My Digital FootPrint

  With 27 countries in the European Union there are, unsurprisingly, 27 different interpretations of Europe's new e-privacy rules. The layer of complication is added as the e-privacy law has been issued as a directive, a form of legislation that lets every E.U. country fashion its own domestic law, as long as they honour the spirit of the directive.  The result is that Europe's internet privacy regulations are a quagmire, aggravated by the E.U. taking a hard line with cookies by requiring opt-in consent for every website, making it difficult to put the new rules into practice. The E.U. directive on online privacy was supposed to become law in each country by May 2011, but in March 2012 that's only happened in 11 of the 27 countries. Some of the biggest, like Germany, Spain, and Italy, are still missing. (Luxembourg, however, is in!) The U.K. and France have taken a pragmatic approach, interpreting consent if consumers don't opt out, even if that isn't exactly what

 

Tomorrow (Wednesday 18 th Jan 2012)   Wikipedia will black out , friends will not Tweet and I am sure other activities will occur to protest for Stop Online Piracy Act (SOPA) in the US. This post is not about why I support but more of a reflection about action.  I have never been able to strike or stop work as I have been self employed or in growth companies for just about my entire working career. But I now have the choice to make my view known.  Many of us watched in awe as several counties used the Internet to bring about regime change and have enjoyed free services in exchange for our data and advertising. It feels good that we can now raise a peaceful protest and have a voice, but how did we get to this point?  I am left wondering how it is that the US even got as far as they did with the proposals and who’s voice is the true voice Government listens to until we protest.  Why is it that we protest late and not early? Within the EU we are facing the same issue with policy and

A "COPYRIGHT INFRINGEMENT AND ENFORCEMENT IN THE US" study has found that we appeared to be prepared to pay for online content ...... The American Assemble survey , a respected think-tank, shows that illegal file sharing among family and friends is relatively common – but that people would prefer to use a legal alternative if one was available at the right price and usage point. Preliminary Conclusions “P IRACY ” IS COMMON . S OME 46% OF ADULTS HAVE BOUGHT , COPIED , OR DOWNLOADED UNAUTHORIZED MUSIC , TV SHOWS OR MOVIES . T HESE PRACTICES CORRELATE STRONGLY WITH YOUTH AND MODERATELY WITH HIGHER INCOMES . A MONG 18-29 YEAR OLDS , 70% HAVE ACQUIRED MUSIC OR VIDEO FILES THIS WAY . · L ARGE - SCALE DIGITAL PIRACY IS RARE , LIMITED TO 2% OF ADULTS FOR MUSIC (>1000 MUSIC FILES IN COLLECTION AND MOST OR ALL COPIED OR DOWNLOADED FOR FREE ) AND 1% FOR FILM (>100 FILES , MOST OR ALL FROM COPYING OR DOWNLOADING ). · L EGAL MEDIA SERVICES CAN DISPLACE PIRACY . O F THE 30% O

If a trust framework for an digital identity systems is a “certification” program that enables a party who accepts a digital identity credential (relying party) to trust the identity, security, and privacy policies of the party who issues the credential (identity provider) and vice versa. Then the purpose of the Trust Framework is to define a simple set of principles and rules to which all members of a digital trust network agree so that they may then share identity and personal data with a high degree of confidence that it will be safe and only used as authorized. Using the Five Principles of the Respect Trust Framework from http://connect.me/c/trust member should be able to agree to uphold these 5 principles when they use services: Promise Members promise to respect the right of every other member to control their identity and personal data. Permission Members agree that all sharing of identity and personal data and sending of communications will be by permission,

This is a new (US) study on COPPA policy implications that affect the internet. COPPA, is the U.S. legislation that prompts most major U.S. companies to make their websites 13+. The regulation is currently being reviewed by the Federal Trade Commission Title: "Why Parents Help Their Children Lie to Facebook About Age: Unintended Consequences of the 'Children's Online Privacy Protection Act'" Authors: Danah Boyd (Microsoft Research/NYU), Eszter Hargittai (Northwestern), Jason Schultz (UC-Berkeley), and John Palfrey (Harvard) Topline: A major new nationwide study released today shows that many parents know that their underage children are on Facebook in violation of the site's restrictions. Parents are often complicit in helping their children join the site. These new data suggest that, by creating a context in which companies choose to restrict access to children, the Children's Online Privacy Protection Act (COPPA), which is currently under review,

October 2011 CDT released a paper on Data Retention Mandates: A Threat to Privacy, Free Expression, and Business Development. Data retention is an Internet policy and human rights issue that has arisen throughout the world, from Argentina to South Africa, from the US and Europe to South Korea. These policies are often driven by law enforcement dissatisfaction with the amount of information that service providers collect and retain in the ordinary course of business.  In response, governments have imposed or considered legal mandates requiring service providers to retain certain data about all of their users for specified periods of time, even when that data no longer is needed for a business purpose, and even where only some users are suspected of wrongdoing. Generally, under these data retention mandates, the data must be collected and stored in a manner such that it is linked to users' names or other identification information. Government officials may then request access to t

CDT joined in a  "friend of the court" brief   filed at the U.S. Supreme Court in what could be one of the major Fourth Amendment cases of the decade, U.S. v. Jones, which poses the question of whether the police can plant a GPS device on a person's car for 24/7 tracking without judicial oversight. The brief says: The issue before the Court in this case is not whether GPS tracking ever may be used by the government. Rather, it is whether the government must obtain a warrant in order to employ this technology. CDT's brief was filed jointly with our frequent partner in Fourth Amendment cases, the Electronic Frontier Foundation.  Several things make the brief special.  First, it is also signed by four technologists, whose expertise lends special credibility to the brief.  Moreover, one of the four is Roger Easton, often called the father of GPS for his groundbreaking work at the Naval Research Laboratory.  The other three represent the current generation of experts

Via Olswang The Information Commissioner's Office has published guidance to give businesses a "starting point for compliance" with new rules requiring opt-in consent to the use of cookies. The new UK legislation comes into force on 26 May. The Government continues to work with browser manufacturers on a browser-based solution, but the ICO stresses that businesses do need to take compliance steps now, not simply wait and see. The new rules and ICO guidance: what three steps should businesses take now? The background to these changes will now be familiar to many of our readers - but for a quick recap please see our April 2011 update here . In short, the obligation on websites using cookies is being "upped" from a requirement for clear and comprehensive information about cookie use (and the opportunity to refuse cookies) to a requirement for opt-in consent. The new rules are set out in Regulation 6 of the Privacy and Electronic Communications (EC Directive)

Another European Union privacy group has published a document with recommendations about location privacy the problem is that it will inform those who are influential in the EU but not really understanding the wider implications and unintended consequences. The paper is published by "Article 29 Data Protection Working Party", which is part of the justice division of the EU, and is formed by a representative in charge of data protection (privacy) in each EU member state. When the Article 29 group puts out an opinion, its recommendations can be followed by either individual EU states or the EU itself and they did set limits on how long search engines should be retaining their search data.  The recommendations aren’t law but they do appear to go far above and beyond what's been discussed so far in the U.S. just as Google,  Apple, Sony and Nintendo are being interrogated about their policies when it comes to user data its use and ownership. The key recommendations are:

An good article has been posted on BNET  titled "New Privacy Laws in India and China Could Make IT Outsourcing Ugly"  worth reading in full. Essentially the article by Eric Sherman points forward the issues that new privacy laws being proposed by India and China could make the task of outsourcing very mush more difficult. Specially there is a call from the US government for the following: Those that hold personal data must receive explicit consent to divulge that data to third parties. There are specific restrictions “during the collection, processing, use, transfer and maintenance of personal information.” Personal data cannot be exported unless specifically allowed by law or government authorities.    The implication is that we must be prepared for the real cost of protecting data  however are we in danger of paying to guard some data that is already public and some that has close to no other value. Whatever the case there are always unintended consequences o

Argument preview: How broad is the right to mine data? by Lyle Denniston The US Supreme Court held a one hour of oral argument on 26th April on the scope of constitutional protection for the modern phenomenon of “data-mining,” the creation of usable information out of masses of stored computer entries.  The case is  Sorrell, et al., v. IMS Health, et al.  (10-779 ).   Arguing for the state of Vermont, defending a law that limits the commercial use of such data, will be an assistant state attorney general, Bridget C. Asay of Montpelier.  Supporting such regulatory efforts, for the federal government, will be Deputy U.S. Solicitor General Edwin S. Kneedler, with ten minutes of time.  Speaking for data-mining companies and pharmaceutical manufacturers will be Thomas C. Goldstein of Goldstein, Howe & Russell in Washington, D.C.   Whilst it is an interesting question, the question should not be about the right to mine but the right to accept/ opt out of the offer of a barter (da

A Council of Europe members propose resolution on 'Improving user protection and security in cyberspace" "The Parliamentary Assembly is concerned that technological and commercial innovations in Internet and other digital information and communication media are taking place without an adequate analysis of the interests of the weakest part in this process: the user or consumer. For nearly a century, consumer protection principles have been established for traditional commerce of goods and services. However, they are more or less absent in modern cyberspace. Voluntary self-regulation by Internet stakeholders falls short of the legitimate expectations of protection. In their use of the Internet, people come into contact with a multitude of intermediaries and software applications of third parties without knowing. Users of mobile communication devices change their intermediaries while moving. The Internet of things, cloud computing, social networks, peer-to-peer network

From 25 May 2011, the methods used by websites to track visitors and tailor ads to their behaviour will change as European laws ( EU’s Privacy and Electronic Communications Directive ) dictate that "explicit consent" must be gathered from web users who are being tracked via text files: "cookies", which are widely used to help users navigate faster around sites they visit regularly. The changes are demanded by the European e-Privacy directive which comes into force in the UK in May. It is widely accepted that the section of the directive dealing with cookies was drawn up in an attempt to protect privacy and, in particular, limit how much use could be made of behavioural advertising. However, it is likely to have an impact on the more general use of cookies that remember login details and enable people to speed up their use of sites they visit regularly. The IAB has created a site that  explains how behavioural advertising works  and lets people opt out of it.

Viviane Reding (VP European Commission) is making sure that the message is clear that non-EU companies have to adhere to the new stringent EU privacy laws?   Speech Any company that is active within the 27-nation region of the EU or even possesses a digital product line targeting an European audience must adhere to EU standards.  The new rules go even further than controversial American “ Do Not Track ” initiatives.  This EU initiative proposes to create national watchdog agencies across Europe to investigate and launch national and EU-wide legal proceedings, presumably with the possibility of civil damages awards against violators. " A U.S.-based social network company that has millions of active users in Europe needs to comply with EU rules ," says Reding " Privacy standards for European citizens should apply independently of the area of the world in which their data is being processed. " Worthy of note in the EU proposals for non-EU companies are:- Compa

What do you consider personal information was the based question for research conducted by Ball State University's Center for Media Design published Feb 2011 and the reports finds that the notion of privacy is actually "situational," and depends on the context of the consumer, the nature of their information being tracked, and the organizations that are tracking it. The report is worth reading  " Notions of Privacy: Ignorance, Illusion or Miscommunication ," They have also supplied an excellent interactive infographic (main illustration) The work is very good and whilst it does lack the sense of global diversity around the world (different geographies what is personal very different), it does highlight that people have strange views about data.  Some data that people highlight as private is indeed public already and therefore the work represents the confusion between “what we would like/ believe we have as privacy and what we have in reality” Part 2 of t

Close to dark side thinking I believe and it starts from the wrong point. They question again is why regulate storage of data.  All data should be thrown away. Regulate collection and maybe what can be done with analysis.  My view is that the existing framework is broken and is not suitable for adaptation. However, I expect it will all happen and have passed by the time the regulator catches up. Parliament would like more privacy and security in relation to the internet of things The European Parliament welcomes the development of the internet of things (IoT) but asks the Commission to set up a clear legal framework on the security, safety, privacy and protection of personal data in relation to the IoT. It also points out concerns on other issues not directly related to the IoT, including on the legal uncertainty surrounding cloud computing. The resolution adopted on June 15, 2010 also proposes that the Commission should carry out a detailed assessment of a number of issues lin