24 May 2011

Of Superinjunctions, Free Speech And Privacy Protection

Image by Sara Simmons on Flickr
5746811723_c6ee3aa242_oYou will most probably recognise his face if you are a football fan.
This guy must have had a harsh time during the last couple of weeks.
Actually, he must have gone through hell.
What he has reportedly done may be controversial and stay at odds with morality, but this is not the subject of the article you are reading.
It is about his right to private life.

My point is that since the man on the image has not committed any wrong, no public interest should qualify to deprive him of a right provided for by Article 8 of the European Convention on Human Rights.
The forgoing is not to be understood as the advocacy towards a single individual. It is the advocacy towards the right of private life par excellence.

Want to read more? Good,

Let’s Kick It!

Allegedly, the man on the image has had an affair with a model and ex BigBrother contestant. However, after the model had contemplated to disclose their relationship, he managed to obtain a


(aka gagging order) to prevent potentially embarrassing details about his private life being published.
What you have to know about superinjunctions is that they prevent anyone from publishing information which is said to be confidential or private about the applicant. That not enough, superinjunctions prevent anyone from reporting that they even exist.

The English High Court granted the order.

Nevertheless, the Scottish Sunday Herald

Dared To Publish

footballer’s image claiming that it has no obligations under an English injunction and if anyone wants to prevent the whole of the British media from reporting on a story, then they will need to get separate injunctions in all jurisdictions.

The interesting thing preceding the publication in Scotland is that, as soon as Twitter users had started to tattle about the alleged affair of the footballer, he managed to obtain a gagging order also against Twitter.
Despite any deliberations as to whether Twitter is subject to the jurisdiction of English courts, the superinjunction flopped in meeting its purpose. It not only failed in preventing the spread of information on the microblogging platform, it bestowed Twitter an unprecedented increase in traffic instead. Every user interested in the matter was tweeting said footballer’s name.


Undoubtedly, this teaches us that

Superinjunctions Have Only Limited Effect

when it comes to Web 2.0 and social media.

The reactions could not come quickly enough.
Lord Chief Justice Judge lamented that “modern technology is totally out of control”. David Cameron added “It’s not fair on the newspapers if all the social media can report this and the newspapers can’t” and announced that “the government considers to legislate on privacy issues in order to catch up with the advent of social media”.

Would you support such legislation efforts?
I would.
I could accept minor limitations and would easily survive the lack of knowledge about whom a celebrity allegedly slept with. Because I know that such a minor concession of the society as a whole, would end up saving said celebrity’s private life.

Filtering Twitter?

I spent a couple of hours on Twitter this Sunday and read as many messages marked with a #Superinjunction hashtag as possible.
My impression was not that the users celebrated the victory of free speechover gagging and censorship. No, their overall message to the footballer sort of read “You think you can hide behind a superinjunction? You cannot, it simply does not work on Twitter”. They seemed happy to have tracked him down. That had nothing to do with free speech, that was hate speech.

Besides, it was in a clear breach with the superinjunction, of which everybody on Twitter already knew.

I delayed the publication of this article, because today I had a little chat with Jane Lambert on Twitter. There she expressed her concern as to whether a foreign social network should be allowed to operate in the jurisdiction of England and Wales if it is in breach of a fundamental right granted by the European Convention On Human Rights and cannot prevent flouting of an English court order.

She opined that networks should develop filtering technologies, but should deploy them only sparingly in democratic societies.

What do you think?

24 November 2009

The US cares for data protection

IMG_1458photo © 2011 John Taylor | more info (via: Wylio)


Well, I agree the title of this post reads somewhat provocative. Nevertheless, it is driven by the criticism that European data protection practitioners usually express towards their US colleagues’ approach when dealing with privacy and protection of personal data.

This should not surprise as the right to privacy is a highly developed area of law in Europe. Accordingly, the European Union has long had a privacy framework for the processing of personal information that is different – and more restrictive — than privacy practices in the US. By contrast, the United States prefers what is called a “sectoral” approach to data protection legislation, relying on a combination of legislation, regulation, and self-regulation, rather than overarching governmental regulations (see “A Framework for Global Electronic Commerce“. To date, the US has no single, overarching privacy law comparable to the EU Directive.

The EU Data Protection Directive requires EU member states to provide for legislation that prohibits the transfer of personal data outside the EU. However, there are some exemptions from that rule, one of which applies where the EU has determined that the laws of the country of destination provide “adequate” protection for personal data. Among others, Switzerland and Argentina were determined to be such countries. In the late 1990s, the EU determined that the laws of the United States did not meet its adequacy standard.

However and in order not to totally prohibit the personal data transfer between the largest economies, the US Department of Commerce in consultation with the European Commission developed the “Safe Harbor Arrangement”. As a consequence, US companies that are under the jurisdiction of the Federal Trade Commission or the US Department of Transportation may enrol to that arrangement and process personal data submitted by European partners (subsidiaries) of theirs.

A company under the FTC’s jurisdiction that self-certifies its compliance with the Safe Harbor Arrangement, but fails to observe them may be subject to an enforcement action under Section 5 of the FTC Act, which prohibits unfair or deceptive trade practices.

After a decade without any enforcement actions, the FTC recently proceeded against seven companies and obtained consent orders against them.

While these actions by the FTC are said not to represent substantive enforcement within the Safe Harbor Arrangement, they do signify that companies need to be even more vigilant about the content of their privacy policies and marketing assertions.

23 November 2009

Keyword advertising actionable under privacy law?

Debates on the use of keywords that equate registered trade marks have brought  new challenges for legal professionals. As well-known, the majority of lawsuits on keywords advertising were based on alleged trade marks infringement.

However, the courts’ ambivalent treatment of such trade marks proprietors’ claims (see Google AdWords Litigation update for the US and Advocate General  Poiares Maduro’s opinion on Google’s AdWords to the ECJ for Europe) might have brought a Wisconsin law firm to observe this set of problems through a different angle.

Representatives of Habush, Habush & Rottier have discovered that when their law firm’s name is sought over internet searching engines, the name of Cannon & Dunphy, a rival law firm, showed up. Accordingly, Habush have filed an action against the rival who does not even deny the purchase of a keyword containing claimant’s name. However, whether based on reasons stated above or not, Habush is not willing to rely on trade marks law, but on Wisconsin’s law on privacy.

In my view a really promising case. We will see as to whether it will bring some freshness into the keyword advertising complexity.

4 November 2009

Facebook wins lawsuit against infamous spammer

Facebook brought suit against Sanford Wallace, a notorious online marketer and spammer, claiming that Wallace and his affiliates created Facebook accounts through which they established a phishing scheme in November 2008.

The suit was based on the so called CAN-SPAM Act (‘‘Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003’’) and Facebook claimed cited 14 million violations to that law and $7.5 billion in damages.

Last week, Facebook eventually prevailed and was awarded damages upwards of $700 million in the District Court in San Jose, California.

Though Facebook may never receive the entire $700 million award, considering Wallace filed bankruptcy, the verdict sends a strong messages to spammers and would-be spammers to stay off social networks.

29 October 2009

Commission steps up UK legal action over privacy and personal data protection

The European Commission has moved to the second phase of an infringement proceeding over the UK to provide its citizens with the full protection of EU rules on privacy and personal data protection when using electronic communications. European laws state that EU countries must ensure the confidentiality of people’s electronic communications like email or internet browsing by prohibiting their unlawful interception and surveillance without the user’s consent. As these rules have not been fully put in place in the national law of the UK, the Commission today said that it will send the UK a reasoned opinion.

Specifically, the Commission has identified

Three Gaps In the Existing UK Rules

governing the confidentiality of electronic communications, namely:

No Independent National Authority

to supervise interception of communications, although the establishment of such authority is required under the ePrivacy and Data Protection Directives, in particular to hear complaints regarding interception of communications;

No Need To Grant Explicit Consent

The current UK law the Regulation of Investigatory Powers Act 2000 (RIPA) authorises interception of communications not only where the persons concerned have consented to interception but also when the person intercepting the communications has ‘reasonable grounds for believing’ that consent to do so has been given. These UK law provisions do not comply with EU rules defining consent as freely given specific and informed indication of a person’s wishes;

No Sanctions Against Unlawful Interception

The RIPA provisions prohibiting and providing sanctions in case of unlawful interception are limited to ‘intentional’ interception only, whereas the EU law requires Members States to prohibit and to ensure sanctions against any unlawful interception regardless of whether committed intentionally or not.

The UK has two months to reply to this second stage of the infringement proceeding. If the Commission receives no reply, or if the response presented by the UK is not satisfactory, the Commission may refer the case to the European Court of Justice.

To me, this is a clear signal that data protection and privacy are considered highly valuable achievements that need to be  protected within the European dimension.

17 August 2009

Austrian Supreme Court holds that ISP is not obliged to provide copyright enforcer with file-sharing user’s data.


Austria’s Die Presse reports about a recent decision of the Austrian Supreme Court (4 Ob 41/09x), according to which the

File-Sharing User’s Right of Privacy Has a Higher Priority

than a copyright enforcer’s right of information.

The Supreme Court had to deal with a case where a collecting society requested an ISP to disclose the personal data of a file-sharing user, whose IP address the collecting society had already obtained.

By so deciding

The Supreme Court Overruled the Lower Instances

which found the defendant ISP liable to provide the claimant collecting society with the requested information.

The decision is considered to have a certain signalling effect.

28 January 2009

So, it happened again…

What is one supposed to do in case he or she suffers a so called identity theft?
And who is to be deemed responsible therefor? The data controller, the data processor or the data subject (to stay in the definitions of the data protection legislation)?

According to this report the UK’s largest recruitment websites lost (partially sensitive!) data records of more than 4,5 Million of its subscribers.

Data and identity theft, however, seems to have some tradition in Britain and should, in my humble opinion, be questioned on the highest possible level.

This dangerous practice must be countered by appropriate measurements including both legislative and technical improvements. Alternatively we are on the best way to lose what has remained of our anyway reduced privacy.

26 January 2009

A lesson in political stubborness

Bulgarians are known as notably stubborn and even bull-headed. Circumventing a supreme court’s decision, however, successfully blurs the border to the political blindness!

The circumvention attempt follows the defeat of Regulation Nr 40 (collectively issued by the Ministry of Interior and the State Agency on Information Technologies and Communication) before the Supreme Administrative Court.

Nevertheless, the logic behind it appears to have been borrowed from a bad gambler: once the transposition of the Directive 2006/24/EC by means of a statutory instrument (=Regulation Nr 40) did not work, the only way is to raise the stakes!
How should that work, you may ask? Well, in that they bluff!

Indeed, in a joint session the parliamentary Committees for Interior and for Transportation and Communication have prepared an amendment to the Act on Electronic Communications, whereupon a new regulation shall determine the procedure of retaining communication data and govern the access thereto.
Funnily, the regulation is intended to be the collective outcome of even three authorities – the Minister of Interior, the Chair of the State Agency for National Security and the Chair of the aforementioned State Agency on Information Technologies and Communication.

Sounds promissing and I will keep an eye on it!

12 December 2008

Virtual theft – real punishment?

Virtual theft and virtual fraud appear to be widely spread among the online and gaming community.
Authorities in the Nethderlands and in the USA have thus undertaken proceedings against wrongdoers.

What is the moral of the story?
Owing to the lower threshold required, one is likelier to conduct an offense online. But beware of what you do, because you can get an offline punishment!