Friday, March 31, 2006
Tuesday, March 28, 2006
Here are the links to:
Tor is a toolset for a wide range of organizations and people that want to improve their safety and security on the Internet. Using Tor can help you anonymize web browsing and publishing, instant messaging, IRC, SSH, and other applications that use the TCP protocol. Tor also provides a platform on which software developers can build new applications with built-in anonymity, safety, and privacy features.
Friday, March 24, 2006
For more, see:
"The expectation of privacy by some Google users may not be reasonable," Judge Ware wrote, "but may nonetheless have an appreciable impact on the way in which Google is perceived, and consequently the frequency with which users use Google."
Questions should be raised over the extent in which Google holds the search requests of users. How long is it held and what are their policies? The Data Protection Directive 95/46/EC stipulates the conditions under which personal data are processed and applies within the European Union. The Directive on Privacy and Electronic Communications 2002/58/EC specifies the conditions under which "traffic data" (Art. 6) and "location data" (Art. 9) are held. More discussion and awareness is needed (whether academics, practitioners or the public) about the laws that apply to search engines.
Thursday, March 23, 2006
One-stop portal for critical resources about freedom of information laws and movements around the world. The site describes best practices and lessons learned, compares campaign strategies, and links the efforts of freedom of information advocates globally.
Anyway, well worth visiting!
Wednesday, March 22, 2006
Tuesday, March 21, 2006
Further to my earlier blog on ID cards bill, the House of Lords (HL) had rejected the ID cards bill yesterday and have suggested a compromise proposal to keep the scheme voluntary until 2011 – after the next general election. I am including:
We await to see whether the House of Commons will accept this compromise.
See also the latest blog:
Thursday, March 16, 2006
Wednesday, March 15, 2006
The Department is now seeking only 50,000 web addresses, of which it says it will look at 10,000. It has also reduced the number of search queries sought – down to 5,000 from one million. Of these, the Department says it will only look at 1,000.
However, there was also a hint by the judge that Google may have to comply with the demand for requests.
I think we will will have to wait until the judge makes the final decision rather than speculate the outcome, but once again, one will question how long Google or any other search engine company stores search engine results and what their policies are with regard to the retention of data (such as internet search engine requests). This brings me to the Data Retention Directive, but I will return to this issue at a later date.
- LA Times: US cuts back request for Google data
- The Digital Collegian: Google: Court ruling would result in slippery slope
Tuesday, March 14, 2006
Firstly, Google says it does not want to do the government's work for it, and secondly it says that it wants to protect its product. Thirdly, Google wants to show users that the company is serious about protecting their privacy.
In any case, questions are/will be raised on the extent Google holds users' data and whether users, as data subjects can request information held by Google either through their search engines or their email service. It would easier to make a data subject request if the user subscribed to Google's email service (now renamed Google mail) because there is the issue of proving one's identity for data inputted on a search engine. One will wait to see what the court's verdict will be.
Monday, March 13, 2006
Amendment 57 would change the substance of the rule applicable to violations of privacy, particularly by the press. The Commission cannot accept this amendment, which is too generous to press editors rather than the victim of alleged defamation in the press and does not reflect the solution taken by a large majority of Member States. Since it is not possible to reconcile the Council’s text and the text adopted by Parliament at first reading, the Commission considers that the best solution to this controversial question is to exclude all press offences and the like from the proposal and delete Article 6 of the original proposal. Other privacy violations would be covered by Article 5.
1. Where no choice has been made under Article 4, the law applicable to a non-contractual obligation shall be the law of the country in which the damage arises or is likely to arise, irrespective of the country in which the event giving rise to the damage occurred and irrespective of the country or countries in which the indirect consequences of that event arise.
2. However, where the person claimed to be liable and the person sustaining damage both have their habitual residence in the same country when the damage occurs, the non-contractual obligation shall be governed by the law of that country.
3. Notwithstanding paragraphs 1 and 2, where it is clear from all the circumstances of the case that the non-contractual obligation is manifestly more closely connected with another country, the law of that other country shall apply. A manifestly closer connection with another country may be based in particular on a pre-existing relationship between the parties, such as a contract that is closely connected with the non-contractual obligation in question. For the purpose of assessing the existence of a manifestly closer connection with another country, account shall be taken inter alia of the expectations of the parties regarding the applicable law.
For more details about this, see:
- VoIP - guidance by the German Data Protection and Freedom of Information (in German)
- VoIP - Part 2 (in German)
- BFDI: Communications
Thursday, March 09, 2006
- A living individual must be able to be identified from the data in question. In the Durant case, the Court of Appeal did not focus on this element of the definition; and
- The data must 'relate to' the individual identified. It is this issue with which the Court was most concerned, explaining ‘relate to’ as “information that affects [a person’s] privacy, whether in his personal or family life, business or professional capacity”.
Whatever the case may be, the ruling in Durant stands until we hear anything more.
Tuesday, March 07, 2006
It also provides additional details to senders: the date and time when the email was opened; where, geographically, the email was opened; for how long; and whether it was forwarded.
Subscribers who use Yahoo!, Hotmail or AOL email services can simply add ".didtheyreadit.com" to the end of a recipient's e-mail address to have an email tracked. Users of Outlook simply download a piece of software to add the secret tracking ability.
While services are being offered (such as the one above) to users, there is still a need for greater awareness by companies to ensure that they do not infringe data protection laws. Otherwise, we may find that recipients to such services invoking the data protection laws to protect their privacy rights!
Monday, March 06, 2006
I am including details of the latest press release, Parlimentlive TV (once the clip is available), the ID card bill and UK OIC's view on ID cards.
Although the bill is going through Parliament, we need to be reminded whether the bill is proportionate or goes further than what is necessary (ie. holding biometric data such as fingerprints/irises)? Similarly, it is hard to see how a database containing everyone's personal data could reconcile with the need to safeguard fundamental data protection principles such as fair processing? This is particularly the case if this data should become available to commercial organisations - no plans as yet, but the possibility is still there and we should not quickly dismiss this option!
Thursday, March 02, 2006
Larry Frankel, the Pennsylvania legislative director for the American Civil Liberties Union, was among several people who argued that criminal case records should not be on the Internet before a defendant is adjudicated guilty. Frankel said many people wrongly consider an arrest equivalent to a conviction.
The report raises broader issues about the general publication of personal information online. It should be added that the US does not have data protection laws, but have an arrangement known as Safe Harbor between the US and the EU. It is unclear at this stage how much personal information should be included in a court record, but there was some discussion about whether to include date of births. However, there is some concern (see below):
The 13,000-lawyer Philadelphia Bar Association believes posting information about someone who has not been found guilty could unfairly tarnish their reputation, said Alan M. Feldman, the association's chancellor.
Certainly, the potential of confusion between individuals (without further detailed information such as d.o.b) may arise, but at the same time, one is wary about the amount of personal data that should be available in a court record online. This is certainly a difficult area, but it would be interesting to see what kind of policy is formulated.
Wednesday, March 01, 2006
The Data Protection Act gives everyone a right to see information that is held about them including any opinions,” said David Smith, Deputy Information Commissioner. “Professionals need to be aware of this and understand what action is required when an individual challenges one of their opinions."