Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Category Archives: EU Data Protection

CRI/CIR advises Belgian Privacy Commission in Facebook investigation

“In December 2014, Facebook announced that it would revise its Data Use Policy and Terms of Service. At the request of the Belgian Privacy Commission, ICRI/CIR (KU Leuven), in cooperation with iMinds-SMIT (Vrije Universiteit Brussel) conducted an extensive analysis of Facebook’s revised policies and terms. Facebook rolled out its new policies and terms on January 30, 2015. In the text, Facebook authorizes itself to (1) track its users across websites and devices; (2) use profile pictures for both commercial and non-commercial purposes and (3) collect information about its users’ whereabouts on a continuous basis. Facebook announced the changes more than a month in advance, but the choice for its +1 billion users remained the same: agree or leave Facebook.  To be clear: the changes introduced in 2015 weren’t all that drastic. Most of Facebook’s “new” policies and terms are simply old practices made more explicit. Our analysis indicates, however, that Facebook is acting in violation of European law. First, Facebook places too much burden on its users. Users are expected to navigate Facebook’s complex web of settings (which include “Privacy”, “Apps”, “Adds”, “Followers”, etc.) in search of possible opt-outs. Facebook’s default settings related to behavioural profiling or Social Ads, for example, are particularly problematic. Moreover, users are offered no choice whatsoever with regard to their appearance in “Sponsored Stories” or the sharing of location data. Second, users do not receive adequate information. For instance, it isn’t always clear what is meant by the use of images “for advertising purposes”. Will profile pictures only be used for “Sponsored Stories” and “Social Adverts”, or will it go beyond that? Who are the “third party companies”, “service providers” and “other partners” mentioned in Facebook’s data use policy? What are the precise implications of Facebooks’ extensive data gathering through third-party websites, mobile applications, as well recently acquired companies such as WhatsApp and Instagram?  At the request of the Belgian Privacy Commission, ICRI/CIR, in close cooperation with iMinds-SMIT, drafted a report analysing Facebook’s revised policies and terms. The report forms part of the documentation upon which the Privacy Commission will rely in the course of its further investigation. The Belgian Privacy Commission is also part of a European task force, which includes data protection authorities from the Netherlands, Belgium and Germany. ICRI/CIR and iMinds-SMIT will continue to support the Privacy Commission in the context of its investigation and future updates to the report will also be shared with their German and Dutch colleagues. You can download the latest version of the report here.”

UK Interception of Communications Code of Practice

Via The Register: “The UK government slipped out consultation documents on “equipment interference” and “interception of communications” (read: computer hacking by police and g-men) on Friday. They were made public on the same day that the Investigatory Powers Tribunal ruled that the spying revelations exposed by master blabbermouth Edward Snowden had accidentally made British spooks’Continue Reading

UK Tribunal Rules Secret Surveillance Unlawful

The Intercept: “The United Kingdom’s top surveillance agency has acted unlawfully by keeping details about the scope of its Internet spying operations secret, a British court ruled in an unprecedented judgment issued on Friday. Government Communications Headquarters, or GCHQ, was found to have breached human rights laws by concealing information about how it accesses surveillanceContinue Reading

Council of Europe Report on Mass Surveillance

Provisional version – Committee on Legal Affairs and Human Rights – Mass surveillance. Rapporteur: Mr Pieter Omtzigt, Netherlands, Group of the European People’s Party. “Our freedom is built on what others do not know of our existences” Alexandr Solzhenitsyn. A Draft resolution 1. The Parliamentary Assembly is deeply concerned about mass surveillance practices disclosed sinceContinue Reading

Foreign Intelligence Gathering Laws

Library of Congress – “This report contains information on laws regulating the collection of intelligence in the European Union, United Kingdom, France, Netherlands, Portugal, Romania, and Sweden. The report details how EU Members States control activities of their intelligence agencies and what restrictions are imposed on information collection.  All EU Member States follow EU legislationContinue Reading

Law Enforcement Without Borders

CDT – “A critical case is now working its way through the US courts—one that raises important questions for users and providers of cloud services in both the US and Europe. As part of a US criminal investigation, a US federal court has ordered Microsoft to hand over a customer’s files that the company holdsContinue Reading

Oxfam’s new report on global inequalty

“From Ghana to Germany, South Africa to Spain, the gap between rich and poor is rapidly increasing, and economic inequality has reached extreme levels. In South Africa, inequality is greater today than at the end of Apartheid.The consequences are corrosive for everyone. Extreme inequality corrupts politics, hinders economic growth and stifles social mobility. It fuels crimeContinue Reading

Berlin Weighs Possible Hit to U.S. Tech Firms

WSJ – “German politicians are debating a new Internet-security law that could exclude U.S. technology companies from Germany’s digital economy, a sign Berlin is beginning to press its commercial advantage after revelations of spying by the NSA. The draft law, which is still being hammered out, envisions new requirements like revealing source code or other proprietaryContinue Reading

Libraries may digitize books without permission, EU top court rules

Loek Essers – PC World: “European libraries may digitize books and make them available at electronic reading points without first gaining consent of the copyright holder, the highest European Union court ruled Thursday. The Court of Justice of the European Union (CJEU) ruled in a case in which the Technical University of Darmstadt digitized a book published byContinue Reading

European Facebook Users Privacy Lawsuit Moves Forward

EPIC: “A group of over 25,000 European Facebook users may proceed with their lawsuit against Facebook. The users, led by privacy activist Max Schrems, sued Facebook in a court in Vienna. The users charge Facebook with violating EU privacy law by improperly handling users’ data. Now that the court has approved the class action suit, Facebook must respond toContinue Reading

The transfer of personal data to third countries and international organisations by EU institutions and bodies

European Data Protection Supervisor – The transfer of personal data to third countries and international organisations by EU institutions and bodies. Position paper. Brussels, 14 July 2014. “This paper provides guidance to EU institutions and bodies on how to interpret and apply the rules laid down in Regulation (EC) No 45/2001 in the context of international transfers of personalContinue Reading

CDD Files Complaint on U.S./EU Safe Harbor for Data Privacy at FTC

Filing Reveals Failure of U.S. Agreement to Protect European Privacy – “The key framework that is supposed to protect EU citizens’ privacy when their data is collected by U.S. companies—known as the U.S.-EU Safe Harbor—is failing to provide them the safeguards that were promised, according to a complaint filed today by a leading U.S. consumer privacyContinue Reading