Category: European Data Protection
14. December 2016
As it was just reported by huntonprivacyblog, that Politico released an article saying that the European Commission wishes to upgrade the e-Privacy Directive to a Regulation.
This upgrade would cause highly important legal consequences under European law due to the fact that a Directive needs to be implemented in to national law, whereas a Regulation implies requirements that are directly applicable in the Member States.
The draft of the Regulation, which was leaked to Politico, tries to complete the European GDPR. As Politico explained, the draft was last reviewed on the 28th November 2016. It is expected that it will be officially published at the beginning of 2017.
The e-Privacy Directive shall protect privacy and confidentiality of users of electronic communication services.
30. November 2016
Recently, Italy, Latvia, Poland, Hungary and Croatia, have proposed a new legislation, which could facilitate police investigators to access the different entities’ encrypted information in order to make it easier to crack open encryption technology.
According to the Polish officials, “One of the most crucial aspects will be adopting new legislation that allows acquisition of data stored in EU countries in the cloud”.
European countries were asked by the Slovakian government (which holds the current presidency of the EU Council) to identify the way, in which their law enforcement authorities deal with technology preventing from the communication interception as long as they are not authorised to get the information.
Via a freedom of information request, twelve countries, amongst others Finland, Italy, Swedem or Poland, responded to the Dutch internet rights NGO Bits of Freedom, that they frequently encounter encrypted data while carrying out criminal investigations. The UK and Latvia indicated that it happens ‘almost always’.
Ultimately a dispute on prohibiting or creating backdoors in order to weaken encryption for digital and telecommunication services has raised among Germany and European Union.
Even though Germany has dismissed charges that the government is pushing companies to create encryption backdoors in their products, Angela Merkel has announced that investigators will pay more attention to tracing criminals who use the darknet and encryption, especially since the shooting in Munich in July.
So far however, Europol, ENISA and the Commission´s vice president Andrus Ansip oppose creating the backdoors weakening encryption.
29. November 2016
This week, Reuters reported that the European Parliament lawmakers supported a data-sharing agreement with the USA, which aims at safeguarding the data exchange between national authorities, in order to improve security and simplify investigations in terms of terrorism.
Basically, the agreement supports personal data such as names, addresses and criminal records in case an exchange by law enforcement agencies in both Europe and the USA takes place.
Axel Voss explained that “EU citizens will have the same rights as U.S. citizens when they seek judicial redress before U.S. courts. This is a major step for the enforcement of fundamental rights for EU citizens.”
What triggered the implementation of such an agreement?
After the mass spying in 2013 by the USA, which caused privacy concerns over the question “What do enforcement agencies with the gained data after colleting it?” the need to find a regulation concerning the gathering, sharing and storing of personal data became more important than ever.
What is the following process?
It is expected that the entire Parliament approves this agreement on the 1st of Dezember 2016. From then on, the respective ministers for justice and home affairs of the 28 European Member States have to sign off the agreement in the coming weeks.
17. November 2016
This week, Reuters reported that U.S. internet companies, such as Facebook and Amazon have sent a detailied letter including a list of their policiy priorities to President-elect Donald Trump. Among the topics of these policies are encryption, immigration reform and maintaining liability protections from user’s content.
The mentioned letter was sent by the so called Internet Association, which is a group of 40 members, also including Alphabet’s Google, Uber and Twitter. The letter tries to repair the relationship between the internet giants and Trump due to the fact that he was almost universally disliked during the presidential campaign.
The president of the Internet Association, Michael Beckermann signed the letter talking about “The internet industry looks forward to engaging in an open and productive dialogue”. Furthermore, Beckerman issued a statement syaing that the internet industry looked forward to working closely with Trump and lawmakers in Congress in order to “cement the internet’s role as a driver of economic and social progress for future generations.”
The letter describes some of the policies which go along with Trump’s prior statements, for example easing the regulation on the sharing economy and applying pressure on Europe to not erect too many barriers that restrict U.S. internet companies from growing in that market.
However, other topics are likely to be opposed with Trump’s campaign as he offered numerous broadsides against the tech sector.
15. November 2016
Motherboard online just published numbers that were disclosed by the FBI concerning whether the FBI is able to unlock most devices they need to get into.
According to General Counsel Jim Baker the FBI is able to unlock or/and access data stored on both smartphones and computers. This statement is supported by the numbers that were released.
In 2016 the FBI
- has encountered passwords or passcodes in 2,095 out of 6,814 – 31%,
- with regard to the 2,095 devices that were locked, the investigators were able to get access in 1,210 cases and
- couldn’t unlock around 880 devices.
- In conclusion, in the vast majority of cases, namely 87%, the FBI was able to access the data that was needed.
Concidering that the FBI and Apple fought in court earlier this year regarding the FBI’s request to help breaking into the iPhone of an alleged terrorist who killed 14 people in a shooting and that this case led to a battle on encryption in which the FBI argued that encryption, which cannot be broken, supports criminal investigations rather than making them harder due to the fact that access to the data can sometimes lead to important evidence on a suspect or on a victim’s phone or computer.
However, the mentioned numbers, that have so far never been published, “demonstrate that even with encryption turned on by default on all newer iPhones and some Android phones, it is posing a problem in a relatively small number of cases – while that same encryption is presumably preventing a wide range of crimes”, according to Kevin Bankston, the director of the New America.
11. November 2016
The IAPP just published an article saying that INTERPOL calls on governments around the world to share terrorists’ biometric data in order to increase global security.
This statement was issued by INTERPOL’s General Assembly saying that it currently possesses information about 9,000 terrorists. However, only 10 percent of these files include biometric information. INTERPOL’s Secretary General, Jürgen Stock, explaines that this can be seen as “a weak link” in the prevention of terrorism.
On one side, some countries – among these are multiple ASEAN countries – have taken big steps with regard to data sharing as they have recently agreed to share biometric data for the purposes of counter-terrorism. On the other side, many governments are still discussing how to handle biometric data domestically. So the sharing of data would be one step ahead.
However, governments worldwide becoming more and more interested in biometric security which might help to fight terrorism. The mentioned suggestion of INTERPOL might also increase this kind of cooperation.
8. November 2016
As the IAPP just published online, 10 of the 16 German Data Protection Authorities, have begun to assess firms’ transfer of personal data to cloud services based outside of the EU.
According to a joint statement of the respective Data Protection Authorities this is due to the fact that cross-border personal data transfers are growing massively, because of globalization and the rise of software-as-a-service.
Therefore, a mass audit is conducted, which takes about 500 randomly selected companies of various sizes into account. This audit is based on questionnaires asking about their transfers of employee and customer personal data to third countries, in particular to the U.S. while using services such as:
- office apps,
- cloud storage,
- email and other communications platforms,
- customer service ticketing,
- support systems and
- risk management and compliance systems.
In case a company transfers personal data to third countries, it has to show the legal grounds they are using, for example Standard Contractual Clauses or the EU-U.S. Privacy Shield.
2. November 2016
The Article 29 Working Party published a statement on the EU-U.S. Umbrella agreement at the end of October.
On one side, the statement shows signs of support for the EU-U.S. Umbrella Agreement. However on the other side, it delivers recommendations in order to make sure that the agreement is compliant with European data protection law.
In general, the Article 29 Working Party supports the creaction of a general data protection framework in order for international data transfers to be compliant with national, European and international data protection laws. Therefore, the Article 29 Working Party elaborates that the respective agreement “considerably strengthens the safeguards in existing law enforcement bilateral treaties with the U.S., some of which were concluded before the development of the EU data protection framework”.
However, it is also mentioned that clarification is needed in terms of definitions, for example how to define personal data and data processing, due to the fact that European and U.S law have different opinions on what is meant by these terms.
31. October 2016
The IAPP reported, that the Article 29 Working Party issued a warning concerning possible violations of European data protection regulations in form of a letter to both Yahoo and Whatsapp.
Both companies have been topic of public debate due to the way they handle the personal data of users. The concerns of the Article 29 Working Party regarding WhatsApp are that the company shares data with Facebook. Whereas, the objections towards Yahoo are raised due to both data breaches in 2014 and due to the allegation that the company scans incoming user emails for U.S. law enforcement agencies.
Therefore, the Article 29 Working Party requests that both companies provide more information on the problems. It can not be ruled out that investigations are launched and fines are imposed.
28. October 2016
As the website of the European Court of Justice just released, is the EU-U.S. Privacy Shield being challenged by Digital Rights Ireland, an Irish privacy advocacy group.
The facts of this case (Digital Rights Ireland v Commission; Case T-670/16) are as follows:
- Digital Rights Ireland has filed an action for annulment against the European Commission’s adequacy decision on the EU-U.S. Privacy Shield.
- There has been no comment from Digital Rights Ireland yet.
- No documents have been published with regard to the case so far.
- However, as HuntonPrivacyBlog reported “(…) media sources quote a spokesperson for the European Commission acknowledging the case and stressing the European Commission’s conviction that the Privacy Shield meets all legal requirements.”