The Council of Europe Cybercrime Convention Committee (T-CY) held a hearing on 3 June 2013 in Strasbourg to collect views from civil society and the private sector on its plans to further extent Convention 185 provisions on transborder access to data through a draft additional Protocol. The proposal received strong criticism from most of the participant stakeholders (EDRI, ISOC, independent academics and privacy advocates, EuroISPA, and companies such as Google, Microsoft and LeaseWeb) as well as from the European Commission, the European Data Protection Supervisor, and even the Data Protection Unit from the same CoE Data Protection and Cybercrime Division.

First we had the US administration influencing the European Commission's drafting of privacy legislation, then we had the lobbying onslaught and the “lobbyplag” scandal. Now, we have absurd and misleading “studies” that make wild assumptions in order to come to outlandish conclusions regarding the “cost” of data protection. In the most recent example, the European Small Business Association launched a study on the alleged costs of the data protection reform at a breakfast (where, symbolically, no breakfast was served) in the European Parliament on 8 May.

Last week, European Digital Rights attended the second annual Stockholm Internet Forum which focused on two main themes: Internet Freedom and Security and Internet Freedom and Development. A novelty this year were the Unconference sessions.

This article is also available in:
Deutsch: Mitmachen!

Legal, illegal, whatever? Provocative privacy game “Data Dealer” released!
"Data Dealer" is a satirical online game about collecting and selling personal data. Players run all kinds of companies and online ventures - from dating sites and loyalty card systems to search engines and their own social web - and ruthlessly sell private information to clients of all kinds. Their growing data empires have to be defended against various threats, including competing players trying to hack into their databases, complaining citizens, critical media and pesky privacy activists.

On 14 May 2013, the German Federal Court ruled that Google auto-complete feature may, under certain circumstances, constitute an infringement of the personality right, under the German Civil Code and the German Basic Law.

Since April 2009, Google has introduced an "autocomplete" feature integrated into the search engine, which automatically brings forth suggestions, as word combinations, when a user enters a search in a window.

This article is also available in:
Deutsch: Russland ratifiziert die Datenschutz-Konvention 108 des Europarats

The Russian Federation strengthened its commitment to the protection of personal data by ratifying, on 15 May 2013, the Council of Europe (CoE) Convention for the protection of individuals with regard to Automatic Processing of Personal Data, also known as “Convention 108”.

Council of Europe Secretary General Thorbjørn Jagland received Russia´s instrument of accession from Alexander Alekseev, the Permanent Representative and Ambassador of the Russian Federation to the Council of Europe.

The Conventi

This article is also available in:
Deutsch: Apples Datenschutzpolitik verstößt gegen deutsches Recht

The Berlin Regional Court ruled on 7 May 2013 that 8 of Apple’s privacy policy clauses are infringing the German data protection laws and asked the company to rectify them.

The case was brought to court by the German consumer rights group Verbraucherzentrale Bundesverband (VZBV) which complained about 15 of Apple’s privacy clauses.

This article is also available in:
Deutsch: Beschwerden über die Untätigkeit der irischen Datenschutzbehörde in...

Ireland’s data protection authority, ODPC, seems to be deaf to citizens’ complaints against Facebook. According to the non-profit association "Europe versus Facebook", during the last two years, there have been about 1 000 complaints against Facebook which have not actually been processed by the Irish Data Protection Authority.

The association has made 22 complaints for which it has received only "non-binding reports" with shallow useless text.