Thursday, 29 January 2009

EU mulls new data protection initiatives

Source: euractiv.com

As Europe celebrated its third 'data protection day' yesterday (28 January), the European Commission announced plans to tighten the relevant rules. Meanwhile, EU privacy authorities are focusing on Internet search engines' data storage and street viewing software.
Brussels will launch a Europe-wide public consultation by April on how to reinforce data protection. "We have to reflect on the possible necessity of modernising the existing legal framework to respond to the challenges posed by new technologies," said EU Justice and Home Affairs Commissioner Jacques Barrot during a conference in the European Parliament yesterday (28 January).

An expert group set up by the Commission is currently studying possible innovations that could help update the Data Protection Directive , which dates back to 1995. Many issues are at stake, including extending the concept of personal data to IP addresses and cookies, which allow very detailed profiles of Internet surfers to be created, although they only provide indirect identification of users (EurActiv 05/12/08).

National privacy regulators have already issued an opinion in favour of broadening the list of personal data to include IP addresses and cookies. They will further discuss the issue at their next meeting on 10-11 February, when they will also address the duration of data retention by search engines.

Google, Yahoo, and MSN store information (cookies) on Web users' computers. By retrieving the cookies, they put together detailed profiles of users every time they access the Web. This improves the quality of services offered: thanks to cookies, there is no need to retype passwords in accessing a restricted area, for example. However, such data reveals much about the user, and it is often used for sending unsolicited and targeted advertising.

EU data protection authorities, brought together in the 'Article 29 Working Party', proposed a six-month retention period for cookies. Search engines offered various reactions to the plans. Google, whose business model is highly reliant on personal data, voluntarily cut its retention period from 18 to nine months. Microsoft abided by the six-month proposal, seizing upon it as a possible standard for the industry (EurActiv 10/09/08).

Representatives of the two US giants will participate in the data protection meeting in February, together with delegates from Yahoo, and Ixquick. No decisions are expected to be taken at the meeting, but a new opinion on the issue from the Article 29 Working Party is expected in the coming months, according to sources close to the dossier.

The other delicate subject on EU privacy authorities' table in the coming months is the potential risks posed by "panoramic street-level view services," made famous by the Google's successful Street View. Such software makes it possible to look at cities right down to street level, with cars, people and shops.

First introduced in the US, Street View has already been launched in France, Italy and Spain. EU regulators discussed the service, "as it raises privacy and data protection concerns," according to a press release recently issued by the Article 29 Working Party.

Google blurs faces, car plates and other features that could allow the identification of people, but problems could arise from the storage of the massive amount of pictures required to enable the service and which Google has already collected. "Data protection rules might be applicable," the European data protection supervisor, Peter Hustinx told EurActiv.

In such a case, Google must ask the prior consent of those who appear in the pictures, even if blurred. The service could thus find itself hit heavily. "We will work with all relevant institutions and authorities and we look forward to providing any additional information that may be requested," commented Peter Fleischer, global privacy counsel at Google.

To celebrate the third data protection day, a conference was held yesterday (28 January) in the European Parliament to raise awareness among young people of the privacy and security risks hidden in the Internet.

As underlined by Barrot, "in the 15-24 age group, only 33% are aware of their rights in relation to their own personal data," despite being the main users of the Internet and social networking websites, such as MySpace or Facebook. "They are exposing their everyday lives online without being aware of the risks the online activities could entail," he said.

Thursday, 15 January 2009

UK Information Commissioner's Office launches public consultation on a Privacy Notices Code of Practice

The UK's Information Commissioners Office (ICO) has launched a public consultation prior to publishing a Privacy Notices Code of Practice. The Code of Practice will help organisations to draft clear privacy notices and make sure that they collect information about people fairly and transparently. The Code contains good and bad examples that organisations will be able to use to help draw up their own privacy notices.We would welcome your comments on the draft code of practice by Friday 3 April 2009.

How to respond
Please use the response form for submitting your comments. Forms should be saved in Word format and emailed to: consultations@ico.gsi.gov.uk . Alternatively you can print out this form and post to: Data Protection Development Team, ICO, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.Click on the titles below to view the draft code of practice and the consultation response form.
Draft Privacy notices code of practice
Privacy notices code of practice: consultation response form

EU to launch biometric passports by summer

From euobserver.com

MEPs on Wednesday (14 January) backed new rules on the introduction of biometric passports throughout the EU later this year, while exempting children under 12 years from having fingerprints included in their passports.
The rules were approved at a first reading by an overwhelming majority of MEPs – 594 against 51, while 37 abstained.

The parliamentarians underlined the need to improve document security in the EU by introducing "more reliable biometric data, namely fingerprints," and highlighted the different criteria member states currently apply when checking the passport applicants' identity.

Continue reading here: http://euobserver.com/9/27407/?rk=1

Friday, 9 January 2009

Libel Tourism: Are English courts stifling free speech around the world?

From The Economist 8 January 2008

SEEN one way, it is nothing short of a scandal. Small non-British news outlets and humble non-British authors (in many cases catering almost wholly to a non-British public) are being sued in English courts by rich, mighty foes. The cost of litigation is so high ($200,000 for starters, and $1m-plus once you get going) that they cannot afford to defend themselves. The plaintiffs often win by default, leaving their victims humiliated and massively in debt.

Click here to continue reading: http://www.economist.com/world/international/displaystory.cfm?story_id=12903058