Is your IP address really yours? EU court to decide the question

Europe’s top court is set to answer a question that seems to be as old as the Internet: Are IP addresses personal data?

Germany’s Federal Court of Justice was scheduled to rule on this Tuesday, but instead decided to refer the matter to the European Court of Justice of the European Union (CJEU).

The answer to the question is crucial for ongoing discussions about the EU data protection reform as well as for the many websites that track and store users’ IP addresses, the Federation of German Consumer Organizations (VZBV) said.

Moreover, if the CJEU rules that IP addresses are personal data, this could have huge consequences for the ease of use of the Internet in Europe. Under German law, personal data may only be stored with a user’s consent or for the purposes of billing and such. If IP addresses are considered personal data though, one of the possible consequence could be that Internet users would have to give their consent to store their address every time they visit a website, or alternatively, that websites would have to start storing them on a different legal basis, the VZBV said.


read full article at PC World

Commission slams Hungary’s ‘Internet tax’ (elementary dear PM...)

The outgoing European Commission has delivered an unusually tough statement over a planned new tax on Internet data transfers, which has unleashed boisterous protests in Hungary.

Ryan Heath, spokesperson to Commission Vice President for Digital Agenda Neelie Kroes said the Hungary internet tax is a “terrible idea”.

Prime Minister Viktor Orbán's government, which has been widely accused of adopting anti-democratic policies, first unveiled plans for the new tax late last week in the draft 2015 tax bill submitted to parliament.


read full article at EurActiv

Europe under massive virtual cyber attack

More than 200 organisations from 25 EU member states are under virtual cyber-attack today  (30 October), as part of the continent’s largest and most complex ever cyber security exercise.

Organised by the European Network and Information Security Agency (ENISA), Cyber Europe 2014 is targeting security agencies, ministries, telecoms and energy companies, financial institutions and internet service providers.

All EU member states except Belgium, Lithuania and Malta are testing their procedures and capabilities against realistic large-scale cyber-security scenarios. The reasons those countries have declined to participate are not known, but are “uncontroversial,” according to ENISA sources.

More than 2000 separate cyber-incidents will be carried out, including denial of service attacks to online services, intelligence and media reports on cyber-attack operations, ambushes designed to change websites' appearances, and attacks on critical infrastructure such as energy or telecoms networks.

read full article at EurActiv

Oettinger floats proposal for EU-wide 'Google-tax'

Günther Oettinger, the EU's incoming Digital Commissioner, has announced plans to reform existing copyright laws within one year, indicating the likely addition of an EU "Google-tax", similar to that applicable in Germany. 

An EU-wide "Google-tax" would require internet search engine providers to pay a fee for displaying copyrighted materials on their sites.

   

“If Google takes intellectual property from the EU and makes use of it, the EU can protect this property and demand that Google pay for it,” Oettinger told the Handelsblatt newspaper. 

read full article at EurActiv

James Comey, F.B.I. Director, Hints at Action as Cellphone Data Is Locked

The director of the F.B.I., James B. Comey, said on Thursday that the “post-Snowden pendulum” that has driven Apple and Google to offer fully encrypted cellphones had “gone too far.” He hinted that as a result, the administration might seek regulations and laws forcing companies to create a way for the government to unlock the photos, emails and contacts stored on the phones.

But Mr. Comey appeared to have few answers for critics who have argued that any portal created for the F.B.I. and the police could be exploited by the National Security Agency, or even Russian and Chinese intelligence agencies or criminals. And his position seemed to put him at odds with a White House advisory committee that recommended against any effort to weaken commercial encryption.

 Apple and Google have announced new software that would automatically encrypt the contents of cellphones, using codes that even the companies could not crack. Their announcement followed a year of disclosures from Edward J. Snowden, the former government contractor who revealed many government programs that collect electronic data, including information on Americans.

read full article at NY Times

Cloud Service Level Agreement Standardisation Guidelines

"... These guidelines will form the basis of a submission by the C-SIG SLA subgroup to the ISO/IEC JTC1 Working Group on Cloud Computing, which is currently working on an international standard for cloud SLAs, to ensure maximum impact for the European position to be taken into account at the international level..."

read full article at Digital Agenda EU

Public Outrage Mounts Against Hungary’s Plan to Tax Internet Use (no wonder...)

Public outrage was mounting Wednesday in Hungary against the government’s plan to levy a hefty tax on Internet use from the start of next year, with critics saying it would be detrimental to the country’s economic development, limit access to information and hinder the freedom of expression.

By Wednesday afternoon, 15,000 Facebook users have signed up to attend a street demonstration planned for Sunday in Budapest to protest against the new tax.

A trade union of teachers PSZ, which claims to be the biggest in Hungary with 40,000 members, issued a statement, saying “this measure seriously undermines the operation of public education, limits the freedom of information, of education and the right to learn.”

read full article at WSJ

Mass internet surveillance threatens international law, UN report claims

Mass surveillance of the internet by intelligence agencies is “corrosive of online privacy” and threatens to undermine international law, according to a report to the United Nations general assembly.

The critical study by Ben Emmerson QC, the UN’s special rapporteur on counter-terrorism, released on Wednesday is a response to revelations by the whistleblower Edward Snowden about the extent of monitoring carried out by GCHQ in the UK and the National Security Agency (NSA) in the US.

Emmerson’s study poses a direct challenge to the claims of both governments that their bulk surveillance programs, which the barrister finds endanger the privacy of “literally every internet user,” are proportionate to the terrorist threat and robustly constrained by law. To combat the danger, Emmerson endorses the ability of Internet users to mount legal challenges to bulk surveillance.

read full article at The Guardian

Microsoft’s Lynch Talks Privacy and Trust, Then and Now

Being the chief privacy officer for the world’s largest software company is no small task, especially in light of lingering PRISM accusations and the growing importance of data in an increasingly connected world. Eleanor Dallaway meets Microsoft's Brendon Lynch…

I sit down with Microsoft's chief privacy officer, Brendon Lynch, at a time when privacy and data exposure couldn’t be more topical.

With the revelations of NSA whistleblower Edward Snowden still rocking the industry, and bang in the middle of the RSA backdoor controversy, I could forgive Lynch for being a little cagey. After all, the media has been pretty unforgiving in accusing Microsoft of collaborating with law enforcement over access to customer data.

by Eleanor Dallaway  

read full article at InfoSecurity

EU Antitrust Unit Fines Deutsche Telekom

The European Commission’s antitrust unit is fining Deutsche Telekom AG and its subsidiary Slovak Telekom A.S. a total of €69.9 million ($88.4 million) for shutting out rivals from the Slovak market for broadband services for more than five years, in breach of EU antitrust rules, the commission said in a statement Wednesday.

The total consists of two fines: one of €38.8 million on Slovak Telekom A.S. and its parent company, Deutsche Telekom AG for refusing to give access to the so-called local loop or “last mile". 

read full article at WSJ

Telecoms: Commission to cut number of regulated markets in Europe

Today the European Commission – in agreement with Member States - decided that two telecom markets should no longer be subject to regulation in Europe, and that two more should be redefined to reflect market and technology developments. The rules take effect immediately.

The two liberated markets are:

a) the retail market for access to fixed telephony; and
b) the wholesale market for fixed call origination.

The Commission will also redefine two broadband markets, in order to limit regulatory burdens to what is strictly necessary for competitive broadband access and investment.

The Commission is increasing its focus on the distinct needs of business users, to make sure that competitive connectivity can unleash growth across the economy.

European Commission Vice President @NeelieKroesEU says: "I am delighted to announce this cut in telecoms red tape. It is the result of increased competition in telecoms markets and it takes us a step closer to a real Connected Continent”.

read full article at EU

The right to be forgotten - Drawing the line

SOMETIMES a local spark can cause a global fire. In 1998 La Vanguardia, a Spanish daily, ran an announcement publicising the auction of a house to pay taxes owed by Mario Costeja González, a lawyer. The event would have been consigned to oblivion had the newspaper not digitised its archives a few years later. Instead, it came first in Google’s results for searches for Mr Costeja’s name, causing him all manner of professional problems.

When the online giant refused to remove links to the material, Mr Costeja turned to Spain’s data-protection authority. The case ended up in the European Court of Justice (ECJ), which ruled in May that Google must remove certain links on request. The ruling has established a digital “right to be forgotten”—and forced Google to tackle one of the thorniest problems of the internet age: setting the boundary between privacy and freedom of speech.

read full article at Economist

J.P. Morgan Says About 76 Million Households Affected By Cyber Breach

The largest U.S. bank by assets said the unknown attackers stole customers’ contact information—including names, email addresses, phone numbers and addresses. The breach, which was first disclosed in August and is still under investigation by the bank and law enforcement, extended to the bulk of the bank’s customer base, affecting an amount equivalent to two-thirds of American households. It also affected about seven million of J.P. Morgan’s small-business customers. It isn’t clear how many of those households are U.S.-based.

The bank said hackers were unable to gather detailed information on accounts, such as account numbers, passwords, Social Security numbers or dates of birth. Customer money is “safe,” the bank said in a statement to customers on Thursday.

read full article at WSJ

Europe Digital Nominee Demands Stronger U.S. Data Rules (or else...)

Europe may suspend data-sharing agreements with the United States if American policy makers do not improve how Europeans’ online information is protected, according to Andrus Ansip, the nominee to lead Europe’s digital agenda.

His statements could have major implications for American tech giants like Google and Facebook, which routinely compile data generated by their European customers through web searches and other online activities. Those companies’ data policies have come under greater scrutiny in Europe in the wake of the revelations about spying by the National Security Agency, using online data.

read full article at Bits

EU Justice Nominee Notes Data Protection, U.S.-EU Safe Harbor at Nomination Hearing

The European Union's incoming commissioner with responsibility for data protection Oct. 1 said she would press for rapid completion of the bloc's data protection overhaul and would “not make any concession” in discussions with the U.S. on protecting privacy in the transfer of EU citizens' data for law enforcement purposes.

At a confirmation hearing in front of three European Parliament committees, former Czech Regional Development Minister Vera Jourová added that possible release to the U.S. National Security Agency of data transferred by companies to the U.S. under the U.S.-EU Safe Harbor Program is “the most complex topic I have ever encountered.”

read full article at BNA

How will you store your photos and documents online in 5, 10, or even 20 years?

Today, cloud services are a commonplace for sending emails, sharing photos or watching movies. People and businesses are entering the cloud more than ever before. We need to continue doing more research in this field also beyond 2015. This is why the European Commission seeks everyone's opinion, especially from researchers, scientists and developers, on priorities for this research.

Before the Web started in 1998, everyone stored their photos and documents in albums and folders at home. You could only watch films at the cinema or if you rented them from a shop to watch at home. Now it is easy to store them online anywhere in the world thanks to cloud computing and advanced software.

read full article at Digital Agenda for Europe 

OWASP Top 10 Privacy Risks Presented at Inaugural IPEN Workshop in Berlin

The first workshop of the Internet Privacy Engineering Network (IPEN), recently founded by the European Data Protection Supervisor (EDPS), could not have had a more symbolic location: Berlin State Parliament, right beside the remaining parts of the Berlin Wall that separated Western Germany from the German Democratic Republic until 1989. Surveillance of its citizens by the Stasi (state security) was widespread in Eastern Germany, and, 25 years later, we are back in a situation where mass surveillance is supported by the globalized Internet and has been heavily enforced by Western governments to fight terrorism. Further, insecure protocols and the lack of technical measures to protect data in current Internet technology make it easy to circumvent privacy. For these reasons and more, IPEN was founded to support the development of privacy-friendly technologies and raise awareness not only among software engineers.

read full article at IAPP

Feds Seek Advice on Privacy Tech Spending (!)

The National Privacy Research Strategy, or NPRS, "will establish objectives and prioritization guidance for federally funded privacy research, provide a framework for coordinating research and development in privacy-enhancing technologies, and encourage multidisciplinary research that recognizes the responsibilities of the government, the needs of society, and enhances opportunities for innovation in the digital realm," reads a request for information from the Networking and Information Technology Research and Development Program, published by the National Science Foundation last month.

read full article at Ecommerce Times

Data retention Directive abandoned in EU but Telcos in AU fear rushed data-retention laws

Rumours that Attorney-General George Brandis may look to introduce legislation to force telecommunications companies to retain customer data for up to two years as soon as October 20 are frightening, according to John Stanton, CEO of industry lobby group the Communications Alliance.

The organisation, as the representative group for the telecommunications industry, has been heavily involved in discussions with the Attorney-General's Department over the exact structure of a scheme that would force the ISPs to retain an as-yet-undefined set of customer data for access by government agencies such as the Australian Federal Police, Human Services, local councils, and the RSPCA for up to two years.

read full article at ZDnet

Following Apple And Starbucks, Amazon Now Faces European Commission Tax Probe

Amazon is now, following in the footsteps of Apple and Starbucks facing a probe into its tax arrangements from the European Commission. Now that we’re seeing the details of these cases, of what the allegations are, it’s possible to offer a preliminary opinion as to what is actually going on here. Which is that this is all a great deal of fuss over not very much. This is a result of political pressure, nothing more, and it’s not going to change, except in the most trivial manners, the way that these companies operate in Europe.

read full article at Forbes

The Extraterritorial Scope of the “Right to Be Forgotten” and how this Affects Obligations of Search Engine Operators Located Outside the EU

Spiros Tassis and Margarita Peristeraki
European Networks Law & Regulation Quarterly 3/2014: pp. 244-252 [Case Note]

Annotation on the Judgment of the Court of Justice of 13 May 2014, in Case C-131/12 Google Spain SL, Google Inc. v Agencia Española de Protección de Datos (AEPD) and Mario Costeja González Electronic networks’ governance is becoming increasingly complex and constitutes a field of conflict between several jurisdictions, particularly the US and the EU. The information transferred through these networks is vast,mostly unfiltered and flows in an intangible area defined as “cyberspace”. The Courts’ recent judgment in the Google case aims at setting the boundaries to what search engine operators can and cannot do in the EU when their activities have implications to data protection rules, by determining (i) the territorial scope of such rules, (ii) the characterization of the activity of an internet search engine operator and (iii) the relevance of the “right to be forgotten” in this context. In a nutshell, the Court found that when it comes to non-EU based search engine operators, the mere existence of an affiliated company in the EU that sells ads associated with the search engine giant creates a presence in this territory and a data processor within the scope of the relevant EU Directive.

full annotation at ENLR

Slowly but surely, standards on the way for Internet of Things (a battle between telecoms and tech companies?)

It looks like a battle is shaping up between the telecoms and the tech companies as to what kinds of standards to apply to the emerging Internet of Things.

As observed in a report by Daniel Thomas in The Financial Times, "an intense battle is developing between technology and telecoms groups" for market domination of the Internet of Things. Companies from across the spectrum, including Vodafone, Google and Arm, are vying for leading roles in the IoT market, which Gartner says will be worth $300 billion in the next six years. 

So, with all these vendors jumping into what looks like a lucrative space, will standards evolve to make it all work? Or will we finally get everyone on the same page, as we did with the Internet of Words and Pictures?

read full article at ZDnet

Telefónica to trial AT&T’s smart home Internet of Things platform

Telefónica has announced plans to bring a trial of US carrier AT&T’s connected home platform, “Digital Life”, to Europe. Digital Life allows customers to monitor domestic smart and connected devices such as intruder alarms, thermostats and ovens, and control them through mobile applications and other web based user interfaces.

AT&T will provide Telefónica with the necessary technical resources and software to enable Telefonica to operate the Internet of Things service in its domestic markets. The Digital Life platform will also be customised to show Telefonica branding, as well as handing over management and hosting of the service to the Spanish telco.

The President of AT&T’s Digital Life business, Kevin Peterson, believes that global distribution of the service will widen new market opportunities for industry OEMs.

read full article at BCN

EU's super-commish for tech: Geo-blocks on cat vids, music – NOT FAIR

Andrus Ansip, the new EU super-commissioner for all things digital, says he will work to completely abolish geo-blocking of media in Europe – and urged telcos to get on with pushing out high-speed mobile broadband.

What started out as a relatively boring and predictable hearing before the European Parliament on Monday took a turn for the interesting in the final minutes: the rather wooden Ansip took issue with incumbent telecoms companies for sitting back and not rolling out 4G.

“In some countries almost 90 per cent of the territory is covered by 4G LTE, in some other countries it is zero! They haven’t even started allocating that spectrum. Once again I think we have to talk about vested interests,” he said.

read full article at The Register

We Want Privacy, but Can’t Stop Sharing

"IMAGINE a world suddenly devoid of doors. None in your home, on dressing rooms, on the entrance to the local pub or even on restroom stalls at concert halls. The controlling authorities say if you aren’t doing anything wrong, then you shouldn’t mind.

Well, that’s essentially the state of affairs on the Internet. There is no privacy. If those creepy targeted ads on Google hadn’t tipped you off, then surely Edward J. Snowden’s revelations, or, more recently, Jennifer Lawrence’s nude selfies, made your vulnerability to cybersnooping abundantly clear.

You need only read George Orwell’s “1984” or watch the film “Minority Report” to understand how surveillance is incompatible with a free society. And increasingly, people are coming to understand how their online data might be used against them. You might not get a job, a loan or a date because of an indiscreet tweet or if your address on Google Street View shows your brother-in-law’s clunker in the driveway. But less obvious is the psychic toll of the current data free-for-all..."

read full article at NYTimes

Privacy issues raised over Singapore’s plan to use ‘smart’ road toll technology

Singapore’s Land Transport Authority (LTA) has shortlisted three consortia to tender for the development of the country’s next generation electronic road pricing system to be used on congested roads, based on global navigation satellite system (GNSS) technology. 

The LTA said an 18-month system evaluation test that ended in December 2012 showed “it is technologically feasible to develop a GNSS-based road pricing system... (to) overcome the constraints of physical gantries, which are costly and take up land space”.

However, concerns have been raised about how the technology might impact on privacy. In a statement issued in December 2013, the opposition Singapore Political Party expressed concern the satellite system would be used to track vehicles for "unwarranted surveillance".

read full article at Outlaw

"Feds only have themselves to blame for Apple and Google's smartphone encryption efforts"

For the past two weeks, federal agencies and the executive branch have launched a cacophony of critique of Apple and Google for bolstering the encryption on their users' smartphones.

Secret loopholes drive NSA's 'unrestrained surveillance' on Americans

Thanks to a three-decade-old secret executive order, Fourth Amendment protections against warrantless domestic surveillance is not as strong as first thought.
 

That, the opposition camp says, will result in drug dealers, pedophiles, identity thieves, and other violent criminals evading capture, leading to an uptick in crime. That will affect millions of Americans who each year are classified as victims of theft and robbery, violence, and sexual crimes.

Made up of the FBI and the NSA, the outgoing Attorney General Eric Holder, and members of Congress, they are calling for laws to be changed, and Apple and Google to face sanctions for their privacy protections.


read full article at ZDnet

Big Tech pledges student privacy; critics scoff... (the right to be ... corrected)

Companies signing the pledge — including Microsoft, Amplify, Edmodo, Knewton and Houghton Mifflin Harcourt — will commit to clearly disclose what type of personal information they collect about students, and for what purpose. They will promise not to sell the information or use it to target advertising at students. They’ll pledge to let parents see their children’s records and correct any errors. 

read full article at Politico

Attorney General: Device Backdoors Should Be Left Open for the Police

The Attorney General Eric H. Holder Jr. spoke out yesterday about backdoors in consumer technology, claiming that they should be left open by technology firms so that law enforcement officials are never locked out during important investigations.

Speaking about new forms of encryption that could theoretically prevent police officers and other government officials from accessing personal data, he claimed that they could harm investigations of kidnappers and sexual predators, and in turn put children at increased risk.

read full article at Gizmodo

We are back!

Dear readers of this blog, 

After a long period of inactivity caused by summer laziness and vacations, some serious legal projects and the relocation of our law office to new premises, we are happy to announce that it's official... WE ARE BACK!

S.T.