is also available in:
Deutsch: Mitmachen!
Legal, illegal, whatever? Provocative privacy game “Data Dealer” released!
"Data Dealer" is a satirical online game about collecting and selling
personal data. Players run all kinds of companies and online ventures -
from dating sites and loyalty card systems to search engines and their
own social web - and ruthlessly sell private information to clients of
all kinds. Their growing data empires have to be defended against
various threats, including competing players trying to hack into their
databases, complaining citizens, critical media and pesky privacy
activists. Data Dealer is a non-profit project, released under a Creative Commons license and based on HTML5 instead of Flash.
http://datadealer.com
http://datadealer.com/press
This article is also available in:
Deutsch: Lesestoff
Neelie Kroes responds to EDRi and BEUC: Old mantras and political
uncertainty for net neutrality in Europe (21.05.2013)
http://edri.org/NN-reply
Copyright in France: Wishful Thinking and Real Dangers (14.05.2013)
http://www.laquadrature.net/en/copyright-in-france-wishful-thinking-an...
See also Pierre Lescure report on culture at the digital era to French
(only in French)
http://www.culturecommunication.gouv.fr/Actualites/A-la-une/Culture-ac...
Report finds Gardai snooping on celebrities and sports stars (20.05.2013)
http://www.independent.ie/irish-news/report-finds-gardai-snooping-on-c...
Data rape and the impending privacy apocalypse (10.05.2013)
http://www.privacysurgeon.org/blog/incision/data-rape-and-the-impendin...
Latvia: Police Raid School Teacher for Uploading History Book for
Students (20.05.2013)
https://torrentfreak.com/police-raid-school-teacher-for-uploading-hist...
This article is also available in:
Deutsch: Agenda
29 May 2013, Brussels, Belgium
Mission impossible – the Internet without borders?
Deutsche Welle and Reporters without Borders host a panel discussion on
the topic of internet censorship.
http://edri.org/docs/Invitation_BXL.pdf
30 May 2013, Gent, Belgium
BBA Belgium 2013
http://www.bigbrotherawards.be
8 June 2013, London, UK
ORGCon 2013
http://orgcon.openrightsgroup.org
20-21 June 2013, Lisbon, Portugal
EuroDIG 2013
http://www.eurodig.org/
25-26 June 2013, Barcelona, Spain
9th International Conference on Internet Law & Politics: Big Data:
Challenges and Opportunities.
http://edcp.uoc.edu/symposia/idp2013/?lang=en
25-26 June 2013, Washington, DC, USA
23rd Computers, Freedom and Privacy Conference (CFP)
http://www.cfp.org/2013
31 July – 4 August 2013, Geestmerambacht, Netherlands
Observe. Hack. Make. - OHM2013
https://ohm2013.org/
14-15 September 2013, Vienna, Austria
Daten, Netz & Politik 2013 - DNP13
https://dnp13.unwatched.org/
17-18 September 2013, Geneva, Switzerland
2013 Open Knowledge Conference (OKCon)
Call for Proposal is open until 24 May
http://okcon.org/call-for-proposals/
23-26 September 2013, Warsaw, Poland
Public Voice Conference 2013
35th International Data Protection and Privacy Commissioners conference
http://www.giodo.gov.pl/259/id_art/762/j/en/
24-25 September 2013, Brussels, Belgium
EU hackaton - hack4yourrights
This year’s theme is privacy
Application by 15 June 2013
http://2013.euhackathon.eu/
27-30 September, Brussels, Belgium
Freedom not Fear 2013
http://www.freedomnotfear.org/
http://www.freedom-not-fear.eu
25-27 October 2013, Siegen, Germany
Cyberpeace - FIfF Annual Meeting 2013
http://www.fiff.de/
22-24 January 2014, Brussels, Belgium
CPDP 2014: Reforming data protection: The Global Perspective
Call for panels: 1 June 2013
http://www.cpdpconferences.org/