Friday, 24 March 2017

Senate votes to let ISPs sell your Web browsing history to advertisers | Ars Technica

Senate votes to let ISPs sell your Web browsing history to advertisers | Ars Technica: "The rules were approved in October 2016 by the Federal Communications Commission's then-Democratic leadership, but are opposed by the FCC's new Republican majority and Republicans in Congress. The Senate today used its power under the Congressional Review Act to ensure that the FCC rulemaking "shall have no force or effect" and to prevent the FCC from issuing similar regulations in the future.

 The House, also controlled by Republicans, would need to vote on the measure before the privacy rules are officially eliminated. President Trump could also preserve the privacy rules by issuing a veto. If the House and Trump agree with the Senate's action, ISPs won't have to seek customer approval before sharing their browsing histories and other private information with advertisers." 'via Blog this'

Free Speech and Protected Privacy: Balancing Two Human Rights 5 April 1pm

Free Speech and Protected Privacy: Balancing Two Human Rights : News and events : ... : Law : University of Sussex: "Free Speech and Protected Privacy: Balancing Two Human Rights
Wednesday 5 April 13:00 until 14:30
Ashdown House, Room 101

Speaker: Hugh Tomlinson QC, Matrix Chambers

Part of the series: Sussex Centre for Human Rights Research

Hugh Tomlinson QC, a member of Matrix Chambers, is a noted specialist in media and information law including defamation, confidence, privacy and data protection. " 'via Blog this'

Thursday, 23 March 2017

Thank heavens the wrangling over BT's Openreach separation has ended • The Register

Thank heavens the wrangling over BT's Openreach separation has ended • The Register: "What hasn’t changed under the legal separation, as opposed to a structural one, is where Openreach’s profits go, with Shurmer noting they "will flow back to the BT Group”. The group's budget will also be controlled by BT.  In terms of investment, the announcement will make no difference to BT’s current broadband roll-out plans. “This agreement is based on the guidance we have already given the city around our investment plans, so there is no change there."

The biz is currently connecting 10 million customers to its ultrafast hybrid fibre and copper G.Fast and 2 million "pure fibre" connections by 2020. Critics have said the biz is relying too much on G.Fast over full fibre.

 However, Shurmer hinted the new structure could help boost further investment. "But what we do have now with this new consultation process is this new approach to developing a business case for future network investment." 'via Blog this'

Home Office admits it's preparing to accept EU ruling on surveillance • The Register

Home Office admits it's preparing to accept EU ruling on surveillance • The Register: "Other than the notable omission of a draft code of practice on communications data alongside the other draft codes published last month, it has been unclear whether the Home Office had paid any attention to the ruling at all – until last Friday, when an IT tender relating to the Investigatory Powers Act made mention of a "a new communications data independent authorising body", which was spotted by the Open Rights Group.

 Regarding the new authorising body, a Home Office spokesperson repeated to The Register that it was "disappointed" and "carefully considering [the ruling's] implications".

"The government will vigorously defend the fundamental powers in the Investigatory Powers Act because they are vital to the police and intelligence agencies in arresting criminals, prosecuting paedophiles and preventing terrorist attacks," the spokesperson added. "We will provide Parliament and the courts with an update on our response to the judgment in due course."

 While the ambiguity of "in due course" has become something of a running joke for those asking questions of the department, it did also inform us that although the CJEU ruling was specifically directed at a previous bit of legislation which the Investigatory Powers Act replaced, DRIPA, it was currently considering how the ruling would affect the new Snoopers' Charter. 'via Blog this'

Wednesday, 22 March 2017

The world's leading privacy pros talk GDPR with El Reg • The Register

The world's leading privacy pros talk GDPR with El Reg • The Register: "The European Court of Justice ultimately conceded that Safe Harbor was indeed invalid, and suddenly there was no legal basis for American megacorps to continue quaffing Europeans' data. Not that those companies cared, or agreed even. Facebook, Microsoft, and Salesforce have continued to shuttle Zuckabytes back home through "model clauses" contracts, a measure which is again being challenged by Schrems.

 Even if this workaround is shot down during the ongoing court case in Dublin, however, both the EU and US share much about privacy in terms of cultural values regarding privacy, suggested Hughes." 'via Blog this'

Monday, 20 March 2017

Selling your soul while negotiating the conditions: from notice and consent to data control by design | SpringerLink

Selling your soul while negotiating the conditions: from notice and consent to data control by design | SpringerLink: "This article claims that the Notice and Consent (N&C) approach is not efficient to protect the privacy of personal data. On the contrary, N&C could be seen as a license to freely exploit the individual’s personal data. For this reason, legislators and regulators around the world have been advocating for different and more efficient safeguards, notably through the implementation of the Privacy by Design (PbD) concept, which is predicated on the assumption that privacy cannot be assured solely by compliance with regulatory frameworks. In this sense, PbD affirms that privacy should become a key concern for developers and organisations alike, thus permeating new products and services as well as the organisational modi operandi.

Through this paper, we aim at uncovering evidences of the inefficiency of the N&C approach, as well as the possibility to further enhance PbD, in order to provide the individual with increased control on her personal data. The paper aims at shifting the focus of the discussion from “take it or leave it” contracts to concrete solutions aimed at empowering individuals. As such, we are putting forth the Data Control by Design (DCD) concept, which we see as an essential complement to N&C and PbD approaches advocated by data-protection regulators. The technical mechanisms that would enable DCD are currently available (for example, User Managed Access (UMA) v1.0.1 Core Protocol).

We, therefore, argue that data protection frameworks should foster the adoption of DCD mechanisms in conjunction with PbD approaches, and privacy protections should be designed in a way that allows every individual to utilise interoperable DCD tools to efficiently manage the privacy of her personal data. After having scrutinised the N&C, PbD and DCD approaches we discuss the specificities of health and genetic data, and the role of DCD in this context, stressing that the sensitivity of genetic and health data requires special scrutiny from regulators and developers alike. In conclusion, we argue that concrete solutions allowing for DCD already exist and that policy makers should join efforts together with other stakeholders to foster the concrete adoption of the DCD approach." 'via Blog this'

Co-regulation in EU personal data protection: the case of technical standards and the privacy by design standardisation 'mandate' | Kamara | European Journal of Law and Technology

Co-regulation in EU personal data protection: the case of technical standards and the privacy by design standardisation 'mandate' | Kamara | European Journal of Law and Technology: "The recently adopted General Data Protection Regulation (GDPR), a technology-neutral law, endorses self-regulatory instruments, such as certification and technical standards. Even before the adoption of the General Data Protection Regulation, standardisation activity in the field of privacy management and data security had emerged.

In 2015, the European Commission issued the first standardisation request to the European Standardisation Organisations to develop privacy management standards based on art. 8 of the EU Charter of Fundamental Rights.

There is a rising shift from command-and-control regulation to the inclusion of co-regulation tools in the EU data protection legislation. The aim of this article is to provide insights on the role of standardisation as a form of co-regulation in the data protection context. " 'via Blog this'