Archive for the ‘privacy’ Category
Posted by Emil A. Georgiev on 26 May, 2010
There has not been much discussion in the aftermath of the German Constitutional Court’s ruling on data retention and the matter somehow started to collect legal dust. The recent Irish involvement, however, could cause the necessary aeration and preserve the issue from getting buried in oblivion.
Digital Rights Ireland, a non-governmental organization formed as a limited liability company under the Irish Companies Act, brought proceedings before the Irish High Court against the Minister for Communication, Marine and Natural Resource, the Minister for Justice, Equality and Law Reform, the Commissioner of An Garda Siochana, Ireland and the Attorney General because of latter authorities’ breaches against rights provided for by Irish statutes and Constitution as well as by European legislation. Claimant’s proceedings were triggered by Minister for Public Enterprise’s direction, issued in 2002, to the telecommunications providers in Ireland to retain data generated by customers of the telecommunications providers, purportedly in compliance with Section 110 (1) of the Postal and Telecommunications Services Act 1983. This direction was addressed by the Data Protection Commissioner who then threatened said Minister with the issuance of judicial review proceedings to challenge the validity of any and all such directions.
The response of the Irish Government was to pass the Criminal Justice (Terrorist Offences) Act 2005, and specifically the incorporation therein of the provisions of Part 7 thereof. Under that part of the Act, the Garda Commissioner may request a service provider to retain, for a period of 3 years, traffic data or location data or both.
This is also what claimant is combatting. They have asked the High Court to refer the matter to the European Court of Justice (ECJ). The questions the ECJ needs to deal with all relate to the validity of Directive 24/2006, in particular with rights under the EU and EC Treaties, the Charter of Fundamental Rights (CFR) and the European Convention on Human Rights (ECHR). The High Court, in its ruling, granted this motion of claimant.
It is somewhat surprising that another “Irish issue” will land before the ECJ in less than a year following ECJ’s ruling agaisnt Ireland in the Case C·301/06. In the latter, the ECJ found that Art 95 of the EC Treaty represented a sound fundament for the enactment of the Directive 24/2006 since it was apparent that differences between national rules adopted for the retention of data were liable to have a foreseeable direct impact on the functioning of the internal market which would become more serious over time.
However, following the debates in Bulgaria, Romania and Germany it was high time to have the ECJ rule on data retention’s – this time hopefully – not only procedural, but also material aspects. In a somewhat best case for the preservation of our all’s digital rights the ECJ might find against the Directive.
The hope, as is well-known, springs eternal – so let us hope the best.
Posted in privacy | Tagged: data retention, digital rights ireland, ECJ, european court of justice, high court, ireland | 1 Comment »
Posted by Emil A. Georgiev on 3 March, 2010
Hear ye, hear ye, you all supporters of the fundamental right of privacy – 7 out of 8 German Constitutional Justices voted to declare the data retention provisions as applied in the Telecommunications Act and in the Code on Criminal Procedure null and void!
Enough of enthusiasm, however, we can go on observing the facts some of which may prove unlikely sobering when compared to yesterday’s news titles that went around the world.
You might remember that some months ago nearly 35 000 German citizens filed a mass-complaint in which they asked the Court to abrogate the provisions on data retention.
In reviewing the complaint, the Court makes an initial statement that the Federal German Constitution would not by itself forbid the retention of telecommunications traffic data for a certain time period. However, the data retention as transposed in German legislature interfered with the fundamental right of privacy in such a manner that the legal system was previously not familiar with. Hence to avoid such interference and, similar to the Romanian Constitutional Court, the German authority uses its ruling to create a recipe to be followed by the lawmakers in future. The main point made by the Court in its ruling, is the instruction towards lawmakers to observe the so called principle of proportionality (Verhältnismäßigkeitsgrundsatz).
Under reference of the above principle, the Court distills 5 requirements that need specifically be observed when drafting the prospective laws. In particular, the Court demands
- the adoption of specific provisions relating to enhanced data security and safety which the Court views mandated by the huge amounts of data to be retained;
- to safeguard that the retained data’s direct processing shall be limited to prevent only concrete danger situations arising out of serious crimes;
- to ensure the transparency of data transfer by notifying the data subject in advance, and – where not appropriate – to subject the transfer to a respective court order and notify the data subject afterwards;
- to provide for the data subject’s legal protection amounting to, inter alia, data subject’s right to challenge the processing and transfer of their data before a court of competent jurisdiction, and – in case of breach of the above protection – to penalise such breach;
- to guarantee that indirect data processing for the purposes of IP address detection and identification, as may be the result of an enforced right of information , is not undertaken to prevent mere misdemeanours. The Court points out the importance of the latter as it states that such indirect data processing need not be subjected to a court order.
Put it all together, this long awaited ruling did hardly hit the jackpot being on stake: is the fundamental right of privacy the long expected silver bullet which is supposed to kill the vampire attempting to quench its thirst by accessing Internet users’ data? I personally read the ruling as a clear “NO”.
The Court does not really question the existence of data retention provisions. Moreover, it determines the borders of their constitutionally acceptable framing. See whether and to what extent the ruling will influence the EU member states that are still defaulting to transpone the Directive 24/2006.
Posted in privacy | Tagged: Bundesverfassungsgericht, BVerfG, data retention, german constitutional court, unconstitutional, Verhältnismäßigkeitsgrundsatz | 1 Comment »
Posted by Emil A. Georgiev on 10 February, 2010
Imagine you are wanted by law enforcement officers who, upon discovery, would imprison you without any delay. What would you do? I bet you would hide and keep beneath surface. Moreover, you would very likely think twice before using social media, whereby proudly communicating your wanted poster to the public. No, you would not? Your case then would pretty much equate Christopher Crego’s current situation.
It is somehow surprising that some society’s members do not recognize social media as well as other web 2.0 applications to be “public”. This appears even weirder as the desire to “communicate with the public” is considered the main drive behind the use of such platforms. In the field of internet, hence, public is where others could look into your content, get notice what you do or otherwise interact with you. Everything leaving your privacy almost automatically enters the public realm.
In this regard social media has the potential of great convenience – communication with others is just a click away. Equally important, however, social media has also proved problematic – think of people that got fired for being on Facebook while actually on sick leave or of recently reported recruiters’ practices.
So, be careful because the social media has you!
Posted in communication, privacy | Tagged: communication to the public, Crego, facebook, law enforcement, public | 5 Comments »
Posted by Emil A. Georgiev on 23 January, 2010
Well, some have always suspected what Austria’s Die Presse has recently reported thereby quoting an official.
The gentleman in question is Christian Pilnacek who is the Head of the Criminal Procedure Department within the Austrian Ministry of Justice. When asked by a journalist, he confirmed the information, according to which the data retention provisions’ applicability should not be limited to only so called “serious crimes”. The latter is, by the way, what the Directive 2006/24 requires. It has been said that this idea has originated in the Ministry of Justice and has found support in the Ministry of Interior. Moreover, in the officials’ view retained data should be accessible in the prosecution of minor crimes and/or in dealing with civil wrongs and hence would perfectly fit in the scope of the provisions conveyed by the Enforcement Directive.
Now the show is over. Seemingly, the entertainment business’ lobbyists have done a good job for their clients. See whether the idea shall prove capable of gaining a legislative majority.
Posted in data retention, privacy | Tagged: austria, Ministry of Interior, Ministry of Justice, civil wrongs, minor crimes, hypocrisy | Leave a Comment »
Posted by Emil A. Georgiev on 18 January, 2010
The Data Protection Council is an advisory body within the Austrian Federal Chancellery’s administration. In a recent session the Council debated on the newly presented bill on data retention and passed an opinion to the government. The authority’s chair publicly presented the opinion’s upshot: the bill conflicts with Articles 8 and 9 of the ECHR, hence the Council moves for a balance between the privacy right of the persons concerned and the public interest to maintain security and order.
The Council further calls for a restrictive definition of a “serious crime” in order to achieve the data retention directive’s goal to fight organised crime and terrorism.
The Council seems to carefully observe the international, in particular the European, development on data retention. This is mirrored in Council’s recommendation to await the inauguration of the new European Commission and the enactment of the Stockholm Programme, which, given a sufficient consideration to certain privacy aspects, may lead to the data retention directive’s annulment.
I personally share that view and strongly hope for the Council to be proved correct.
Posted in privacy | Tagged: austria, data protection, data retention, Datenschutzrat | Leave a Comment »
Posted by Emil A. Georgiev on 16 December, 2009
Have you got an e-mail account on Yahoo! or do you use any of the services, such as messenger, groups or Flickr, provided by the Sunnyvale company? You were certainly aware of Yahoo!’s privacy policy, weren’t you? What you most probably did not know is the fact that Yahoo! surveil your personal data and then offer them to law enforcement at a fixed price. Not bad, huh?
Cryptome, a website hosted in the US that functions as a repository for information about freedom of speech, cryptography, spying, and surveillance got the ball rolling since it has obtained and made Yahoo!’s Compliance Guide for Law Enforcement available on its website. Seemingly, Yahoo! were not amused and served Cryptome with a takedown notice based on the US Digital Millenium Copyright Act (DMCA). Stretching copyright law for the purposes of preventing access to information is an interesting, albeit not novel, strategy. By the way, this is the reason why the DMCA and, particularly, its Section 512 has come under criticism – it causes a so called chilling effect on free speech.
So long Cryptome has not complied with Yahoo!’s demand and is still hosting the document in suit. It starts to get exciting!
Posted in copyright, data protection, privacy | Tagged: chilling effect, copyright, copyright infringement, DMCA, freedom of information, freedom of speech, ISP liability, takedown notice | Leave a Comment »
Posted by Emil A. Georgiev on 14 December, 2009
About an year ago I composed one of my first blog postings and asked “Will the data retention directive be fully implemented across Europe?”. The reason behind was the then pending decision of the ECJ caused by Ireland’s concern on the data retention directive’s grounds legitimacy and, the wrong way the directive was initially implemented in Bulgaria.
Recently, I covered the startling deciosion of the Romanian Constitutional Court that rejected the data retention implementing act due to inconsistency with constitutionally guaranteed and fundamental human rights, such as the right to privacy. Seemingly, this decision will not remain a single one.
In a hearing, appointed for tomorrow, the German Constitutional Court is expected to deal with the mass-complaint filed by nearly 35 000 citizens in which they ask the Court to abrogate the provisions on data retention. I believe the whole data retention concept would then fall apart, if the German Constitutional Court decided in favour of the complainants.
Press releases in Austria which, in my view, attempt to encourage the government in its Fabian position towards data retention, even call for a final ruling by the ECJ on the overall legitimacy of the data retention concept. In such a case, the ECJ will have to scrutinise whether the data retention directive is conciliable with the Charter of Fundamental Rights of the European Union that, together with the Treaty of Lisbon, is in force as of 1 December 2009.
Posted in data protection, data retention, privacy | Tagged: complaint, data retention, german constitutional court, implementation | 5 Comments »
Posted by Emil A. Georgiev on 27 November, 2009
The framers of the Data Retention Directive must have underestimated several factors in the course of its subsequent implementation. First Ireland brought a challenge before the ECJ then Austria still shows totally reluctant to implement. However, the big bang is currently unrivalled owned by Romania! This country’s Constitutional Court is the first to deliver a ruling that declares an act implementing the directive into a member state’s law unconstitutional.
Now, after Dracula and Johnny Weissmuller, Romania has, in the person of Prof. Iaon Vida being the President of the Romanian Constitutional Court, good chances to be awarded a third VIP contribution to the world!
Basically, the Court pointed out that the law on data retention interfered with following articles of the Romanian Constitution: Art 25 Freedom of Movement, Art 26 Intimate, Family and private life, Art 28 Secrecy of Correspondence and Art 30 Freedom of Expression. In addition, the Court examined Art 12 of the Universal Declaration of Human Rights (UDHR), Art 17 of the International Covenant on civil and political rights (ICCPR) and Art 8 of the European Convention on Human Rights (ECHR) and found them affected too.
The Court recognized in its reasoning that neither the Romanian Constitution nor the ECHR prohibited state authorities to interfere with the rights mentioned above on a general scale. However, the Court, relying upon the judicateure of the European Court of Human Rights (ECtHR) in Klass vs Germany and Popescu vs Romania, opined that such interference was permissible only within a narrow path, fenced by sufficient safeguards to protect a person against arbitrary acts of state authorities.
The Court further opined that the legislator has created uncertainty because it used terms in the act that were either not or only ambiguously defined. Such uncertainty was contrary to the drafting techniques which the legislator was required to employ in the course of legislation.
Finally, the Court addressed critically two more issues in the act on data retention. The first critic dealt with the breadth of applicability of the act’s provisions – they were not limited only to wrongdoers, but covered also innocent bystanders. The second regarded the lengthy period of time for which the data were to be retained.
The entire above put together just fortified the majority of Court’s members to vote for the abrogation of the act.
Now, before the opponents and fighters of data retention fall in a state of euphoria, one has to consider that the Court did not reject the act per se. Quiet the contrary! To me, this ruling reads as a cooking recipe directed to the legislator. The recipe contains an enabling set of hints and aims to support the legislator to successfully implement that act later on.
Posted in data protection, privacy | Tagged: abrogation, breadth, constitutional court, data retention, innocent bystander, uncertainty | 3 Comments »
Posted by Emil A. Georgiev on 24 November, 2009
Well, I agree the title of this post reads somewhat provocative. Nevertheless, it is driven by the criticism that European data protection practitioners usually express towards their US colleagues’ approach when dealing with privacy and protection of personal data.
This should not surprise as the right to privacy is a highly developed area of law in Europe. Accordingly, the European Union has long had a privacy framework for the processing of personal information that is different – and more restrictive — than privacy practices in the US. By contrast, the United States prefers what is called a “sectoral” approach to data protection legislation, relying on a combination of legislation, regulation, and self-regulation, rather than overarching governmental regulations (see “A Framework for Global Electronic Commerce“. To date, the US has no single, overarching privacy law comparable to the EU Directive.
The EU Data Protection Directive requires EU member states to provide for legislation that prohibits the transfer of personal data outside the EU. However, there are some exemptions from that rule, one of which applies where the EU has determined that the laws of the country of destination provide “adequate” protection for personal data. Among others, Switzerland and Argentina were determined to be such countries. In the late 1990s, the EU determined that the laws of the United States did not meet its adequacy standard.
However and in order not to totally prohibit the personal data transfer between the largest economies, the US Department of Commerce in consultation with the European Commission developed the “Safe Harbor Arrangement”. As a consequence, US companies that are under the jurisdiction of the Federal Trade Commission or the US Department of Transportation may enrol to that arrangement and process personal data submitted by European partners (subsidiaries) of theirs.
A company under the FTC’s jurisdiction that self-certifies its compliance with the Safe Harbor Arrangement, but fails to observe them may be subject to an enforcement action under Section 5 of the FTC Act, which prohibits unfair or deceptive trade practices.
After a decade without any enforcement actions, the FTC recently proceeded against seven companies and obtained consent orders against them.
While these actions by the FTC are said not to represent substantive enforcement within the Safe Harbor Arrangement, they do signify that companies need to be even more vigilant about the content of their privacy policies and marketing assertions.
Posted in data protection, e-commerce, privacy | Tagged: data protection, e-commerce, eu data protection directive, privacy, safe harbor arrangement, transfer of personal data, usa | Leave a Comment »
Posted by Emil A. Georgiev on 23 November, 2009
Debates on the use of keywords that equate registered trade marks have brought new challenges for legal professionals. As well-known, the majority of lawsuits on keywords advertising were based on alleged trade marks infringement. However, the courts’ ambivalent treatment of such trade marks proprietors’ claims (see Google AdWords Litigation update for the US and Advocate General Poiares Maduro’s opinion on Google’s AdWords to the ECJ for Europe) might have brought a Wisconsin law firm to observe this set of problems through a different angle.
Representatives of Habush, Habush & Rottier have discovered that when their law firm’s name is sought over internet searching engines, the name of Cannon & Dunphy, a rival law firm, showed up. Accordingly, Habush have filed an action against the rival who does not even deny the purchase of a keyword containing claimant’s name. However, whether based on reasons stated above or not, Habush is not willing to rely on trade marks law, but on Wisconsin’s law on privacy.
In my view a really promissing case. We will see as to whether it will bring some freshness into the keyword advertising complexity.
Posted in privacy, trade mark, unfair competition | Tagged: privacy, google, keywords, adwords, search engines, wisconsin | 2 Comments »
