Policy Observatory

e-Privacy proposal – Commission leaves the European Parliament with lots of work to do

Wed, 2017-01-11 07:52

Today, on 10 January 2017, the European Commission published its proposal for an e-Privacy Regulation. This legislation is crucial to provide clear rules on tracking individuals as they surf the web, and on freedom of communication more generally.

EU Council agrees to remove geo-blocking barriers to e-commerce

Wed, 2017-01-11 07:49

The European Union Council of member states today agreed on draft regulations to prevent blocking of cross-border e-commerce, but appears to retain copyright restrictions.

CJUE decision: member states may not impose a general data retention obligation

Thu, 2016-12-22 02:23

In Watson vs. Tele2 Sverige AB (C-203/15), the court decides that EU law precludes national legislation that prescribes general and indiscriminate retention of data.

The text of the decision is available here and the press release here.

China ends anonymity on its Internet

Sun, 2016-11-13 10:21

For years now, China’s government has been pushing Internet users towards real-name registration for some internet services, with varying degrees of success. But with a new cybersecurity law that will go into effect on June 1, 2017, ISPs, Wi-Fi node operators, and any other company that provides Internet access will need to confirm your real identity before they can let you online.

Fitness wristbands violate European law

Thu, 2016-11-03 15:47

Several fitness wristbands violate Norwegian and European consumer and privacy legislation. The Norwegian Consumer Council is submitting a formal complaint against four companies to the Norwegian Data Protection Authoritiy and the Consumer Ombudsman.

Privacy advocates challenge EU-US data transfer agreement

Wed, 2016-11-02 18:13

An Irish privacy organization is challenging the EU-US framework for transferring personal data, the "Privacy Shield," in the European high court. This challenge follows a decision last year invalidating the previous framework, "Safe Harbor." In that case, the Court of Justice for the European Union concluded Personal data transferred to the United States lacks adequate legal protection.

Personal data of 550,000 Red Cross blood donors was breached

Wed, 2016-11-02 18:09

The Australian Red Cross said its blood donor service has found that registration information of 550,000 donors had been compromised, which the agency blamed on human error by a third-party contractor.

The moot issue at this point, which may decide how the breach unfolds, is that nobody knows how many people have the data. The information from 2010 to 2016 was available on the website from Sept. 5 to Oct. 25. this year.

The database backup, consisting of 1.74GB with about 1.3 million records, contains information about blood donors, such as name, gender, physical address, email address, phone number, date of birth, blood type, country of birth, and previous donations, according to security researcher Troy Hunt.


Assessing the impact of data protection: DPO-EDPS meeting in Alicante

Wed, 2016-11-02 18:05

Assessing the impact of data protection: DPO-EDPS meeting in Alicante.

European privacy officials pursue investigation of WhatsApp and Yahoo

Wed, 2016-11-02 18:00

The Article 29 Working Party, an expert group of European privacy officials, is pursuing investigations of WhatsApp and Yahoo. In a letter to Facebook, the Working Party stated that the decision to transfer confidential user data from WhatsApp to Facebook has raised "serious concerns," and urged WhatApp to halt data transfers pending completion of the investigation. Separately, the group urged Yahoo to provide information about the 2014 data breach which compromised 500 million accounts. The Article 29 also pressed the company to explain why it scanned customer emails for US intelligence agencies.

The FCC’s new privacy rules are toothless

Wed, 2016-11-02 17:53

When the Federal Communications Commission (FCC) voted last Thursday (Oct. 27) to accept new privacy rules for ISPs, the move was heralded by many as an important step forward in U.S. privacy protections. But a closer look at the particulars shows a decision that has so many exceptions — and and that makes it easy for ISPs to hide customer permission deep within lengthy terms and conditions documents — it amounts to a big backward step for privacy, one that will likely embolden any ISPs that was inclined to violate privacy anyway.

The FCC made changes to the privacy requirements of Section 222 of the Communications Act for broadband ISPs.

CJEU says dynamic IP addresses are private

Wed, 2016-11-02 17:51

Your dynamic IP address is private if it can be tied to other pieces of information you supply.

Social media has us under surveillance – big business is the new Big Brother

Wed, 2016-11-02 17:37

Admiral has publicised a new service – firstcarquote – which will analyse the Facebook posts of first-time car owners, looking for evidence that they’re the kind of well-organised, conscientious types who will be safe on the roads. If you use a calendar or bookkeeping apps, tend to write in short, coherent sentences and use lots of lists, you’ll look like a safe bet and might qualify for a discount. But if your social media history is chock-full of exclamation marks, with a heavy use of “always” and “never” rather than the more cautious “maybe”, that might suggest you’re a tad on the over-confident, even reckless side – and you’ll have to pay the full rate.


Harmonization of Cyberlegislation in Latin America

Wed, 2016-11-02 12:12

The purpose of this publication is to provide up-to-date information on the legal framework of the countries in Latin America as follow-up to the studies in prospects for harmonising cyberlegislation in the region that were published in 2009 and 2010. The study reports progress made by the countries in regard to electronic transactions/electronic signatures, online protection of consumers, protection of personal data, industrial and intellectual property, domain names, cybercrime and security of information, and pending legislation and challenge.

The situation in 20 countries of the region is reviewed, and information is provided on the commitments and responsibilities assumed by the individual countries in regard to cyberlegislation, bearing in mind the regional context, so as to identify the collaborating agencies and the implications, limitations and challenges involved. Reference is made to the many agenices in the region that have generated a wide range of legal instruments and public policies and the need for coordination with the governments of the countries so as to promote progress in this regard.

This study can be useful to government personell involved in designing and implementing legislation that will foster development.



FCC vote means Internet providers need permission to share your data

Mon, 2016-10-31 10:06

Under the new FCC rules, ISPs will have to inform consumers about what information is collected and how it is used and shared, and identify the types of entities with which the ISP shares the data. Most important, ISPs will be required to obtain consumers' permission — what the commission calls "opt-in consent" — to share the information.

CETA signature ignores Agreement’s flaws

Mon, 2016-10-31 08:29

On 30 October 2016, Comprehensive Economic Trade Agreement (CETA) will be signed between Canada and the European Union. The text includes special rights for corporations, new obligations on so-called “intellectual property rights” and measures which create significant risks for citizens’ fundamental rights, most notably with regard to privacy and data protection.

Civil society has repeatedly raised concerns about the lack of democracy and transparency of the negotiation process, problems related to the protection of the personal data of European citizens, the investment court system (ICS) introduced in the agreement to allow corporations to challenge government decisions, and the inclusion of intellectual property rights (IPR) to the agreement without debate, including measures that resemble very closely the text of Anti-Counterfeiting Trade Agreement (ACTA) that was rejected by the European Parliament in 2012.

UN report cites threats to freedom of expression

Wed, 2016-10-26 20:01

A top United Nations official on the freedom of expression released a report citing "severe" threats to freedom of expression worldwide. The report flagged governments cracking down on encryption, blocking websites, suspending communications services, and over-classifying information as key concerns.

U.S. Treasury tells banks to provide details on cyber attacks

Wed, 2016-10-26 19:59

The U.S. government on Tuesday told banks to include details about cyber attacks when filing mandatory reports on fraud and money laundering, saying that will help battle digital crimes that pose "a significant threat" to the U.S. financial system.

TV viewing in hotel rooms doesn’t need copyright licence fee

Wed, 2016-10-26 19:53

CJEU advocate general says TV is an essential part of a hotel's activity.

Statement by Vice-President Ansip and Commissioner Oettinger welcoming the adoption of the first EU-wide rules to make public sector websites and apps more accessible

Wed, 2016-10-26 19:52

European Commission - Statement Statement Statement Strasbourg, 26 October 2016 European Commission Vice-President Andrus Ansip, responsible for the Digital Single Market, and Commissioner Günther H. Oettinger, in charge of the Digital Economy and Society, welcome the decision by the European Parliament to formally approve the Directive on the accessibility of the websites and mobile applications of public sector bodies.

Terrorism Directive: Document pool

Wed, 2016-10-26 19:47

Terrorism is a very complex issue and laws must be balanced, smart and work in times of crisis. European Digital Rights (EDRi) has been working extensively with the Civil Liberties Committee (LIBE) and with Permanent Representations of the European Union Member States to adopt a sound approach in the Terrorism Directive.