EU Cookie / Privacy Laws: Implications On Data Collection And Analysis
June 25, 2012
Privacy is a very important issue when it comes to digital. The way data is collected online and what happens to it is a much-scrutinized issue (and rightly so).
Digital data collection is also exceedingly complex, perhaps a reflection of the organic nature, and subsequent explosion, of the internet. Hence even sophisticated users find it difficult to know everything, one can hardly expect normal digital users to know what’s really happening.
For example, people are really shocked when they hear that even with no web analytics or advertising analytics tool on a site their behavior on the site gets automatically logged into server web logs. Information like IP address, the page requested, time stamps, browser ids and more are stored. These server logs can then be used to do basic reporting using off the shelf software.
Another example, people don’t realize that, depending on the browser you use, being in Private Browsing or Incognito or InPrivate mode does not mean that no data about you is collected by the sites you visit. Being in InPrivate or Incognito mode simply means that no data (cookies, history, etc) is stored on your computer when you close the browser. If your employer or ISP monitors your web usage, then they can still track you when you are using Private Browsing/InPrivate/Incognito mode. [Be careful! :)]
So, it is complicated. You can understand why there’s a lot of confusion and scrutiny.
Two recent flare-ups highlight this scrutiny. The first was around Facebook and Twitter tracking your behavior across the web as you visited sites that use Facebook and Twitter social buttons, or integrate FB’s commenting system. The second flare-up is the evolving regulation in the European Union around the use of cookies.
In this post I want to cover the second issue, implications of some of the still-evolving EU cookie regulations. Though Europe is our primary focus, regardless of where you are located you’ll learn about web privacy, data collection, optimal tool decisions and how best to plan your data strategy.
[…]
EU Cookie / Privacy Laws: Implications On Data Collection And Analysis
ACTA in the EU: We Can't Call it Dead Yet
April 30, 2012 | By Gwen Hinze
The Anti-Counterfeiting Trade Agreement (ACTA) was dealt a major blow on April 12 when MEP David Martin, the European Parliament’s rapporteur for the agreement and member of the Committee responsible for delivering the recommendation [doc] to European Parliament to adopt or reject the agreement, announced that he would be recommending a “no” vote. While the prospects of the European Parliament ratifying the agreement seems to have fortunately lessened, it does not mean that it’s a fait accompli that the European Parliament will reject ACTA. As we’ve noted before, ACTA is a plurilateral agreement designed to broaden and extend existing intellectual property enforcement laws to the Internet. It was negotiated in secret by a handful of countries, in a process that intentionally bypassed the checks and balances of existing international IP norm-setting bodies without any meaningful input from national parliaments, policymakers, or their citizens. In our second post on the ACTA State of Play, we’ll look at what’s happening in Europe and why we should all be keeping a close eye on what’s happening in Brussels. (For those interested in US developments, please see our previous post here).
While the EU and 22 of its 27 member states signed ACTA in January, the European Parliament must vote to adopt it for it to become part of European Union law. A complex process is underway involving five European Parliamentary committees. The first step involves four committees: the Committee on Civil Liberties, Justice and Home Affairs (LIBE), the Committee on Industry, Research and Energy (ITRE), the Legal Affairs Committee (JURI), and the Development Committee (DEVE). Each must each review ACTA according to their Committee’s particular subject matter expertise, and deliver an opinion to the fifth and lead Committee, the International Trade Committee (INTA).
The INTA Committee plays the key role of recommending ACTA’s adoption or rejection to European Parliament. While INTA’s opinion is highly influential, it is not binding. The final step in the ratification process is a plenary vote of the Members of European Parliament. MEPs must decide whether to adopt or reject ACTA in its entirety; no amendments are allowed. The vote is currently scheduled for early July, but it may occur later. Here are two great infographics from the European Parliament and from French organizations La Quadrature du Net and Owni.eu which illustrate the whole process.
Apart from this process at the EU level, individual EU member states must decide whether or not to ratify ACTA. This is because the agreement requires countries to put in place broader criminal sanctions for those who infringe IP, and for those who aid and abet them. EU law is not harmonized in relation to criminal penalties for IP infringement. Criminal laws are within the exclusive legislative power of the individual EU member states and so they must ratify ACTA for those provisions to be given effect. Six member states have now suspended ratification of ACTA (Latvia, Poland, Czech Republic, Slovakia, the Netherlands and Bulgaria) and Germany has said that it will wait to see how the European Parliament votes before deciding to ratify.
There are many moving pieces in this puzzle and they each exert different levels of influence on the European Parliament’s vote. The European Commission referred ACTA to the European Court of Justice, the highest court in Europe, on February 22 for an opinion on its compliance with EU law. The European Parliament’s INTA Committee, at the instigation of MEP David Martin, the current Rapporteur of ACTA within the European Parliament, considered but rejected its own referral of ACTA to the European Court of Justice in March. If this had gone ahead, it would have delayed the European Parliament’s plenary vote beyond July. The European Data Protection Supervisor issued an opinion [pdf] on the European Parliament’s proposed accession to ACTA on April 24 that obliquely criticized ACTA by noting that it permits measures for indiscriminate monitoring of communications that would be disproportionate for small scale infringements. Specifically, it includes voluntary cooperative enforcement measures that would permit ISPs to process personal data beyond what is permitted under EU law, and lacks the necessary limitations and safeguards to protect EU citizens’ personal data under EU law.
[…]
Banks may not have to pay for phished users: German gets nasty TAN
27 Apr 2012 09:53 | by Nick Farrell
If you are dumb enough to fall for a phishing scam, you have only yourself to blame and your bank does not have to bail you out, a top German court has decided.
The German Federal Court of Justice in the southwestern city of Karlsruhe has ruled that clients, and not banks, are responsible for money lost in online phishing scams.
A German retiree lost $6,608 in a bank transfer fraudulently sent to Greece as part of a phishing scam.
According to the The Local, the man gave phishers 10 transaction numbers, also known as TAN codes, which are commonly used in German banks, on a site which looked like his bank’s site, Sparda Bank.
The court ruled the bank had specifically provided warnings to its customers against this practice, so the man was responsible.
The customer argued that the bank had a duty to protect its customers from the abuse of these codes. So far, however, the courts have not agreed.
Sparda Bank had warned that it was “widely known” that being asked to input multiple TAN codes was a sure fire sign of phishing.
It is not clear at this point how influential this ruling will be in the rest of the EU. Certainly we expect the court’s arguments will be touted in similar cases thoughout the region.
TechEye: Banks may not have to pay for phished users: German gets nasty TAN
Note: phishing schemes are evolving and soon much much harder to recognise. Time to leave the banks people. Taking our chances with a sock under the mattress or something like that may actually be a better idea than a bank.
Alliance of Liberals and Democrats in EU parliament rejects ACTA
25 April, 2012, via @Blonde_Phantom
The Alliance of Liberals and Democrats (ALDE) in the European parliament has announced it cannot support the Anti-Counterfeiting Trade Agreement (ACTA).
The ALDE leader, Guy Verhofstadt announced the group’s decision on Wednesday.
“Although we unambiguously support the protection of intellectual property rights, we also champion fundamental rights and freedoms. We have serious concerns that ACTA does not strike the right balance,” he said.
While the alliance maintained its support for “multilateral efforts to protect intellectual property rights,” Verhofstadt said it should be based on a “sectoral approach” that was transparent and rooted in “a publically discussed mandate.”
“Civil society has been extremely vocal in recent months in raising their legitimate concerns on the ACTA agreement which we share. There are too many provisions lacking clarity and certainty as to the way they would be implemented in practice,” he continued.
Verhofstadt also said ACTA “wrongly bundles together too many different types of IPR enforcement under the same umbrella,” eliminating the distinction between physical goods and digital services.
“Finally, the countries that are the main sources of counterfeit goods are not party to the agreement, so its value is questionable,” Niccolò Rinaldi, (IdV, Italy), ALDE spokesperson on ACTA in the EP international trade committee added.
Critics have long said ACTA was intentionally formulated to be as vague as possible.
On Tuesday, the European Data Protection Supervisor (EDPS) expressed his concerns that the agreement could have “unacceptable side effects on individual rights.”
The EU’s rapporteur on ACTA David Martin had further warned last week that ACTA could “interfere with fundamental freedoms.” He also said there would be no means to “guarantee adequate protection for citizens’ rights” once the treaty was ratified.
Martin told RTlast Thursday ACTA would ultimately turn internet service providers into a de facto police force.
While ACTA says it should only be for commercial purposes, Martain argues “‘commercial purposes’ are very weakly defined.” He also expressed the fear it could criminalize “young people who are quite innocently downloading films and music in the privacy of their own homes.”
“ACTA tried to deal with counterfeit goods – real physical goods – in the same treaty as it dealt with internet goods, the virtual [ones]. I don’t think the two are meant for the same treatment,”he said.
If the European parliament rejects ACTA, other EU members would not be able to ratify it. However, it could still come into effect if six of the agreement’s 31 signatories chose to do so, though it would not have any legal force within any state that had not individually ratified the act.
Currently, Australia, Canada, Japan, Morocco, New Zealand, Singapore, South Korea, the United States, the European Union, and 22 EU member states have signed ACTA, though no state has gone through with the ratification process.
Alliance of Liberals and Democrats in EU parliament rejects ACTA — RT
Online Copyright: #EU Court of Justice Rules Out Private and Automatic Censorship #IPRED #ACTA
Paris, February 16th, 2012 – The European Court of Justice rendered another decision in defence of freedoms online. In the SABAM vs. Netlog case, it declares that forcing a hosting service to monitor and filter online content violates EU law. This is a crucial and timely ruling, just when initiatives such as ACTA and the revision of the IPRED directive aim to generalise private and automatic online censorship to enforce an outdated copyright regime.
