Source: Out-law International effort on privacy protection is launched
Thursday, June 28, 2007
Even without having to look at the law itself (either data protection, privacy etc.) this report sheds light on how individuals (teens) protect their identities when using social networking such as MySpace.The majority of teens actively manage their online profiles to keep the information they believe is most sensitive away from the unwanted gaze of strangers, parents and other adults. While many teens post their first name and photos on their profiles, they rarely post information on public profiles they believe would help strangers actually locate them such as their full name, home phone number or cell phone number. At the same time, nearly two-thirds of teens with profiles (63%) believe that a motivated person could eventually identify them from the information they publicly provide on their profiles. A new report, based on a survey and a series of focus groups conducted by the Pew Internet & American Life Project examine how teens, particularly those with profiles online, make decisions about disclosing or shielding personal information. Some 55% of online teens have profiles and most of them restrict access to their profile in some way. Of those with profiles, 66% say their profile is not visible to all internet users. Of those whose profile can be accessed by anyone online, nearly half (46%) say they give at least some false information. Teens post fake information to protect themselves and also to be playful or silly.
Monday, June 18, 2007
There is much debate, and a number of competing initiatives, but the problems of identity and personal-information management over the Internet remain unsolved. These problems range from issues of convenience, such as requirements for multiple usernames and passwords, to the inability to carry out many transactions that require authentication of the user, to the security of systems that hold personal information, including identity information. Why do these problems persist? What are the opportunities in sight for moving ahead, and what risks are entailed in mitigating these concerns, including the failure to address these issues?
The Oxford Internet Institute organized a public panel to discuss this topic, chaired by Jonathan Bamford of the Information Commissioner's Office, and with a keynote by Sir David Normington, the permanent secretary at the Home Office. Other speakers include Professor Brian Collins (who combines the roles of academic, civil servant, and IT practitioner) and Dr Stefan Brands (an expert in privacy-enhancing technologies). The panel concludes with questions and an open discussion.
Wednesday, June 13, 2007
Google is not bound by the Data Retention Directive when it comes to search engine logs, Europe's data protection committee has said. Google has used the Directive to justify keeping data, but OUT-LAW has learned that the law does not apply. Google has come under increasing pressure in Europe to anonymise its server data, but the company says that it will wait until 18–24 months have passed before anonymising. Among its reasons for this was the Data Retention Directive. However, a senior European data protection official told OUT-LAW today that Google cannot rely on that law as justification for its retention. "The Data Retention Directive applies only to providers of publicly available electronic communications services or of public communication networks and not to search engine systems," said Philippos Mitletton. Mitletton works for the European Commission's Data Protection Unit, which itself is represented on the Article 29 Working Party, the committee of Europe's data protection authorities." Accordingly, Google is not subject to this Directive as far as it concerns the search engine part of its applications and has no obligations thereof," he said. Google offers other services that will be caught by the Directive – notably its email service, Gmail, and its internet telephony
service, Google Talk. If Google's search function were caught by the Directive, it could alarm operators of any site with a search function – i.e. most large websites – because potentially they would be similarly caught and therefore need to store details of every search conducted and the addresses of the computers that instruct each search.
Whilst this provides clarity over the scope of the Data Retentions Directive, one should not forget that we have the Data Protection Directive 95/46/EC (DPD) that applies to the automated processing of personal information and to a lesser extent manual files (if it can be shown that it formed part of a filing system such as card indexes) and the Directive on Privacy and Electronic Communications 2002/58/EC (complementing the DPD). For more on this, visit the European Commission, FSJ website at http://ec.europa.eu/justice_home/fsj/privacy/law/index_en.htm.
Tuesday, June 12, 2007
Monday, June 11, 2007
A data privacy watchdog is to be set up in India to oversee the country's IT industry amidst international concerns about the security of outsourced customer records and data. India does not have any data protection law equivalent to that in the UK and there have been recent cases of information being leaked from call centres to criminals who have then blackmailed the companies involved. The Data Security Council of India (DSCI) is being set up by Indian IT industry group Nasscom.
Tuesday, June 05, 2007
"We consider that in the area of data protection there is evidence of insufficient political appetite for protective measures as compared to law enforcement ones," said the Committee's just-published Third Report. "We note the Minister's expression of continuing Government support for the Data Protection Framework Decision. However, if proposals for a Framework Decision were to be superseded by the data protection provisions in the Prüm Treaty, we would have serious concerns as to whether these were adequate."
Here is the full-text of the report:
- "Inside the EU: the need for better protection" In this Report