Category: EU

“What’s at stake is individual control of one’s data when they are combined by internet giants”

1. September 2016

The concern due to WhatsApp sharing user information with Facebook is rising, especially in Europe.

As the Wall Street Journal reported, European privacy regulators are investigating WhatsApp’s plan to share the information of their users with its parent company Facebook.

The Article 29 Working Party representing the 28 national data protection authorities released a statement at the beginning of this week saying that its members were following “with great vigilance” the upcoming changes to the privacy policy of WhatsApp due to the fact that the new privacy policy allows WhatsApp to share data with Facebook, whereas the privacy policy only gives existing WhatsApp users the right to opt out of part of the data sharing. Therefore, the Article 29 Working Party concluded “What’s at stake is individual control of one’s data when they are combined by internet giants”.

Furthermore,

  • the ICO also issued a statement last week raising concerns due to the “lack of control”,
  • at the beginning of this week the consumer privacy advocates in the U.S. filed a complaint with the Federal Trade Commission due to the fact that WhatsApp promised that “nothing would change” when Facebook acquired WhatsAPP two years ago and on top of that
  • the Electronic Privacy Information Center and the Center for Digital Democracy turned to the Federal Trade Commission in order to get the confirmation that the upcoming changes to the privacy policy can be seen as “marketing practices” that are “unfair and deceptive trade practices”.
Category: Article 29 WP · EU · UK · USA
Tags: , , ,

Google Analytics joins EU-U.S. Privacy Shield

31. August 2016

On its blog Google Analytics announced on the 29th of August that they have self-certified to the EU-U.S. Privacy Shield.

The statement describes the EU-U.S. Privacy Shield as a new framework for transfers of personal data from Europe to the United States, which can be seen as a significant milestone for the protection of Europeans’ personal data, legal certainty of transatlantic businesses, and trust in the digital economy.

Therefore, Google has now committed that they comply with the Privacy Shield’s principles and furthermore that they will safeguard the transfers of personal data, whereas no action is required from their customers.

ICO: Statement on WhatsApp sharing information with Facebook

30. August 2016

The ICO just published a statement relating to the fact that WhatsApp is about to share user information with Facebook.

Elizabeth Denham who was appointed Information Commissioner in July 2016, said that “The changes WhatsApp and Facebook are making will affect a lot of people. Some might consider it’ll give them a better service, others may be concerned by the lack of control.” She continued by saying “Our role is to pull back the curtain on things like this, ensuring that companies are being transparent with the public about how their personal data is being shared, and protecting consumers by making sure the law is being followed.” Denham concluded “We’ve been informed of the changes. Organisations do not need to get prior approval from the ICO to change their approaches, but they do need to stay within data protection laws. We are looking into this.”

During the IAPP Europe Data Protection Congress taking place on the 7-10 of November in Brussels Denham will contibute and also give a speech.

WhatsApp will share user information with Facebook

26. August 2016

Jan Koum, one of WhatsApp’s founders, stated shortly after selling WhatsApp to Facebook in 2014 that the deal would not affect the digital privacy of his mobile messaging service with millions of users.

However, according to the New York Times WhatsApp is about to share user information with Facebook. This week, WhatsApp published a statement saying that it will start to disclose phone numbers and analytics data of its users to Facebook. By doing so, it will be the first time that WhatsApp will connect the data of its users to Facebook.

Furthermoere, due to the fact that WhatsApp begins to built a profitable business after its previous little emphasis on revenue, it is now changing its privacy policy to the extent that WhatsApp wants to allow businesses to contact customers directly through its platform.

WhatsApp commented on the new privacy policy “We want to explore ways for you to communicate with businesses that matter to you, too, while still giving you an experience without third-party banner ads and spam”.

The new privacy policy will allow Facebook to use a users’s phone number to improve other Facebook-operated services like making new Facebook friend suggestions or better-tailored advertising.

However, WhatsApp underlines that neither it nor Facebook will be able to read users’ encrypted messages and emphasizes that individual phone numbers will not be given to advertisers.

Koum explained that “Our values and our respect for your privacy continue to guide the decisions we make at WhatsApp” and went on “It’s why we’ve rolled out end-to-end encryption, which means no one can read your messages other than the people you talk to. Not us, not Facebook, nor anyone else” and concluded “Our focus is the same as it’s always been — giving you a fast, simple and reliable way to stay in touch with friends and loved ones around the world.”

WhatsApp’s new privacy policy raises concerns due to the lack of data protection. Therefore, the president of the Electronic Privacy Information Center, Marc Rotenberg commented that it is about to file a complaint next week with the Federal Trade Commission in order to prevent WhatsApp from sharing users’ data with Facebook. Rotenberg justified this approach as “Many users signed up for WhatsApp and not Facebook, precisely because WhatsApp offered, at the time, better privacy practices” he explained “If the F.T.C. does not bring an enforcement action, it means that even when users choose better privacy services, there is no guarantee their data will be protected.”

 

Request for European Commission to investigate “Pokemon Go”

25. August 2016

A Belgian Minister of European Parliament wants that the European Commission investigates the App “Pokemon Go” in order to determine whether the App is compliant with European data protection law and furthermore, to warn European citizens of the dangers caused by the App.

Therefore, the respective Minister of European Parliament, Marc Tarabella, commented that the App violates not only the General Data Protection Regulation but furthermore, that it might violate the Europeans E-Privacy Directive due to the fact that the App stores cookies and trackers on users’ smartphones. He added  “In their eyes, tracking personal data of people is clearly considered a game and a source of research or revenue” and concluded “In Europe, the protection of privacy remains a fundamental right. We have to react, warn and strongly condemn these massive scams.”

How to join the EU-U.S. Privacy Shield?

23. August 2016

In order to join the EU-U.S. Privacy Shield a company has to self-certify and therefore ensure the following requirements:

     1. The eligibility of the company has to be confirmed in order to participate in the

          EU-U.S. Privacy Shield.

     2. Development of a Privacy Policy that is compliant to the EU-U.S. Privacy Shield.

  • The Privacy Policy has to comply with the EU-U.S. Privacy Shield Principles.
  • The Privacy Policy has to refer to the Privacy Shield Compliance.
  • An accurate location for the Privacy Policy has to be provided and made sure that it is publicly available.

    3. Independent recourse mechanisms need to be identified.

  • Enforcement and Liability Principle: the company has to provide an independent recourse mechanism available to investigate unresolved complaints at no cost to the individual.

   4. Verification mechanisms need to be in place.

  • The company is required to have procedures in place for verifying compliance through self-assessments or third party assessments.

     5. Implementation of a person of contact.

  • The company is required to provide a contact with regard to questions, complaints, access requests, and any other issues arising under the EU-U.S. Privacy Shield.

 

Furthermore, the company has to pay a fee depending on the annual revenue:

Company’s Annual RevenueFee
$0 to $5 million$250
Over $5 million to $25 million$650
Over $25 million to $500 million$1,000
Over $500 million to $5 billion$2,500
Over $5 billion$3,250

Thomas de Maiziere aims to introduce a facial recognition software at train stations and airports in Germany

22. August 2016

Thomas de Maiziere, Germany’s Interior Minister, aims to introduce a facial recognition software at train stations and airports in order to support the identification of terror suspects. This suggestion was prompted by two Islamist attacks in Germany last month.

Due to the fact that internet software is able to determine whether individuals shown in photographs were celebrities or politicians Thomas de Maiziere commented that “I would like to use this kind of facial recognition technology in video cameras at airports and train stations. Then, if a suspect appears and is recognized, it will show up in the system”. He went on by explaining that such a system is already being tested in terms of the identification of unattended luggage, so that the camera reports the respective luggage to an authority after a certain number of minutes.

However, although other countries are also testing a similiar technology, Germany has been sceptical and has shown caution in terms of the introduction of surveillance due to historical events such as the abuses by the Stasi secret police in East Germany and the Gestapo under the Nazis.

 

 

EU-U.S. Privacy Shield – What does it mean in practice?

17. August 2016

Concerning U.S.-American Companies:

  • Annual self-certification that they meet the requirements
  • Displaying the privacy policy on their website
  • Replying in a reasonable period of time to any complaints
  • In case human resources data is processed: cooperation and compliance with European Data Protection Authorities

Concerning European Individuals:

  • More transparency about the transfer of personal data to the U.S. and an increase of the protection level of this data.
  • Cheaper and easier redress possibilities in case of complaints: either directly towards the company or with the support of the respective Data Protection Authority.

 

List of approved companies under the EU-U.S. Privacy Shield was released

16. August 2016

list was released last week containig about 40 companies that have been approved under the EU-U.S. Privacy Shield.

A spokesman of the Department of Commerce commented that this list would be updated continuously. He went on by saying that “There are nearly 200 applications currently involved in our rigorous review process.”

Nevertheless, the Wall Street Journal just released an article mentioning that due to the lack of legal uncertainty of the EU-U.S. Privacy Shield, companies demonstrate restraint in joining the agreement.

However, “we don’t expect a stampede to join it in the next few days, but rather a steadily growing wave over the long run, especially if European companies begin to favor Privacy Shield membership in competitive bids” concluded Jay Cline working with PwC.

Pokemon Go: Guidelines to be released by the Irish Data Protection Commisioner

12. August 2016

Due to the fact that the smartphone App called Pokemon Go inserts the animated creatures into real-life surroundings by using real-time GPS data and phone cameras the concern about the safety and privacy implications of location-based games and apps was raised.

  • In the US armed criminals using Pokemon Go lured teenage victims to an isolated place where they were robbed last month.
  • Iran became the first country to ban the game because of unspecified “security concerns” last week.
  • Also, the contract customers must agree to before using the game has been questioned by consumer watchdogs across Europe due to the fact that Pokemon Go’s terms of service abandon a player’s rights to courtroom representation as a plaintiff or class action member unless the player opts out within a month of the download.

A spokesman for Ireland’s Data Protection Commissioner commented that in regard to Pokemon Go “It was not aware of any specific data protection issues arising at this stage”. He continued by saing “However, like any smartphone app that seeks permissions in respect of users’ personal data, such as location data or for advertising or personalising services, there are privacy implications and users should make themselves aware of the terms to which they are agreeing in downloading and installing the app”.

The spokesman concluded that “In respect of location data, this office will be publishing detailed guidance early next week to assist individuals in understanding how organisations collect and process information relating to their location and their rights to the protection of their personal data.”

Pages: Prev 1 2 3 4 5 6 7 8 9 10 11 12 Next
1 6 7 8 9 10 12