On November 24, the European Parliament established new Internet policies, including a right to Internet access, net neutrality obligations, and strengthened consumer protections. Under the ePrivacy directive, communications service providers will also be required to notify consumers of security breaches, persistent identifiers (“cookies”) will become opt-in, there will be enhanced penalties for spammers, and national data protection agencies will receive new enforcement powers. The amended directive takes effect with publication on December 18 in the EU Official Journal. Member states then have 18 months to transpose the Directive into national law. See EPIC Privacy Law Sourcebook.
Tags: law, privacy, security
NO COMMENTS
The European Network and Information Security Agency has released a new report on Cloud Computing. The ENISA report recommends that European officials determine the application of data protection laws to cloud computing services. The report also considers whether personal data may be transferred to countries lacking adequate privacy protection, whether customers should be notified of data breaches, and rules concerning law enforcement access to private data. Earlier this year, EPIC filed a complaint with the Federal Trade Commission, urging the Commission to examine the adequacy of privacy safeguards for cloud computing services. A subsequent letter by computer researchers, addressed to Google CEO Eric Schmidt, raised similar concerns. See EPIC Cloud Computing.
Today, EPIC filed a Freedom of Information Act appeal,
seeking disclosure of NPSD 54, the classified Directive that
describes a National Security Agency program to monitor American
computer networks. EPIC submitted the original request to shed light
on the extent of the federal government’s surveillance of civilian
computer systems, but the agency refused to disclose the document.
EPIC’s appeal warns that the NSA’s improper withholding of the
Directive “flatly contravenes” the President’s policy on open
government and “explicit FOIA guidance promulgated by the
Attorney General.” EPIC further stated, without public disclosure
of the Directive, “the government cannot meaningfully make assurances about
the adequacy of privacy and civil liberties safeguards.” For more
information, see EPIC Open Government.
“Reconceptualizing the FTC’s Understanding of Privacy”
Marc Rotenberg,
EPIC Executive Director
IAPP Confernce
Willard Hotel
Washington, DC
December 8, 2009
FTC Privacy Roundtable: Exploring Existing Regulatory Frameworks
Marc Rotenberg,
EPIC Executive Director
FTC Conference Center
Washington, DC
December 7, 2009
Today, the Department of Homeland Security proposed to make permanent Global Entry, a program the agency says will “streamline the international arrivals and admission process at airports for trusted travelers through biometric identification.” Under the proposed system, pre-registered international travelers can bypass conventional security lines by scanning their passports and fingerprints at a kiosk, answering customs declaration questions, and then presenting a receipt to Customs officials. The DHS announcement follows the recent news that Clear, a Registered Traveler program, had entered bankruptcy, raising questions about the possible sale of the biometric database that was created. In 2005, EPIC testified before Congress that the absence of Privacy Act safeguards for Registered Traveler programs would jeopardize air traveler privacy and security. The agency is taking comments on the proposal. For more information, see EPIC Air Travel Privacy, EPIC Biometric Identifiers, EPIC Automated Targeting System, and EPIC Whole Body Imaging.
ACLU
Daily Kos
Electronic Frontier Foundation (EFF)
Electronic Privacy Information Center (EPIC)
European Digital Rights
Ixquick Search Engine
Privacy Rights Clearinghouse