EDRI - Privacy

Bits of Freedom presents policy package against mass surveillance

bogdan — Wed, 04 Dec 2013 18:34:57 +0000

On 4 December 2013 the EDRi member Dutch digital rights organisation Bits of Freedom launched a website petitioning the Dutch government to take numerous concrete measures to end mass surveillance. It officially presented the policy package to the Minister of Interior Affairs the day before.

On the campaign website, bespied-ons-niet.nl (translated as: 'don't spy on us'), a wide-ranging package of policy measures is set out. These range from diplomatic measures, to stopping plans to provide the Dutch secret services with the authority to intercept internet traffic on a broad scale.

No warrant Internet spying by French authorities

bogdan — Wed, 04 Dec 2013 18:33:00 +0000

On 26 November 2013, the French National Assembly discussed the draft of the military programming law which could give the authorities the power to collect, without a judge warrant and in real time, telecom users’ data as a result of an amendment introduced by the Senate in first reading.

Presently the internal security code stipulates that the interception of electronic communications can be authorized in exceptional cases of investigations related to the national security and other serious crimes.

The draft proposes to complete the internal security code to explicitly authorize the gathering, from electronic communications providers, but also from hosting companies and Internet editors, any information or documents treated or kept by their electronic communications networ

Ireland: Google ordered to remove Knowledge Graph result

bogdan — Wed, 04 Dec 2013 18:31:49 +0000

On 28 November 2013, Google received an ex-parte interim order from an Irish court to block the publication of a photo image of convicted solicitor Thomas Byrne which appears as a search result alongside the profile of Irish Senator Thomas Byrne, a solicitor himself.

Google considers it cannot be held liable for what comes up in its search results, as it only creates a snapshot of content that is elsewhere on the internet and this so-called “caching defence” is covered by the EU’s e-commerce directive law, allowing ISPs to not be held liable for being a mere conduit for information.

However, Google is no longer a mere provider of search results reflecting the content of websites elsewhere on the internet as it currently offers a range of products and services that brin

Google in breach of the Dutch data protection act

bogdan — Wed, 04 Dec 2013 18:29:04 +0000

The Dutch Data Protection Authority has recently issued a report concluding that Google is in breach of the Dutch Data Protection Act, with its new privacy policy.

The report is a result of the investigations carried out at the initiation of the French data protection authority (CNIL) on behalf of all European data protection authorities united in the Article 29 Working Party, following the introduction of Google’s new privacy policy on 1 March 2012.

“Rebuilding Trust in EU – US Data Flows” - some lowlights

bogdan — Wed, 04 Dec 2013 18:25:45 +0000

On 27 November 2013, the European Commission finally published its Communication on the “Safe Harbor” agreement as part of a broader package on EU/US data flows.

Perhaps the most disappointing aspect of the Communication was the statement that the PNR agreement and other data sharing agreements work without substantiating any of those claims. Simply asking the United States if they breached the existing rules and blandly stating, in the absence of any credible evidence, that the agreements on passenger name records (PNR) and financial data tracking (TFTP) “meet the common security interests of the EU and US, whilst providing a high level of protection of personal data” provides no new information and offers no new insights.

EDPS: Still a lot of work to be done

bogdan — Wed, 20 Nov 2013 18:29:56 +0000

In a press release published on 15 November 2013, the European Data Protection Supervisor (EDPS), criticised the Commission proposal for a Regulation laying down measures concerning the European single market for electronic communications. The announced goal of this Regulation is to ease the requirements for communications providers, standardize wholesale products, aiming at harmonising the rights of end-users. In general, Hustinx approves the idea to include net neutrality, but points out that the Regulation provides the permission for abuses by the Internet Service Providers (ISPs) who would be legally allowed to manage and monitor the internet traffic of their users.

Microsoft and Skype may continue to send Europeans’ data to US

bogdan — Wed, 20 Nov 2013 18:27:43 +0000

On 18 November 2013, Luxembourg’s Data Protection Authority (National Commission for Data Protection - CNPD) decided that Microsoft and Skype subsidiaries in Luxembourg have not broken EU privacy law by sending Europeans’ data to the US, although we all know where this data goes.

As a response to a complain filed by Europe v Facebook activist group, CNPD considered that the data transfer was legal under the Safe Harbor agreement, through which US companies can self-certify they comply with EU-strength privacy standards, even though their country does not. Which means that we have to take their word for that.

“The fact finding operations conducted since July 2013 and the subsequent detailed analysis did not bring to light any element that the two Luxembourg-based compan

Europe v Facebook’s Irish complaint again on the table

bogdan — Wed, 06 Nov 2013 18:33:55 +0000

The Irish High Court has decided to review the lack of reaction of the Irish Data Protection Commissioner (DPC) in relation to the PRISM scandal.

This decision is a result of DPC’s reaction to student group Europe v Facebook (EvF) which had filed a complaint against Facebook Ireland Ltd, considering that it violated data protection laws by “exporting data” to its US-based parent company. "If a European subsidiary sends user data to the American parent company, this is considered an “export” of personal data. Under EU law, an export of data is only allowed if the European subsidiary can ensure an “adequate level or protection” in the foreign country,” stated EvF.

EvF also alleged that Facebook had cooperated with NSA within PRISM programme.

NSA's long data collection arm reaches everybody

bogdan — Wed, 06 Nov 2013 18:29:05 +0000

The new revelations from Snowden show that NSA seems to spy on everybody, allies or enemies alike, collecting data form everywhere and everyone, in order to get a “diplomatic advantage” over allies such as France and Germany or an “economic advantage” over countries such as Japan or Brazil. Or even more?

NY Times explains that not only NSA is demanding the data it gathers, but also other agency’s “customers” are asking for different data from NSA.

EU Council worries that data protection reform is too fast

bogdan — Wed, 06 Nov 2013 18:27:00 +0000

The recent EU Council allegedly decided to slow down the speed of the reform of data protection arguing that it was moving too fast. Germany, for example, was reportedly worried about "not moving too quickly". By a strange coincidence, this is exactly the same argument used by the main lobbying groups.