23 April 2012

Some Good News On Data Retention


Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Image: Data Center Tech Museum San Jose California by mrkathika on Flickr
Data Center Tech Museum San Jose California

Last week the Court of the European Union issued its long awaited ruling in the case of

Bonnier Audio vs ePhone

that represents a clash between two fundamental rights, the one being that on property, or intellectual property in particular and the other one being the right to data protection and privacy of individuals.

I will not discuss the case at length, but shall invite English readers to take a look at EDRI´s analysis and German readers to the brilliant breakdown of Dr Hans Peter Lehofer, who is a member of Austria´s Supreme Administrative Court.

There is a certain portion contained in the Bonnier ruling that caused my heart to beat faster and you can find it here

44. With regard to the main proceedings, it must be noted that the legislation at issue pursues an objective different from that pursued by Directive 2006/24. It concerns the communication of data, in civil proceedings, in order to obtain a declaration that there has been an infringement of intellectual property rights.

45. That legislation does not, therefore, fall within the material scope of Directive 2006/24.

What does that mean?

Basically, the Court opines that Directive 2002/58/EC allows the EU member states to introduce a national legislation, according to which communication data may be retained for a certain period of time and be disclosed to right holders attempting to enforce their rights.

However, such retention and disclosure needs always be subjected to a fair balance between the various applicable fundamental rights.

Conversely, the data retained under the Directive 2006/24 must not be used for the enforcement of intellectual property rights, full stop.

And that is not all

You may well remember that two years ago the German Constitutional Court smashed the country´s data retention legislation. Since then the coalition parties of the German government have been desperately struggling to agree to a new set of rules, which needs to comply with said court´s prescription.

From what I read in today´s Bild Zeitung, however, that agreement is not likely to be achieved very soon.

These are really good news, are they not?

16 January 2012

Data Retention: EU Commission Should Facilitate Its Revocation


Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Image: Data Center by s_w_ellis on Flickr
Data Center

About a week ago a secret communication of the European Union Commission leaked to Quintessenz – an Austrian data protection and privacy advocacy group.

The communication basically acknowledges that both, the data retention directive (DRD) and the corresponding legislation in the member states to the EU have missed their target.

Best evidence

for the above may easily be obtained by the communication itself, however you need not read it in its entirety, since I have prepared a short summary for you:

– The EU Commission complains it has received qualitative response to its questions from only 11 out of 27 member states.
– There is next to no evidence on the value of data retention in terms of public security and criminal justice. It is unclear whether data requested would be available anyway without the retention obligation and Data Protection Authorities do not know what is being kept or deleted by operators.
– While law enforcement agencies would love to know who communicated with whom, when, where and how, they can hardly make it happen, since unclear definitions in the DRD have encouraged heterogeneous interpretations of the scope so the agents find it very difficult to get this data on time for their investigations.
– The so-called ‘serious crime are not defined at EU level and this leads to even more legal uncertainty – e.g. the entertainment industry calls upon the extension of DRD’s purpose to include copyright infringements, which may include illegal downloads / piracy.
– Telco operators complain about the considerable costs of compliance which are disproportionately high and hence discriminatory for smaller enterprises.

Putting it all together

it turns out that the DRD in its current form is useless because

– it does not solve legal uncertainties, but creates rather new ones;
– its scope is open to a debate and the EU Commission is keen to extend it (to cover also intellectual property infringements);
– it has failed in fulfilling its purpose – the harmonisation of the Internal Market.

Therefore,

the only reasonable step

of the EU Commission would be to immediately facilitate the revocation of the DRD!

Your thoughts?

4 October 2011

HTC Joins Apple On The Road To Perdition


Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Image: 800px-HTC_Evo_4G by Anya1986 on Flickr
800px-HTC_Evo_4G

Do you remember Apple’s disrespect of their customers’ privacy?

It now turns out that the Taiwanese

HTC ain’t any better

in that respect.

Privacy International, whom I follow on Google Reader issued an article citing a very detailed report prepared by Artem Russakovski, Justin Case and Trevor Eckhart and made available on the Android Police website.

It turns out that HTC, in the absence of any corresponding consent, collect the personal data of their users and share that data with third parties.

Assuming that HTC have deployed the same business model also within the European Union, they have committed some

serious breaches

under the applicable data protection and privacy legislation here.

First, HTC should be aware of the fact that by processing personal data they act as a data controller and are therefore under the obligation to process the data fairly and lawfully and only for an explicit and legitimate purpose.

Second, when processing personal data, HTC must ensure that the buyers and users of their mobile devices, i.e. the data subjects have served HTC with an

explicit consent

to that data processing.

Not that HTC fail to obtain that explicit consent, they moreover mislead their users!

It is said to work like that: HTC ostensibly offer their users the option not to allow the collection and use of personal information, but even if the users select that option, HTC collects and processes the data anyway.

And third, by so doing, HTC have failed to prevent an

unwarranted intrusion

into the private sphere of their users.

I think that HTC, being a major competitor to Apple, should offer its customers a set of good privacy options, in order to create an advantage over the Cupertino company.

Instead, HTC seems to have opted to spy on and fool their customers thereby joining Apple on the road to perdition…

How about you?

Would you prefer one mobile device manufacturer over another, if it offers you a better privacy protection?

2 October 2011

Hóigh, Facebook, How Deeply Do You Care About Data Protection?


Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Image: Hanover Quay – Dublin Docklands by informatique on Flickr
Hanover Quay - Dublin Docklands

Hanover Quay, Dublin 2.

That is the address of Facebook’s European headquarter or, strictly legally, the business seat of the Facebook Ireland Limited.

The above is important

as owing to Section 18 of Facebook’s Terms of Use, users who are not residents of the USA and Canada have their agreement to use the social network with Facebook’s Irish subsidiary.

That means that if you have any

data protection issues

with the Zuckerberg-led company, you are entitled to approach the Irish Data Protection Commissioner.

The Austrian based data protection advocacy group Europe vs Facebook already started doing this.
They have identified several breaches and have undertaken a number of actions, thereby including complaints and access requests and, have covered each of them on their website.

Obviously

enforcing its powers

under Section 10 of the Data Protection Act, the Irish Data Protection Commissioner has started an investigation against Facebook.

I am curious what the outcome of the foregoing will be and will therefore monitor and provide for follow-ups.

By the way, how much do you care about what Facebook does with your data, but without your consent?

30 April 2011

Sony PSN: Clueless And Breaching


Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Playstation 3: Sixaxis Wireless Controllerphoto © 2008 włodi | more info (via: Wylio)

Not that I wish to blog so often on data protection, but some technology giants would not give me a break.

Last week I covered the (very likely) unlawful data collection practice of Apple’s iPhone and this week I decided to spend some words on the fact that

Sony Leaked Personal Data

particularly credit card data from its Play Station Network.

Ars Technica have been reporting during the last few days, here is the most current update as of the writing of this article.
According to Sony, “It is possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained.”

What is this if not a

Personal Data Breach?

Some of you will remember that at the end of 2009 the European Union updated its Telecoms Package and, as a part thereof, the ePrivacy Directive. The European lawmakers sharpened the provisions on privacy and introduced a data breach notification requirement in order to prevent data loss debacles.

The updated ePrivacy Directive mandates that in the event of a personal data breach, providers of publicly available electronic communications services shall, without undue delay, notify the personal data breach to the competent national authority in charge for data protection.

Now read the italic type again. What providers does it cover? Only telcos, right? One could ask:

Must Sony Notify Its Breach?

Well, seemingly not under the ePrivacy Directive since Sony should not be defined as a telco.
Funnily, during the negotiations of the Directive’s final version, the European Parliament demanded that all providers of “information society services” be subjected to the data breach notification duty. Sony is, inter alia, a provider of information society services – check the definitions of the E-Commerce Directive (2000/31/EC). Hence, that demand would have covered Sony, had it only been implemented.

However, European Union Directives normally set only minimum requirements and leave member states with a certain amount of leeway as to the exact rules to be transposed.

Member states such as Germany, Spain, Austria and Ireland did not limit the data breach notification duty to only telcos. They rather chose to oblige the so-called data controller under the Data Protection Directive (95/46/EC). Thus, they have achieved a much broader scope of applicability.
Data controller’s definition clearly puts

Sony Under An Obligation

to notify the respective data protection authorities of above member states.
To the best of my knowledge, Sony has not yet undertaken such a notification – it has been dangerously clueless for more than two weeks instead.

What Is The Moral Of The Story?

The data breach notification was introduced as a consequence of recent years’ high-profile incidents of personal data loss across Europe.
Who forgot the T-Mobile data loss or the UK privacy debacles?
Now, it seems, Sony has joined the data breach elite.
See, what the consequence therefor will be.

 

21 April 2011

Your iPhone Disrespects Your iPrivacy


Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

iPhone Desktopphoto © 2007 Terry Johnston | more info (via: Wylio)

No, doubt iPhone is a hip communication tool with a great design. Who would not like to have one?

But will you still want to have one if you knew that

iPhone Records Every Step You Make

Will you really? Hmm, well maybe not.

Guardian has the story and in the next few lines I will provide you with a very concise

Legal Analysis

What Apple’s iPhone seems to do is usually referred to as location data processing. In the European Union the latter is governed by Directive 2009/136/EC – the so called ePrivacy Directive.

Apple acts as a provider of a value added service in the sense of the ePrivacy Directive since it processes location data beyond what is necessary for the transmission of a communication or the billing thereof.
Apple is generally allowed to do so, however, under the condition that it fully informs its users of its data collection and processing

Prior To Obtaining Their Consent

From what I read, no users have been informed and their consent has not yet been obtained.
Besides the fact that it disrespects the privacy of its users, Apple is in a clear breach of applicable data protection and telecommunications legislation.

iPhone or iPrivacy, what will be your choice?

18 April 2011

Another One Bites The Dust: Czech Constitutional Court Shoots Data Retention With Five Bullets


Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Autumn Morningphoto © 2007 Jeff | more info (via: Wylio)

The judicial development on data retention across Europe will not cease! Following the meanwhile numerous decisions in, just to mention some, Bulgaria, Romania and Germany, some two weeks ago

The Czech Constitutional Court Abrogated Data Retention

Yes, on a sitting held on 22 March 2011 it delivered a ruling abrogating Section 97, subsections 3 and 4 of the Czech Electronic Communications Act as well as the related Decree 485/2005 on the storage of traffic and location (altogether “the contested provisions”).

Court’s ruling grounded on the following

Reasoning

1. The language of the contested provisions is too vague and thus fails to fulfill the constitutional requirement on certainty and clarity.
2. The contested provisions have failed to clearly and precisely define the purpose to retain data and particularly to rectify the vague serious crimes language of Directive 2006/24/EC. Such failure contradicts the requirements laid down in the Charter of Fundamental Rights and Basic Freedoms (the Charter).
3. The absence of clear legal determinations is likely to result in an abuse, i.e. in that the law enforcement agencies use retained data to combat less serious crimes. The latter view appears fortified by the following quotation from the 2008 Report on the security situation in the Czech Republic: a total number of 343 799 comitted criminal offenses resulted in the total number of 131 560 applications to access retained data.
4. The contested provisions have failed to safeguard the integrity and confidentiality of the retained data and to prevent access through (non-state) third parties. The Court opines that such safeguards are mandated by the enormous development and emergence of new and more complex information technologies and communications systems that inevitably blur the boundaries between private and public space.
5. The contested provisions have failed to provide for the destruction of the data following the retention period. The contested provisions have further failed to provide for responsibilities of and sanctions against the public authorities in case of abuse of the retained data as well as for the possibility of individuals to seek for effective relief against such abuse.

In light of the above, the Court found the contested provisions violating constitutional limits and hence unconstitutional. Besides, the Court expressed also some doubts as to the constitutionality of s. 88a of the Czech Criminal Code and urged the lawmakers to either derogate said section or provide for its constitutional compliance.

So, three cheers to the Czechs and their Constitutional Court!

Skydiver with Czech flag

photo © 2010 Ivan Pik | more info (via: Wylio)

 

Conclusion

The decision of the Czech Constitutional Court goes in a clear confrontation with the legislature.
It is the first decision in a EU member state to criticise the lack of responsibilities in dealings with retained data and to demand sanctions for negligence and misuse.
Unlike the decisions in Romania and Germany, it does not deliver  guidance as to how lawmakers should repair the contested provisions in order to achieve constitutional compliance.
In other words, the courts in Romania and Germany made really precise shots that aimed to merely injure their national data retention provisions. The Czech decision is quite the opposite: the justices shot to kill.
A righteous kill?
I would say yes.

What would you say?

1 April 2011

Austria’s Data Protection Council On Data Retention – A Déjà Vu


Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Who remembers the cat scene in The Matrix?
The scene depicted Neo, Morpheus & the other good guys convinced that they had already witnessed or experienced a certain situation. What do we usually call this experience or state of mind?
Déjà vu, right?
Unlike the most cases of a déjà vu where no determination can be made as to whether the circumstances of the previous encounter were imagined or true, in that particular scene from The Matrix the cat indeed passed the door twice.
The good guys instinctively felt that something was wrong. And their feelings did not betray them: something was wrong indeed!

Data retention is The Matrix in real life

In a previous blog post I did already compared the laws on data retention with the bad guys’ attempt to maintain total control in The Matrix.
When I recently read that the Austrian data protection council had again disfavoured the then current bill on data retention in a critical statement, it felt like a déjà vu to me.

What does the council criticise?

1. The council has some very serious doubts as to data retention bill’s compatibility with Art 8 of both, the European Convention on Human Rights and the Charter of Fundamental Rights of the European Union.

2. While the council acknowledges that law enforcement authorities should be equipped by sufficient powers in order to fight organized crime and that access to communication data might be helpful in such context, it opines that such powers must be applied only to concrete occasions and be subject to specific controls.

Data stormphoto © 2006 Dave Herholz | more info (via: Wylio)

3. The council further urges the European Commission to eventually conduct the evaluation owing to Article 14 of the Directive 2006/24/EC.

4. In the event that Commission’s evaluation results in a review of the data retention Directive which recommends the implementation of lesser onerous measures, the council suggests that the legislature opt for the so-called quick-freeze procedure. The latter recently gained a measure of popularity because of its submission to public debate in Germany.

5. Last but not least and given the “informative value” of retained data, the council calls upon the legislature to maintain the highest possible data security standards when transposing the Directive.

Will this statement halt the transposition of data retention in Austria?

Unfortunately, it will not, because the data protection council has advisory and, hence limited, powers.
Its statement is nevertheless significant – it once again makes it very clear that data retention is at odds with fundamental human rights, and that the politicians are very well aware of this fact.

What can a single individual do?

First of all inform yourself and inform others who are not yet familiar with data retention. And since data retention is considered avoidable – learn how to either avoid it or make it appear obsolete.

Thoughts?

Did I miss an important point? What else would you suggest?

 

Did you find this article informative or helpful? If yes, do not forget to share it by pressing one of below buttons or to otherwise tell your friends about it!

25 March 2011

Europe’s Last Stand Against Data Retention?


Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

The Matrix has you...photo © 2008 Roman Pinzon-Soto | more info (via: Wylio)

Do you remember Morpheus saying “Wake up Neo… The Matrix has you!”?
Do you remember Agent Smith implanting an electronic tracking bug in Neo’s body?
I bet you do, because the image transported by this film does not appear that fictional anymore.
It may be just an arm’s length away.
Yes, I am talking about the retention of your communication traffic data. By “you” I mean all of you who live under the jurisdiction of a member state of the European Union. Any member state? Hmm, well, possibly not, but let me first explain

What is data retention and its purpose?

Data retention in the sense of the Directive 2006/24/EC provides for the storage data arising out of telephone calls made and received, emails sent and received and websites visited. Since location data counts to traffic data, it is collected too.

The introduction of data retention has always been justified with combating terrorism and serious crimes, but it aims to fight file-sharing users instead.

Owing to its controversy, legislation produced by transposition of the data retention Directive has been contested in some EU member states. While Ireland challenged Directive’s compatibility with formalities under the then current EC Treaty,  the constitutional courts of Romania and Germany were asked to deal with data retention’s compatibility with fundamental human rights. As a consequence, the respective provisions got abrogated, but not annulled.

Data retention gains territory

Until recently, Austria managed to postpone the transposition of the Directive 2006/24/EC into its national law. Well, the ostensible resistance grounded on discrepancies between the two coalition forming parties rather than on human rights deliberations.

Doris Bures, Austria’s Minister of Transport, Innovation and Technology announces the upcoming enactment of data retention. Courtesy to APA (Archiv/Fohringer)

However, some weeks ago the farce went to an end and a bill amendment to the telecommunications act was nodded through the council of ministers prior to its submittal to the parliament. Reportedly, the bill is being heavily discussed among the members of the parliament justice committee. The result will be, despite all assurances, the total control of communication.

Now that Austria will no longer be a safe harbour in terms of privacy, are there any other member states that still have not implemented the data retention directive?
Let us have a look at the map of Europe…
Is someone missing?
Yes, there is!

The land of milk and honey

Flag countrysidephoto © 2009 Håkan Dahlström | more info (via: Wylio)

 

Can you imagine: the Swedes usually known for their discipline and law-abiding behaviour are now obstructing the implementation of Directive 2006/26/EC.
It seems that an arrangement among the Left Party, the Green Party and the Swedish Democrats managed to apply a procedural loophole in order to delay the transposition for at least a year.

What does it mean?

As I previously mentioned, the data retention directive has been referred to a judicial review a few times already. These reviews’ action items towards legislation always read the same: improve!
In this respect, it is likely that the Court of Justice of the European Union delivers a judgment dealing with data retention’s compatibility with fundamental human rights under the acquis.

The good news at the end

I still have hope that this madness will come to an end. Not only because hope springs eternal, but because anyone can make an effort and engage in lawfully fighting data retention.
At least anyone who cares about fundamental human rights.

And if Sweden should fail, then it could be us as individuals who form Europe’s last stand against data retention!

 

Did you find this article informative, helpful or entertaining? If yes, do not forget to share it by pressing one of below buttons or to otherwise tell your friends about it!

11 March 2011

Digital Oblivion: To Be Or Not To Be?


Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

1 if 3 Zoom blur experiment - Woodphoto © 2008 Mike Baird | more info (via: Wylio)

Have you ever tried to search the web for information relating to yourself?
If yes, how accurate were the results that showed up, say, in Google?
And what would you do if you found information or data that were not really up-to-date, or were inaccurate or even libelous?

Well, you might rely on the law of data protection and undertake certain actions. And if you are domiciled in Spain, which is known for its higher standards on data protection, your actions are likely to be more fruitful than elsewhere.
This is at least what the story of the Spanish doctor Guidotti Russo evidences.

Imagine

that a 20 years old newspaper article covering some accusations against you, is still being accessible via Google’s search engine. Imagine further that, in the mean time,  you have been cleared from all those accusations.
What would you do? Or put another way, what are the remedies you may rely upon?

The law on data protection

in the European Union is approximated by the Directive 95/46/EC. Accordingly, its Article 6 provides that “… every reasonable step must be taken to ensure that data which are inaccurate or incomplete… are erased or rectified.”
This is what Dr Russo appears to have requested before the Agencia Española de Protección de Datos, namely that Google be ordered to cease the access to that newspaper article.
Not surprisingly, Google, asserting the right to information access, did not obey and the issue landed before an ordinary court in Madrid.
From what I read, this court has been considering to ask the Court of Justice of the European Union for a preliminary ruling.

Other commentators on the Web did already make a link between this case and

“The right to be forgotten”

which the European Commission recently presented in its communication COM(2010)609. That oddly named right seems to be a part of Commission’s plan to revise the data protection rules, in order to strengthen individuals’ rights.
The Commission defines it as “the right of individuals to have their data no longer processed and deleted when they are no longer needed for legitimate purposes. This is the case, for example, when processing is based on the person’s consent and when he or she withdraws consent or when the storage period has expired;”

Hmm, I do not see any significant difference to the language of the Data Protection Directive I quoted above. Do you?
So, I guess clarifications will follow.
Anyway, my personal opinion is that a right to be forgotten should result in a mechanism of data self-destruction or data fading away which individuals should be able to configure as they like. Equally important, such right should be incapable of being contractually waived. 

Once introduced, however, a right to be forgotten will very likely collide with another fundamental right –

The right to access information

It is obvious – in today’s information society the right to access information has become important more than ever. Data or information that is subject to a self-destruction will, however, seriously challenge that rights’s fundamental character.
At a first glance, this argument seems to hold water.
But hey! What data should the right to be forgotten concern?
Is it not about personal data?
And since it is, why should someone else’s right to access my personal data trump my right to determine whether that someone should access it in the first place?

Invitation to discuss

For me, the existence of a digital oblivion right evokes questions upon questions. It appears to be a really promising discussion topic, does it not?
Hence, do not hesitate to tell me what you think about it!

 

Did you find this article informative or helpful? If yes, you might want to share it by pressing one of below buttons or to otherwise tell your friends about it.