Tuesday, March 23, 2010
Recommend blog posts
1) Hunton and Williams Privacy Law Blog -
2) Datanomy, the data protection weblog
3) European Digital Rights in Europe (EDRI)
4) Pogowasright - US focussed
5) Privacy Exchange - slightly outdated, but still relevant
6) European Commission: Data Protection Commissioners
7) PrivacyOS - European Privacy Open Space
Wednesday, August 12, 2009
ICO Consultation
The code will provide comprehensive, accessible guidance on the following broad areas:
- Operating a privacy-friendly website
- Rights and protections for individuals
- Privacy choices and default settings
- Cyberspace and territoriality
We intend to publish the code in May 2010, following a public consultation exercise.
Further details can be found here.Thursday, July 02, 2009
How well do you know your privacy policies?
The EFF on Thursday launched TOSBack.org, a "terms of service" tracker for Facebook, Google, eBay, and other major Websites. The idea is to give users an easy way of finding the privacy policies used by their favorite sites, and to be alerted when those policies change. TOSBack.org offers a real-time feed of changes and updates to more than three dozen policies from the Internet's most popular online services. Clicking on an update brings users a side-by-side, before-and-after comparison, highlighting what has been removed from the policy and what has been added, the EFF says. The issue of terms-of-service changes -- and how and why they are made -- was highlighted earlier this year when Facebook
modified its terms of use. Facebook users worried that the change gave the company the right to use their content indefinitely. After a user revolt, Facebook announced it would restore the former terms while it worked through the concerns users had raised "Some changes to terms of service are good for consumers, and some are bad," says EFF senior staff attorney Fred von Lohmann. "But Internet users are increasingly trusting Websites with everything from their photos to their 'friends lists' to their calendar -- and sometimes even their medical information. TOSBack will help consumers flag changes in the Websites they use every day and trust with their personal information."
Sunday, June 21, 2009
Art. 29 Working Party Opinion on SNS
Applicability of EC Directives
1. The Data Protection Directive generally applies to the processing of personal data by SNS, even when their headquarters are outside of the EEA.
2. SNS providers are considered data controllers under the Data Protection Directive.
3. Application providers might be considered data controllers under the Data Protection Directive.
4. Users are considered data subjects vis-à-vis the processing of their data by SNS.
5. Processing of personal data by users in most cases falls within the household exemption. There are instances where the activities of a user are not covered by this exemption.
6. SNS fall outside of the scope of the definition of electronic communication service and therefore the Data Retention Directive does not apply to SNS.
Obligations of SNS
7. SNS should inform users of their identity, and provide comprehensive and clear information about the purposes and different ways in which they intend to process personal data.
8. SNS should offer privacy-friendly default settings.
9. SNS should provide information and adequate warning to users about privacy risks when they upload data onto the SNS.
11. Users should be advised by SNS that pictures or information about other individuals, should only be uploaded with the individual’s consent.
12. At a minimum, the homepage of SNS should contain a link to a complaint facility, covering data protection issues, for both members and non-members.
13. Marketing activity must comply with the rules laid down in the Data Protection and ePrivacy Directives.
- Art. 29 Working Party Opinion (pdf)
Thursday, May 21, 2009
Rand Report
Sunday, May 17, 2009
Book Review
"The role of academics within the privacy advocacy community raises larger questions about the responsibility of intellectuals within the society. Should academic work be driven by the pressing social problems of the day?... Here is Stanley Fish's advice..."Do your job; don't try to do someone else's job, as you are unlikely to be qualified...don't confuse your academic obligations with the obligation to save the world; and don't surrender your academic obligations to the agenda of a non-academic constituency... don't cross the boundary between academic work and partisan advocacy, whether the advocacy is yours or someone
else's...The job of the academic is not to change the world, as Karl Marx said, but to interpret it"
Wednesday, April 29, 2009
Data Protection Developments
The Review of the EU Directive prepared for my Office by RAND Europe has been presented to participants at this conference as a draft. The presentation by Neil Robinson and Hans Graux has highlighted their main findings and short and long-term recommendations. Peter Hustinx has added some very perceptive and important observations. We plan to publish the final version of the RAND Report in May – shortly before the conference which has been convened by Commissioner Jacques Barrot. We have always been clear that the RAND study is intended to provide food for thought and to stimulate debate. It is a not a blueprint for reform, still less does it contain the draft of a new Directive. We are equally clear that any reform will take many years, but the debate must start somewhere. That debate has started here in Edinburgh today. As the draft Edinburgh Declaration which will be discussed tomorrow makes clear, the fundamental role for Commissioners in this debate is that of Leadership
The press release goes into detail over the strengths of the DPD including:
The Directive is comprehensive, broadly-drafted and sets out a basic framework
of protection, drawing on OECD and Council of Europe approaches.
• It sets standards which are widely seen as “High” and has a strong Human
Rights resonance, with sharp focus on fundamental rights’ and freedoms.
• It has given people important and usable access and other rights.
• The basic Data Protection Principles have stood the test of time well
and are flexible in their drafting and application.
• The Directive seeks to be largely neutral in terms of technology.
• The Directive can claim significant success in harmonising DP rules and promoting an internal market across the European Union.
The press release also identifies the following:
There must be more emphasis on the benefits of maximum and genuine transparency, for example:
• Privacy by Design and the use of published Privacy Impact Assessments.
• There is much more scope to encourage and require organisations to adopt Privacy Policies, make them easily available and – of course - hold them to account for fulfilment.
• There is more scope for trust marks, accountability agents and 3rd party certification.
• More controversially, perhaps, we can envisage greater use of self-certification.
• And we must improve the use and content of Privacy Notices, getting the right information to the right people in the right language at right time.
More details can be found in their press release (pdf).
Update: The full report is now available including its recommendations with commentaries from Out-law and H&W.