27 November 2009

Romanian Constitutional Court abrogates data retention act

The framers of the Data Retention Directive must have underestimated several factors in the course of its subsequent implementation. First Ireland brought a challenge before the ECJ then Austria still shows totally reluctant to implement. However, the big bang is currently unrivalled owned by Romania! This country’s Constitutional Court is the first to deliver a ruling that declares an act implementing the directive into a member state’s law unconstitutional.

Prof. Ioan Vida, Romanian Constitutional Court. Courtesy to BOGDAN MARAN / MEDIAFAX FOTO.

Now, after Dracula and Johnny Weissmuller, Romania has, in the person of Prof. Ioan Vida being the President of the Romanian Constitutional Court, good chances to be awarded a third VIP contribution to the world!

Basically, the Court pointed out that the law on data retention interfered with following articles of the Romanian Constitution: Art 25 Freedom of Movement, Art 26 Intimate, Family and private life, Art 28 Secrecy of Correspondence and Art 30 Freedom of Expression. In addition, the Court examined Art 12 of the Universal Declaration of Human Rights (UDHR), Art 17 of the International Covenant on civil and political rights (ICCPR) and Art 8 of the European Convention on Human Rights (ECHR) and found them affected too.

The Court recognized in its reasoning that neither the Romanian Constitution nor the ECHR prohibited state authorities to interfere with the rights mentioned above on a general scale. However, the Court, relying upon the judicateure of the European Court of Human Rights (ECtHR) in Klass vs Germany and Popescu vs Romania, opined that such interference was permissible only within a narrow path, fenced by sufficient safeguards to protect a person against arbitrary acts of state authorities.

The Court further opined that the legislator has created uncertainty because it used terms in the act that were either not or only ambiguously defined. Such uncertainty was contrary to the drafting techniques which the legislator was required to employ in the course of legislation.

Finally, the Court addressed critically two more issues in the act on data retention. The first critic dealt with the breadth of applicability of the act’s provisions – they were not limited only to wrongdoers, but covered also innocent bystanders. The second regarded the lengthy period of time for which the data were to be retained.

The entire above put together just fortified the majority of Court’s members to vote for the abrogation of the act.

Now, before the opponents and fighters of data retention fall in a state of euphoria, one has to consider that the Court did not reject the act per se. Quiet the contrary! To me, this ruling reads as a cooking recipe directed to the legislator. The recipe contains an enabling set of hints and aims to support the legislator to successfully implement that act later on.

 

Did you find this article informative, helpful or entertaining? If yes, do not forget to share it by pressing one of below buttons or to otherwise tell your friends about it!

24 November 2009

The US cares for data protection

IMG_1458photo © 2011 John Taylor | more info (via: Wylio)

 

Well, I agree the title of this post reads somewhat provocative. Nevertheless, it is driven by the criticism that European data protection practitioners usually express towards their US colleagues’ approach when dealing with privacy and protection of personal data.

This should not surprise as the right to privacy is a highly developed area of law in Europe. Accordingly, the European Union has long had a privacy framework for the processing of personal information that is different – and more restrictive — than privacy practices in the US. By contrast, the United States prefers what is called a “sectoral” approach to data protection legislation, relying on a combination of legislation, regulation, and self-regulation, rather than overarching governmental regulations (see “A Framework for Global Electronic Commerce“. To date, the US has no single, overarching privacy law comparable to the EU Directive.

The EU Data Protection Directive requires EU member states to provide for legislation that prohibits the transfer of personal data outside the EU. However, there are some exemptions from that rule, one of which applies where the EU has determined that the laws of the country of destination provide “adequate” protection for personal data. Among others, Switzerland and Argentina were determined to be such countries. In the late 1990s, the EU determined that the laws of the United States did not meet its adequacy standard.

However and in order not to totally prohibit the personal data transfer between the largest economies, the US Department of Commerce in consultation with the European Commission developed the “Safe Harbor Arrangement”. As a consequence, US companies that are under the jurisdiction of the Federal Trade Commission or the US Department of Transportation may enrol to that arrangement and process personal data submitted by European partners (subsidiaries) of theirs.

A company under the FTC’s jurisdiction that self-certifies its compliance with the Safe Harbor Arrangement, but fails to observe them may be subject to an enforcement action under Section 5 of the FTC Act, which prohibits unfair or deceptive trade practices.

After a decade without any enforcement actions, the FTC recently proceeded against seven companies and obtained consent orders against them.

While these actions by the FTC are said not to represent substantive enforcement within the Safe Harbor Arrangement, they do signify that companies need to be even more vigilant about the content of their privacy policies and marketing assertions.

23 November 2009

Keyword advertising actionable under privacy law?

Debates on the use of keywords that equate registered trade marks have brought  new challenges for legal professionals. As well-known, the majority of lawsuits on keywords advertising were based on alleged trade marks infringement.

However, the courts’ ambivalent treatment of such trade marks proprietors’ claims (see Google AdWords Litigation update for the US and Advocate General  Poiares Maduro’s opinion on Google’s AdWords to the ECJ for Europe) might have brought a Wisconsin law firm to observe this set of problems through a different angle.

Representatives of Habush, Habush & Rottier have discovered that when their law firm’s name is sought over internet searching engines, the name of Cannon & Dunphy, a rival law firm, showed up. Accordingly, Habush have filed an action against the rival who does not even deny the purchase of a keyword containing claimant’s name. However, whether based on reasons stated above or not, Habush is not willing to rely on trade marks law, but on Wisconsin’s law on privacy.

In my view a really promising case. We will see as to whether it will bring some freshness into the keyword advertising complexity.

22 November 2009

Data retention in Austria becomes even likelier

Austria’s DerStandard informs that the data retention bill to amend the existing Austrian Telecommunications Act was in place. In a consultation procedure, the responsible minister Doris Bures has called upon the appraisal of the participants (eg regional authorities, chamber for commerce and industry, trade unions). She thereby vowed to apply “the highest standards under the rule of law” in drafting the bill.

Austria has not implemented the data retention directive yet, wherefore the European Commission threatened the government with the launch of infringement proceedings. Austrian politicians have used the data retention related set of problems in their last election campaign in 2008. For some period thereafter and, since the subject matter is highly controversial, no one appears willing to cease the delay in implementation.

Quite often, the enforcers of intellectual property rights have been viewed as the real beneficiaries of the data retention becoming a fact. Many of their lobbyists and legal representatives utilized the duration caused by the governmental delay in addressing the public and stating the necessity to access retained internet traffic data that evidences, for instance, illegal file sharing.  However and given an implementation, it is still unclear as to whether such enforcers shall have access to data so retained.

According to recent cases on file sharing, Austrian courts seem to opine that file sharers’ interest in the protection of their traffic and identity data outweighs the enforcers’ interests to access such data.

It is clear that the data retention could easily change the so established balance. I hope to soon have certainty on that.

13 November 2009

The retention of internet traffic data saves New Yorker Teen from robbery charges

No, this is not a text dedicated to advocate company policies or governmental prescriptions on data retention, even though defenders of retaining communications networks’ data might well use it for such purposes.

It is the story of the 19-year-old New York City Teen Rodney Bradford which shows that a policy to retain user’s traffic data may also have an yet undiscovered “bright side”.
Just imagine Rodney’s life given a verdict sending him to jail….
And yes, I believe that Facebook’s policy to keep certain log files stored for a while literally saved this boy’s life.

Hence my Friday’s message to the audience: Try listening to “Always look on the bright side of life” when thinking of data retention -).

4 November 2009

Facebook wins lawsuit against infamous spammer

Facebook brought suit against Sanford Wallace, a notorious online marketer and spammer, claiming that Wallace and his affiliates created Facebook accounts through which they established a phishing scheme in November 2008.

The suit was based on the so called CAN-SPAM Act (‘‘Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003’’) and Facebook claimed cited 14 million violations to that law and $7.5 billion in damages.

Last week, Facebook eventually prevailed and was awarded damages upwards of $700 million in the District Court in San Jose, California.

Though Facebook may never receive the entire $700 million award, considering Wallace filed bankruptcy, the verdict sends a strong messages to spammers and would-be spammers to stay off social networks.

27 April 2009

Keep your job or surf on Facebook – what would you choose?

Facebook - Friend and foe!photo © 2008 Mark Jensen | more info (via: Wylio)

I agree, the topic of this posting may read a bit weird, but only unless you live and work in Switzerland. According to the Swiss 20 Minuten Online an insurance company based in Basel fired an employee after having registered her activity on Facebook.

Ok, that was just a part of the story, because the employee had purported to have migraine and was thus medically certified to be unfit for screen handling. Nevertheless she was observed being active on Facebook obviously using a computer screen…

My advice in this matter: (1) always be honest to your employer and (2) think before you link a contact to your social network profile!

28 January 2009

So, it happened again…

What is one supposed to do in case he or she suffers a so called identity theft?
And who is to be deemed responsible therefor? The data controller, the data processor or the data subject (to stay in the definitions of the data protection legislation)?

According to this report the UK’s largest recruitment websites lost (partially sensitive!) data records of more than 4,5 Million of its subscribers.

Data and identity theft, however, seems to have some tradition in Britain and should, in my humble opinion, be questioned on the highest possible level.

This dangerous practice must be countered by appropriate measurements including both legislative and technical improvements. Alternatively we are on the best way to lose what has remained of our anyway reduced privacy.

26 January 2009

A lesson in political stubborness

Bulgarians are known as notably stubborn and even bull-headed. Circumventing a supreme court’s decision, however, successfully blurs the border to the political blindness!

The circumvention attempt follows the defeat of Regulation Nr 40 (collectively issued by the Ministry of Interior and the State Agency on Information Technologies and Communication) before the Supreme Administrative Court.

Nevertheless, the logic behind it appears to have been borrowed from a bad gambler: once the transposition of the Directive 2006/24/EC by means of a statutory instrument (=Regulation Nr 40) did not work, the only way is to raise the stakes!
How should that work, you may ask? Well, in that they bluff!

Indeed, in a joint session the parliamentary Committees for Interior and for Transportation and Communication have prepared an amendment to the Act on Electronic Communications, whereupon a new regulation shall determine the procedure of retaining communication data and govern the access thereto.
Funnily, the regulation is intended to be the collective outcome of even three authorities – the Minister of Interior, the Chair of the State Agency for National Security and the Chair of the aforementioned State Agency on Information Technologies and Communication.

Sounds promissing and I will keep an eye on it!

23 December 2008

Will the data retention directive be fully implemented across Europe?

Yesterday I had an interesting discussion on an, to some extent, older issue – the data retention directive – with some friends of mine.

The compelling event of the discussion was the Bulgarian Supreme Administrative Court’s decision to repeal some provisions in a regulation transposing the Data Retention Directive 2006/24/EC into Bulgarian national law. Appearantly, the decision was dictated by the lack of judicial revision as the acts determined in aforementioned regulation were to be undertaken solely by the administration of the Ministry of Interior.

The Directive itself has recently been the subject of a higher level revision.
Advocate General Yves Bot appears to share the Irish deliberations as to whether the Directive was adopted on an appropriate legal basis .

In any case we may remain curious what the future will bring as data retention in its current shape deeply affects our individuals’ right of privacy.

« Older Entries
Newer Entries »