“Embedded Devices: How Electronic Conveniences Affect Privacy and Discovery” at the Masters Series for Legal Professionals in NYC
This panel was presented at the Masters Series for Legal Professionals, recently held in NYC on July 19, 2011.
The panel was moderated by Steve Akers, CTO and Founder of Digital Reef, Inc. Panelists included Daniel Garrie, ESQ, Special Master and Mediator in eDiscovery and Daniel K. Gelb, Gelb & Gelb LLP.
The panel discussed issues arising when discoverable data are stored in the “cloud”, mobile apps, mobile phones, iPads, GPS tracking devices and more.
- My social summary is out! http://smf.is/1vlsaP (w/ @logicalextremes, @digiphile & @caparsons) #
- The Ediscovery and DataProtection Daily is out! Top stories today via @10comm , @CindyOlson @AmyParalegal7 @reiserlaw http://bit.ly/pUHDf7 #
- good points! RT @jkubicki: Interested to hear if folks agree w me in this article. RT @eudiscovery: Google+… (cont) http://deck.ly/~JeYcm #
- Google+: 5 Legal Issues for Businesses http://bit.ly/nlc00j #ediscovery #socialmedia #
- Twitter, Facebook, and the peril of e-discovery http://bit.ly/pvrnWs #ediscovery #
- Ediscovery and DataProtection Daily is out! http://bit.ly/n02JL6 ▸ Top stories today via @theshreddinga @bowtielaw @wotnobs10012 #
- Europe says no to US cloud http://bit.ly/om7VR6 #privacy #dataprotection @jdp23 #
- Insulin pumps, monitors vulnerable to hacking http://bit.ly/ffb1 #privacy #security #
- .@ComplexD, @kashhill & @PrivacyCamp thnx for bringing me my top news! http://smf.is/1vkiIa #
- AOL, Spotify, GigaOm, Etsy, KISSmetrics sued over undeletable tracking cookies http://bit.ly/oT7gLC #privacy #
- My social summary is out! http://smf.is/1vj9Rx (w/ @gohsuket, @RWW & @nigroeneveld) #
- Sufjan Stevens, rain or shine. http://t.co/eDBn93u #
- Ediscovery and DataProtection Daily is out! http://bit.ly/n02JL6 ▸ Top stories today via @darekkloza @orangelt @mediawhizz #
- "TeachPrivacy's Education Privacy Blog" and more in my summary http://smf.is/1vi08C (via @digiphile, @MaasJonathan & @IntegreonEDD) #
- Mobile devices cause a rise in #databreaches http://bit.ly/pSX36c #privacy #security #
- How do we protect #privacy in the digital age? http://bit.ly/ohPNSY #
- Microsoft’s cloud credentials http://tgr.ph/qraeNV #privacy #dataprotection > what about the Patriot Act? #
- Facebook's facial recognition violates German #dataprotection laws (opt-out option is NOT express consent) http://bit.ly/pBIPgx #privacy #
- Thanks to @getwired, @EFF & @ashk4n for curating my social summary! http://smf.is/1vgXQ6 #
- Thnx! RT @hellrazr: RT @eaced: Online Directories and #Privacy The Story of Jo Average Jr., Part 1 http://t.… (cont) http://deck.ly/~9M1J1 #
- Thanks for RT! @10comm: Why Jo Average couldn't find a job via his online resume or the internet privacy blast… (cont) http://deck.ly/~VAI4S #
- Thnx!!!!RT @clarinette02: RT @abhikpramanik: How To Remove Yourself From Background Check Services And Disappe… (cont) http://deck.ly/~T0FkH #
- correcting previous broken link #privchat please read a related blog post I wrote & leave yr comments! http://bit.ly/qM774t #
- RT @jccannon7: @EUdiscovery link seems broken. > thnx! you're right, I'll re-post #
- Thanks @EPICprivacy & congrats on hosting your 1st #privchat #
- #privchat @clarinette02 awareness is good, but not enough; keeping privacy online has become full time job; unsustainable #
- #privchat A3: check out this very interesting article re face recogn http://bit.ly/nQu5aK #
- #privchat A3; Facial Recognition techn. still flawed:>50% inaccurate #
- #privchat A3: some States use FR tech. to issue moving violations, State Dpt uses it to refuse visas #
- #privchat They ARE the state RT @jdp23: G+ demands proof of any name they deem "suspicious". in http://is.gd/… (cont) http://deck.ly/~vHT4Q #
- #privchat A2: Google+, FB want to take away pple's last resort of participating online w/o being monetised #
- #privchat Q: does H.R. 1981 still include exemption for wireless communications? #
- #privchat Monique Altheim, attorney in NY #
- Personal data law comes into full force, Medvedev signs more restrictive amendments http://bit.ly/oy8ppD #privacy #
- #privacy RT @EPICprivacy: Topics for Today's #PrivChat have been posted @ epic.org/privchat #
- Just got my summary with top news from @ComplexD, @kashhill & @MaasJonathan http://smf.is/1vfRqX #
- Judge Peck and Predictive Coding at the Carmel #eDiscovery Retreat http://bit.ly/rlXfWD #
- New Layar Vision recognises real world objects and displays AR objects on top http://bit.ly/p19OyV #AR (augmented reality) #
- http://on.mash.to/nVIZvP Intuit Brainstorm Helps Companies Surface Good Ideas #cloud #
- Understanding the differences between public and private #cloud computing http://bit.ly/nMQfRM #privacy #security #
- WARNING: Personal Data Mined From Facebook Photos http://bit.ly/p1hQDy #privacy #security #
- Advocates Push To Protect Elderly, Poor from Web Fraud http://bit.ly/qJOYUk #privacy #
- Russian #Privacy Law Seen as Costly Burden http://bit.ly/rklnia #
- Microsoft Stirs #Privacy Controversy, Live.com Exposes Location Data of Users http://bit.ly/o0zP99 #
- E-Discovery Process, Policy More Important Than Tools http://smf.is/1veJ4y (via @summify from @DiscoverTERIS, @ComplexD, and 3 others) #
- Deadliest e-Discovery: When Cameras, Hard Drives & Fishing Boats Collide http://bit.ly/oT5mcT #ediscovery #
- Lawyers: Don’t Be Late to the Google+ Party http://bit.ly/oKPe6S #socialmedia #
- Read Ediscovery and Data Protection ▸ today's top stories via @dataguidance @bowtielaw @nuix ▸ http://t.co/4BXupfQ #
- http://bit.ly/nvczJe New online database launched by the Commission to make legal data on unfair commercial practices available (EU) #
- Another Reason Facebook Wants a Web of Real Identities: Commerce http://bit.ly/roHUYz #privacy #
- My top news stories: http://smf.is/1veJ4N thanks @IsCool, @ForbesTech & @ComplexD #
- Can Microsoft Make You ‘Bing’? http://nyti.ms/nqrg8E #
- Thanks to @_pidder_, @10comm & @sambowne for curating my social summary! http://smf.is/1vdzpm #
- HIPAA Access Reports Could Aid Malpractice Attorneys http://bit.ly/rtrpi3 #privacy #
- Thanks for sharing great news! http://smf.is/1vcswX @IsCool, @netfreedom & @Drudge_Report #
- Agreement is being announced NOW! RT @Reuters: President Obama to make statement on Sunday night http://reut.rs/pCWUJM #
- Social Media Engagement: Feds Need Better (#privacy) Policies http://bit.ly/oUNxVO #
- Thanks for sharing great news! http://smf.is/1vbjvp @PosseList, @jeffjarvis & @ProjectCounsel #
- RT @ronfriedmann: LTN: E-Discovery Certification: Sham Exams? http://bit.ly/ppGxJ6 || Look forward to readin… (cont) http://deck.ly/~lPYPw #
- RT @ComplexD: Star Trek Meets e-Discovery: Episode One – Captain Kirk is Ordered into the Neutral Zone – http:… (cont) http://deck.ly/~7JRLB #
- RT @ComplexD: International Electronic Discovery (Podcast) http://tinyurl.com/3qre8wn (Karl Schieneman, George Rudoy, Ron Hedges) #
- RT @bowtielaw: Email Authentication: More Than Reading an Email http://bit.ly/o8gXUa #ediscovery #
- NSTIC will require #privacy legislation, say groups http://bit.ly/oksvk7 #
- Lack of Privacy Won't Hamper Yandex http://bit.ly/pkJ0qd #
- House Panel Approves Child-Porn Bill, Despite Data-Privacy Concerns http://bit.ly/nYbsw5 one more #ediscovery source #dataretention #
- House Panel Approves Child-Porn Bill, Despite Data-Privacy Concerns http://bit.ly/nYbsw5 #privacy #
- Massive #DataBreach of South Korea Portal Affects 35 Million Users http://bit.ly/p2lV0w #
- Twitter Weekly Updates for EUdiscovery http://bit.ly/paTSlB #privacy #ediscovery #socialmedia #
- There is no such thing as anonymous online tracking http://bit.ly/ntcG4e #privacy #deanonymization #
- Thnx! RT @PrivacyCamp: #FollowFriday @CenDemTech @MSFTPrivacy @PRC_Amber @EUdiscovery @moniquealtheim @EFF @Th… (cont) http://deck.ly/~0xucm #
- RT @kashhill: Hidden Spy Cams In Bathrooms: Naughty If You’re A Landlord, Okay If You’re Law Enforcement? http://onforb.es/oXK85O HT #
- Russia Enacts Amendments to Data #Privacy Law http://bit.ly/owNOlN #
- My latest blog post: Online Directories and Privacy: The Story of Jo Average Jr., Part 1 http://bit.ly/qM774t #dataprotection #
- Online Directories and Privacy: The Story of Jo Average Jr., Part 1http://bit.ly/qM774t (>my latest blog post) #
- #eDiscovery Breaking News: News International to Suspend Deletion of Emails and Other Documents http://snipr.com/tdr04 #
- #Socialmedia posts can impact insurance prices and coveragehttp://snipr.com/tdsdr #
- Facial recognition going wild http://bit.ly/nI0Zbg #privacy #
- RT @GetAbine: Researchers launching software, called Ninja Metrics, to data mine MMOs: http://ow.ly/5OOxR #videogames #privacy #privchat #
- Cloud Computing for Regulated Industries: Security Requirements Differ (US) http://bit.ly/oTEOxf #
- E-commerce merchants tighten credit card data security to protect brand http://bit.ly/oKQM74 #
- Top 10 tips for avoiding a costly security breach http://bit.ly/qr1EVw #databreach #
- NetIQ Security Survey Reveals Data Theft Surge Despite Increased IT Security Budgets http://bit.ly/njJMfH #
- Ontario cancer tests may be lost in mail http://bit.ly/o3Mrlt #databreach #privacy #
- UN Privacy Regulator Needed to Enforce #DataProtection (Jacob Kohnstamm) http://bit.ly/rfDIpo #privacy #
- Five Top Data Center Protection Challenges and Best Practices for Overcoming Them http://bit.ly/nroc4B #
- European Cookie Legislation: Pragmatic advice for five jurisdictions http://bit.ly/p9Vl1F #privacy #
- The Oddball U.S. Privacy Law That’s Keeping Netflix Away From Facebook http://bit.ly/od1FBp #
- How customized data isolates us http://bit.ly/mQZPVf #filterbubble #
- iPhone ediscovery management http://bit.ly/qu4fXk #
- Fingerprint scanner to spot the living dead http://bit.ly/pj8CQu #biometrics #
- Anonymous Does ‘Italian Job’ Data Heist On Police http://bit.ly/pPTrDf #
- Google+ and the loss of online anonymity http://bit.ly/n9EpDJ #privacy #
- RT@PrivacyMemes ReadWriteWeb’s Top Trends of 2011: Privacy http://bit.ly/n7lhnQ #privacy #
- Why Google cares if you use your real name http://bit.ly/ojFkqe #privacy #
- Thnx! RT @stevenvine: #privacy #FF – @CenDemTech @PrivacyCamp @JulesPolonetsky @EUdiscovery @steph3n @PRC_Ambe… (cont) http://deck.ly/~jRFCa #
- Thnx! RT @SophieToupie: #FF @mklubok @viggo_Andersen @Tips4Tech @clarinette02 @EUdiscovery @nefertaritwit @laylasabourian #
- #FF @JurInnov @Tips4Tech @nicoschunter @burgessct @clarinette02 @bradykrissesq @2Britt @JeffClarkCT @IntegreonEDD @kenneth_aa @gohsuket #
- #FF @RashbaumAssoc @antigonepeyton @globaledd @ComplexD @bikespoke @shaundakin @OpiceBlum @chrisdaleoxford #
- Thnx RT @stevenvine: #privacy #FF – @CenDemTech @PrivacyCamp @JulesPolonetsky @EUdiscovery @steph3n @PRC_Ambe… (cont) http://deck.ly/~h369i #
- Thnx! RT @PrivacyCamp: #FollowFriday @CenDemTech @PRC_Amber @PogoWasRight @slashdot @steph3n @shawnetuma @Jule… (cont) http://deck.ly/~r93Md #
- #ediscovery Symantec Finds Enterprises That R Not Preserving #SM Business Content Risk Increased Litigation Co… (cont) http://deck.ly/~w7ucj #
- North Carolina adopts rules to govern electronic discovery http://bit.ly/qazC6O #ediscovery #
- Class Action Suit Filed Against Dropbox over #DataBreach http://bit.ly/nb3b9D #privacy #
- FL DMV Sold Entire State Database of Licensed Drivers 2 Private Data-Mining Company; Profited $63 Million http://bit.ly/pO5o37 #privacy #
- How safe is your privacy? http://bit.ly/qzvReP another one, but worth reading #
- New App launches converting your iPad into an easy-to-use Visitor Registry. http://bit.ly/r8SVLH #privacy #
- Mobile Devices Increase Need to Protect PHI http://bit.ly/onEuzm #privacy #HIPAA #
- CHIME urges that the access report requirements be left out of a final rule. http://bit.ly/oFTVlf #HIPAA #HITECH #privacy #
- Phone hacking investigation widens to sale of private details http://bit.ly/nQ5Mbq #privacy #
- Stanford study shows online consumer privacy tools flawed http://bit.ly/okJBqX #
- Lawmakers Question Groupon on Privacy http://bit.ly/qiMhHS #
- NATO Hack Shines Spotlight on Widespread Data Security Weaknesses http://bit.ly/oW3B3w #
- Twitter Weekly Updates for EUdiscovery http://bit.ly/ctUM50 #privacy #socialmedia #ediscovery #cloud #
- Commerce Department Will Push #Privacy Codes of Conduct http://bit.ly/oNPuLo #selfregulation #
- Regina (CA) doctor cited in ‘largest breach of patient privacy’ in legislation’s history http://bit.ly/nY9oOh #databreach #privacy #
When employer John Justlucky Sr. reads Jo’s resume, he is impressed by Jo’s qualifications and decides to quickly google his name and city. There is no one else with Jo’s name in his city, so it is easy to find him on google. On top of the first google results pages are two ads screaming for John’s attention: One says: Info on Jo Average Jr. It is by http://www.ussearch.com
The other one says: We found Jo Average Jr!!!!! It is by http://www.intelius.com.
How can John resist? After all, he is doing his due diligence. So he clicks on one of the links, types in Jo’s name, and up pops a profile page with Jo’s age in big letters: 57. John Justlucky Sr. quietly deletes Jo’s resume and proceeds to look at the next one.
After a few weeks of no responses Jo starts to wonder whether he is doing the right thing and decides to take a resume building class. The teacher advises the class to check their online search pages in order to make sure there are no embarrassing pictures from Facebook when potential employers google their name.
Jo is not on Facebook, so he knows he has nothing to worry about. He has an old LinkedIn page, that he created five years ago when he was unemployed for a couple of months. He found another job very quickly though, and never bothered to update his profile while he was so busy at his new work. But now he has the time and decides to spruce up his online image with a detailed report on his LinkedIn profile about his extensive experience accumulated over the past five years. Jo knows that potential employers and recruiters might look him up online and find his LinkedIn profile.
Jo finally gets around to check his Google search results, anticipating to see his updated LinkedIn profile on top of the list. But instead he sees the two ads, mentioned above, followed by an ad by http://www.spokeo.com/ promising to find Jo Average Jr.’s address, email, phone, family, friends, hobbies, age, you name it.
Jo nervously clicks on Spokeo.com, fills in his name, and one click away he is staring at a streetview picture of his home, his street, his entire neighborhood.
His wife’s and three children’s names and ages are also neatly displayed for all to see. For a couple of dollars he, or any complete stranger, can even find out how much money he makes, how many assets he has and how much money he owes.
Jo wonders how come he was never notified by Spokeo, Intelius, or Ussearch that he was going to be included in such directories, and why he was never given a choice whether to be included or not.
He now starts to think: If there are three online directories on the first Google search page, for sure there must be more on the following pages? He googles “online directories” and in a split second the results come up: 121 million search results…
Now he’s cursing out Google, and decides to check out Microsoft’s search engine, Bing. Maybe many employers use Bing.
When he searches his name, the same Intelius and Ussearch ads appear on top of the page.
Right below those two, there is a new link: Jo Average, Jr. http://www.yatedo.com
He clicks on the link, and to his utter consternation sees his old profile on LinkedIn, that he created five years ago, when he was unemployed, glaring at him. It makes him look as if he has been unemployed for the last five years. It also looks like Yatedo just copied and pasted his old profile on their site a few years ago and never looked at it again. On the right hand corner, a huge call-to-action window shouts: “This is ME!” , prompting him to claim his profile.
Jo is dumbfounded. He knows he must take action, but has no clue as where he should start. He heard about a company called Reputation.com and checks out the price list: it’s too expensive for someone like Jo Average Jr., especially now that he has lost his job.
Do you have any advice for Jo Average Jr.? Please don’t hesitate to comment.
In the next installment, some legal issues will be highlighted and some practical solutions will be proposed.
- Implications of #SocialMedia in Regulated Industries http://bit.ly/pYEfZE #ediscovery #dataretention #
- Are student Cell Phone Records searchable ? http://bit.ly/ppO8lX #privacy #
- #FCRA #discrimination RT @josh_greenberg Your social media history: the new job hurdle http://nyti.ms/pigNA5 #HR #privacy #SM #
- House Subcommittee Passes Fake “Data Security” Bill http://bit.ly/r7UmAH #databreach #
- Sony insurer sues to deny #databreach coverage http://reut.rs/mUlgMb #cyberinsurance #
- Don’t put free press at risk, says Abbott (Australia) #privacy http://bit.ly/pSHRzc #
- Australia May Toughen Privacy Laws http://bloom.bg/pyXXmL #
- TSA Announces Privacy Overhaul of Nude Airport Scanners http://bit.ly/pvoftl #privacy #
- Personal medical information of more than 5 million people was compromised so far this year; by @burgessct http://bit.ly/o3fQUL #HIPAA #
- Businesses More Concerned With Reputation Than Fines http://bit.ly/pGJnXE #databreach #privacy #
- Bloomberg Unfolds E-Discovery Road Map http://bit.ly/plnlOP #ediscovery #
- Reputation.com to spend $41M on “math” to control your online profile http://bit.ly/obXMEP #privacy #
- Children and online #privacy (UK) http://huff.to/oFaKuI #
- License Plate Scanners Coming To Massachusetts http://bit.ly/pBYyu9 #privacy #
- Avoid Patriot Act surprises: Encrypt Cloud data on-premise http://bit.ly/pr8lcF #privacy #
- 20 EU states fail to implement new telecoms legislation http://bit.ly/qPjbkl #privacy #dataprotection #
- Beth Israel reports potential data breach (updated) http://bit.ly/pHBdTb #privacy #HIPAA #
- My @Klout score is steady at 58. http://t.co/IAUr1uN #socialmedia #ediscovery #privacy #
- I quirified my website – check it out! #QR http://yfrog.com/kelzkxjj #
- The Meaning of “Consent” in the EU #Privacy Framework – my summary of 38p. article 29 WP opinion http://bit.ly/pXz6am #ediscovery #
- Financial Services Industry Group Issues Social Media Guidance http://bit.ly/pFWt3o #socialmedia #FINRA #
- The Meaning of “Consent” in the EU #DataProtection Framework: A New Article 29 WP Opinion: my summary http://bit.ly/pXz6am #privacy #
- FB Will Soon Read Your Mood: Face.com Rolls Out Mood Estimation API (and so will employers, banks, etc..) http://bit.ly/pg7yJW #privacy #
- Thanks! RT @2Britt: #ff @EUdiscovery for her great and ongoing updates on #Privacy #
- Thanks! RT @hectorguzmanmx: #ff @EUdiscovery and the great notes about #privacy #
- Twitter weekly updates for @EUdiscovery http://bit.ly/pAZCoz #databreach #privacy #dataretention #cloud #EU #privchat #Google #
- Lawmakers Investigate Google, Facebook Over New Privacy Concerns http://bit.ly/pE6Iar #
The Meaning of “Consent” in the EU Data Protection Framework: A New Article 29 Working Party Opinion
The Meaning of “Consent” in the EU Data Protection Framework: A New Article 29 Working Party Opinion
On July 13, 2011, the Article 29 Data Protection Working Party (hereafter Article 29 WP ) adopted Opinion 15/2011 on the Definition of Consent.
This opinion looks into the legal framework regarding the use of consent under Directive 95/46/EC and Directive 2002/58/EC in the context of the ongoing review of the Data Protection Directive.
A. GOAL of the ARTICLE 29 WP OPINION
This opinion aims to clarify the existing legal requirements and illustrate how they work in practice. At the same time, in doing so, it provides a reflection on whether the existing framework remains suitable in the light of the many new ways of processing personal data or whether changes to it may be necessary. Consent is also one of the subjects about which the Commission has asked for input in the context of the review of Directive 95/46/EC.
B.“VALID CONSENT” DIRECTIVES
The Opinion provides a thorough analysis of the concept of consent as currently used in the Data Protection Directive (Directive 95/46/EC) and in the e-Privacy Directive (Directive 2002/58/EC.)
Concerning the overlap between the two directives, the Article 29 WO states: “The general conditions for consent to be valid, as foreseen in Directive 95/46/EC, apply both in the off-line and in the on-line world. Directive 2002/58/EC specifies these conditions for some explicitly identified on-line services, always in the light of the general conditions of the Data Protection Directive.”
C. CONSENT AS LEGAL BASIS TO PROCESS PERSONAL DATA
According to the Directive, personal data cannot be handled at all, except on the basis of a very limited list mentioned in articles 7 and 8 of the Directive.
One legal basis that gives a data controller the right to “process” personal data is unambiguous consent by the data subject.” (Article 7. (a) Directive 95/46/EC).
There are 5 other legal grounds for processing personal data.
The processing of sensitive personal data requires explicit consent. (Article 8.2(a) Directive 95/46/EC).
There are 4 other legal grounds for processing sensitive personal data.
D. GENERAL PRINCIPLES OF VALID CONSENT
Article 29 WP:
- • Valid consent presupposes individuals’ capacity to consent. Rules regarding the capacity to consent are not harmonized and may therefore vary from Member State to Member State.
- • Individuals who have consented should be able to withdraw their consent, preventing further processing of their data. This is confirmed also under the ePrivacy Directive for specific data processing operations based on consent, such as the processing of location data other than traffic data.
- • Consent must be provided before the processing of personal data starts, but it can also be required in the course of a processing, where there is a new purpose. This is stressed in various provisions of Directive 2002/58/EC, either through the requirement “prior” (e.g. Article 6.3) or through the wording of the provisions (e.g. Article 5.3).
E. DEFINITIONS OF CONSENT IN THE DATA PROTECTION DIRECTIVE (Directive 95/46/EC).
Article 2 (h) of Directive 95/46/EC defines consent as “any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed”.
Article 7 of the Directive, which sets forth the legal basis for processing personal data, sets out unambiguous consent as one of the legal grounds.
Article 8 requires explicit consent as a legal ground to process sensitive data.
Article 26.1 of Directive 95/46/EC and various provisions of the ePrivacy Directive require consent to carry out specific data processing activities within their scope of application.
Article 2 (h) of Directive 95/46/EC
defines consent as “any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed”.
a. Consent may be “any…indication of his wishes”
Article 29 WP: “The minimum expression of an indication could be any kind of signal, sufficiently clear to be capable of indicating a data subject’s wishes, and to be understandable by the data controller. The words “indication” and “signifying” point in the direction of an action indeed being needed (as opposed to a situation where consent could be inferred from a lack of action).”
Example: Bluetooth advertising boards
There is a developing advertising tool consisting of boards sending messages asking for the establishment of a Bluetooth connection to send ads to people passing nearby. The messages are sent to people that have activated their Bluetooth devices on their mobiles. The sole activation of the Bluetooth function does not constitute a valid consent (i.e. the Bluetooth function could be activated for other purposes). On the other hand, when someone is informed about the service and approaches a few centimeters from the board with his or her mobile, there is, normally speaking, an indication of a wish: this shows which people are really interested in getting the ads. Only those people should be considered as having consented, and only they should receive the messages on their phones.
b. Consent must be FREELY given:
Article 29 WP: “This means that there must be no risk of deception, intimidation or significant negative consequences for the data subject if he/she does not consent. Data processing operations in the employment environment where there is an element of subordination, as well as in the context of government services such as health may require careful assessment of whether individuals are free to consent.”
Example – Electronic health records
In many Member States there is a move to create an electronic summary of patients’ health records. This will allow healthcare providers to access key information wherever the patient needs treatment. – In the first scenario, the creation of the summary record is absolutely voluntary, and the patient will still receive treatment whether or not he or she has consented to the creation of a summary record. In this case consent for the creation of the summary record is freely given because the patient will suffer no disadvantage if consent is not given or is withheld.
- In the second scenario, there is a moderate financial incentive to choose the e-health record. Patients refusing the e-health record do not suffer disadvantage in the sense that the costs do not change for them. It could be considered here as well that they are free to consent or not to the new system.
- In the third scenario, patients refusing the e-health system have to pay a substantial extra cost compared to the previous tariff system and the processing of their file is considerably delayed. This signifies a clear disadvantage for those not consenting, with the purpose to bring all citizens within the e-health system in a scheduled deadline. Consent is therefore not sufficiently free. One should therefore also examine the existence of other legitimate grounds to process the personal data or examine the application of Article 8.3 of Directive 95/46/EC.
Free consent in the context of employment:
Article 29 WP: “where consent is required from a worker, and there is a real or potential relevant prejudice that arises from not consenting, the consent is not valid in terms of satisfying either Article 7 or Article 8 as it is not freely given. If it is not possible for the worker to refuse it is not consent…. An area of difficulty is where the giving of consent is a condition of employment. The worker is in theory able to refuse consent but the consequence may be the loss of a job opportunity. In such circumstances consent is not freely given and is therefore not valid. The situation is even clearer cut where, as is often the case, all employers impose the same or a similar condition of employment.”
When the public authority is the data controller:
Article 29 WP:
“..when a public authority is the data controller, the legal ground for legitimising the processing will be the compliance with a legal obligation ex Article 7(c), or the performance of a task of public interest ex Article 7(e), rather than consent.”
Example: PNR data
The question of whether the consent of passengers can be validly used to legitimise the transfer of booking details (“PNR data”) by European airlines to the US authorities has been discussed. The Working Party considers that passengers’ consent cannot be given freely as the airlines are obliged to send the data before the flight departure, and passengers therefore have no real choice if they wish to fly.21 The legal basis here is not the consent of the passenger but, rather in accordance with Article 7(c), the obligations foreseen in the international agreement between the EU and the US on the processing and transfer of Passenger Name Record (PNR) data.
c. Consent must be SPECIFIC :
Article 29 WP: “Blanket consent without determination of the exact purposes does not meet the threshold. Rather than inserting the information in the general conditions of the contract, this calls for the use of specific consent clauses, separated from the general terms and conditions.”
Also: “specific consent may be needed for processing beyond what is necessary for the performance of the contract.”
Example: social networks
The social network service offers the possibility to use external applications. The user is, in practice, often prevented from using an application if he does not consent to the transmission of his data to the developer of the application for a variety of purposes, including behavioural advertising and reselling to third parties. Considering that the application can run without it being necessary that any data is transferred to the developer of the application, the WP encourages granularity while obtaining the consent of the user, i.e. obtaining separate consent from the user for the transmission of his data to the developer for these various purposes. Different mechanisms, such as pop-up boxes, could be used to offer the user the possibility to select the use of data to which he agrees (transfer to the developer; added value services; behavioural advertising; transfer to third parties; etc).
d. Consent must be INFORMED:
Article 29 WP: “Articles 10 and 11 of the Directive lists the type of information that must necessarily be provided to individuals. In any event, the information provided must be sufficient to guarantee that individuals can make well informed decisions about the processing of their personal data. The need for consent to be “informed” translates into two additional requirements. First, the way in which the information is given must ensure the use of appropriate language so that data subjects understand what they are consenting to and for what purposes. This is contextual. The use of overly complicated legal or technical jargon would not meet the requirements of the law. Second, the information provided to users should be clear and sufficiently conspicuous so that users cannot overlook it. The information must be provided directly to individuals. It is not enough for it to be merely available somewhere.”
Example: crime mapping
Some police forces are considering publishing maps, or releasing other data, showing where particular types of crime took place. Usually safeguards built into the process mean that no personal data about the victims of crime is published, because crime is only linked to relatively broad geographical regions. However, some police forces want to pin-point crime more exactly, where the victim of a crime consents to this. In such a case it becomes possible to link more precisely the data subject with the place where a crime has been committed. However, the victim is not specifically told that identifiable information about him/her will be published openly on the internet and how this information can be used. Consent is therefore not valid in this case because victims may not fully understand the extent to which information about them is being published.
According to the Directive, personal data cannot be handled at all, except on the basis of a very limited list mentioned in articles 7 and 8 of the Directive, as mentioned above.
One legal basis that gives a data controller the right to “process” personal data is “unambiguous consent by the data subject.” (Article 7.(a) Directive 95/46/EC).
Article 29 WP: “Unambiguous” calls for the use of mechanisms to obtain consent that leave no doubt as to the individual’s intention to provide consent. In practical terms, this requirement enables data controllers to use different types of mechanisms to seek consent, ranging from statements to indicate agreement (express consent), to mechanisms that rely on actions that aim at indicating agreement.
Example: on-line game
An on-line game provider requires players to provide age, name and address for the purposes of participating in the on-line game (distribution of players among ages and addresses). The website features a notice, accessible through a link (although access to such notice is not necessary to participate in the game), which indicates that by using the website (and thus providing information) players are consenting to their data being processed to deliver them marketing information, by the on-line game provider and by third parties.
Accessing and participating in the game is not tantamount to giving unambiguous consent to the further processing of their personal information for purposes other than the participation in the game. Participation in the game does not imply the individuals’ intent to consent to processing other than what is necessary to play. This type of behaviour does not constitute an unambiguous indication of the individual’s wish to have his/her data used for marketing purposes.
Example: default privacy settings
The default settings of a social network, which users do not necessarily need to access to use it, enable the entire “friends of friends” category making all the personal information of each user viewable to all “friends of friends”. Users who do not wish to have their information viewed by “friends of friends” are required to click a button. If they remain passive, or fail to engage in the action consisting in clicking a button, they are deemed by the controller to have consented to having their data viewable. However, it is very questionable whether not clicking on the button means that individuals at large are consenting to have their information viewable by all the friends of friends. Because of the uncertainty as to whether the lack of action is meant to signify consent, not clicking may not be considered unambiguous consent.
3. SENSITIVE PERSONAL DATA:
Sensitive personal data are personal data that reveal “racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and the processing of data concerning health or sex life” and processing of such data is in principle prohibited, with a very limited list of exceptions (Article 8.2(a) of Directive 95/46/EC).
Article 8.2(a) Directive 95/46/EC requires explicit consent to process sensitive data.
In legal terms “explicit consent” is understood as having the same meaning as express consent. The difference here is that, whereas with regular personal data, for consent to be valid it must be unambiguous, and explicit/express consent is but one of the many ways to show unambiguous consent, in case of sensitive personal data, explicit/express consent is the ONLY valid way to show valid consent.
Article 29 WP: “meaning an active response, oral or in writing, whereby the individual expresses his/her wish to have his/her data processed for certain purposes. Therefore, express consent cannot be obtained by the presence of a pre-ticked box. The data subject must take some positive action to signify consent and must be free not to consent.”
Example: medical data for research
A patient who is informed by a clinic that his medical file will be transferred to a researcher unless he objects (by calling a number), will not meet the requirement of explicit consent.
Also: “Consent does not have to be recordable to be valid. However, it is in the interest of the data controller to retain evidence.”
F. UNAMBIGUOUS CONSENT AS LEGAL BASIS FOR TRANSFER OF PERSONAL DATA TO NON_ADEQUATE THIRD COUNTRIES (Article 26.1(a) of Directive 95/46/EC).
The article 29 WP repeats its opinion expressed in WP 114 that “Consent is unlikely to provide an adequate long-term framework for data controllers in cases of repeated or even structural transfers for the processing in question” In case “ just one data subject subsequently decided to withdraw his consent…”, further transfers become invalid.
G. THE E-PRIVACY DIRECTIVE (Directive 2002/58/EC)
The recently amended e-Privacy Directive (Directive 2002/58/EC) applies to providers of publicly available electronic communication services only (e.g. providers of telephony, Internet service providers, etc).
1. CONSENT AND RELATION WITH DIRECTIVE 95/46 EC (Article 2(f)) Article 2 of the e-Privacy Directive explicitly states that the definitions of Directive 95/46/EC shall apply regarding Directive 2002/58/EC.
2. INTERCEPTION/SURVEILLANCE OF COMMUNICATIONS (Article 5(1)) Requires the consent of “all users concerned“, in other words, the two parties to a communication.
3. TIMING WHEN CONSENT IS REQUIRED (Articles 6(3), 9, 13 and 5(3)) Consent is to be provided prior to the processing. This is in line with Directive 95/46/EC.
4. THE RIGHT TO OBJECT AND ITS DISTINCTION FROM CONSENT (Article13(2-3)) If the addressee of the commercial communication is an existing client and the communication aims at promoting the provider’s own or similar products or services, the requirement is not consent, but ensuring that individuals “are given the opportunity to object” ex Article 13(2). Recital 41 explains the reasoning why the legislator, in this case, did not require consent: “Within the context of an existing customer relationship, it is reasonable to allow the use of electronic contact details for the offering of similar products or services”. Thus, in principle, the contractual relationship between the individual and the service provider is the legal ground that allows the first contact by email.
5. POSSIBILITY TO WITHDRAW CONSENT (Articles6.3,9.3-4.)
H. ARTICLE 29 WORKING PARTYS ASSESSMENT CONCERNING THE CURRENT DATA PROTECTION FRAMEWORK and RECOMMENDED CHANGES
The Article 29 WP deplores the lack of uniformity in implementation of the requirements for valid consent by the EU member states at the national level.
It suggests the following changes as part or the revision of the general data protection framework.
- Further clarification of the wording “unambiguous”. “Clarification should aim at emphasizing that unambiguous consent requires the use of mechanisms that leave no doubt of the data subject’s intention to consent. At the same time it should be made clear that the use of default options which the data subject is required to modify in order to reject the processing (consent based on silence) does not in itself constitute unambiguous consent. This is especially true in the on-line environment.”
- Include the word “unambiguous” in the general definition of consent of Article 2(h), in order to avoid confusion.
- “Unambiguous consent” which encompasses explicit consent but also consent resulting from unambiguous actions should remain the required standard. This choice gives more flexibility to data controllers to collect consent and the overall procedure may be quicker and more user friendly.
- Include wording reflecting interpretations of consent by case law and Article 29 WP Opinions.
- Include enhanced protection rules for individuals lacking legal capacity, such as children.
- Apple Fined Less than a Thousand Bucks in iPhone Tracking Lawsuit http://gizmo.do/r4nTco #privacy #
- many didn’t seem to know much…RT @PrivacyCamp: By their staff (nough said) RT @eudiscovery: Don’t our repres… (cont) http://deck.ly/~ff2NO #
- Mack: personal data is a gold rush of our time #privacy #
- Don’t our representatives get briefed on the subject before a hearing?? #privacy #
- Genachowski: now is a window of opportunity to set international standards, while other countries update/create privacy frameworks #
- Barton: drop G from Google, because that’s what they appear to be doing #privacy #
- Google plus & Google buzz mixup at House #Privacy Hearing #
- Genachowski: legislative clarification on FCC’s jurisdiction would be beneficial #privacy #
- Summary House #Privacy Hearing so far: innovation/growth + privacy= bi-partisan #
- Ramirez (FTC) is doing a good job explaining long term economic implications for consumers of digital profiling #
- yup, BF RT @meitweet: Markey just coined a term: “The BF Era – Befowah Facebook.” If I heard him correctly. #privchat #
- Waxman (CA) : current law does not provide proper privacy protection for consumers #
- Stearns: advocates for one agency to have jurisdiction as opposed to competing agencies #
- Eshoo (CA): We need unified approach for privacy in public & private sector. #
- Privacy, Shmivacy: Sites Relax Policies Again http://bit.ly/pxYrZ9 #
- #DataBreach of the Day: Monsanto http://bit.ly/q5miCF #privacy #security #
- Thanks!!! RT @troy_norcross: Just added Monique @EUdiscovery to my privacy_pundits list. Her feed is active and a good sourcd on #privacy #
- EU Considers Stricter #DataBreach Notification Rules http://bit.ly/q7H2qs #privacy #security #
- Surveillance cameras’ footages lead to arrest in brutal murder of Brooklyn boy http://abcn.ws/nLVmqt #LeibyKletzky #
- Google+ forces us to question who owns our digital identiy http://bit.ly/o8Kocn #privacy #
- Ad Networks Continue Tracking Users Who Opt Out http://bit.ly/nf4O8d #privacy #privchat #
- Anti Child-Porn Act Runs Into Trouble Over Privacy http://on.wsj.com/qUBi2I #HR1981 #
- Nordic countries grill Facebook on privacy http://bit.ly/p9LCoi #dtaprotection #
- #DataBreaches Multiply; Average Cost Now $2.7M http://bit.ly/optpUG #goodforinsurancebusiness #
- EU Politicians Realize US View Of De Facto Ownership Of The Internet Makes Their #DataProtection Laws Irrelevant http://bit.ly/nJmp9W #
- now read: today’s RT@csoghoian: My op ed on tomorrows data retention hearing http://t.co/UGu8lzi” #
- RT @hilliconvalley: Privacy advocate knocks data retention provision in child porn bill http://bit.ly/prn6Ib #privacy #privchat #
- #privchat : #Dntrack w/o enforcement is like a barking dog w/o teeth #
- #privchat It is new for data located in the EU! RT @Forsheit: MS decl not new. Patriot Act always issue 4 #cloud
- #privchat: A2; latest EU/US scare: Microsoft declared that all its EU data subject to Patriot Act–> EU will not use US cloud
- #privchat US will not benefit from free flow of data from EU accorded to countries termed “adequate” re privacy
- @CenDemTech #privchat: wouldn’t H.R.1981 only apply to ISPs?
- #privchat: sorry; how about pros & cons
- #privchat Monique Altheim, hello!
- Marino: #dataretention is critical, because children often reveal abuse > 1 year later #HR1981 #privchat
- Congressman Lungren: there is a nexus between online child pornography & child/human trafficking #HR1981 #privchat
- Allen: child pornography, #HR1981 > 50% of victims are Americans, and vast majority of perpetrators are someone they trust. #privchat
- Allen: 77% of online sexual abuse involves prebuscent children #HR1981 #privchat
- Rotenberg: #dataretention directive in EU has been very controversial #HR1981 #privchat
- Rotenberg: #dataretention conflicts with tendency towards data minimization #HR1981 #privchat
- Rotenberg: #dataretention coupled with immunity provisions for ISPs is problematic. #HR1981 #privchat
- Sheriff Brown: Longer #dataretention period fpr ISPs necessary to provide evidence against & prosecute perpetrators #privchat
- Streaming NOW: H.R. 1981, the “Protecting Children from Internet Pornographers Act of 2011http://1.usa.gov/pCbrtS #dataretention #privchat
- Online child porn bill raises privacy fears http://politi.co/qVRRzQ #dataretention
- The Swiss authorities are planning to revise the #DataProtection Act in keeping with modern technology http://bit.ly/r0QjwR #privacy
- DOJ: We can force you to decrypt that laptop http://cnet.co/oIktQd
- RT @RTeDiscovery Saturday Night Chron ▸ Top stories via @EUdiscovery @nytimesbusiness and @DougCornelius ▸ #Antitrust and #EDiscovery ▸ http://t.co/4w…
- Getting from Privacyville to the Real World of Online Privacy http://bit.ly/rfC2f9
- F-commerce faces privacy hurdle across generations http://bit.ly/qmBjJj
Asia group launches cloud index, ‘cloud map’ http://bit.ly/r1d6AY
- IBM’s Cloud To Offer Gold, Silver and Bronze Data Recovery to SMBs http://bit.ly/pohL8s #ediscovery
- NJ Judge rules use of GPS to track a cheating spouse is not an invasion of privacy http://bit.ly/qr58RF
- German Federal Police servers compromised http://bit.ly/pV1zPj #privacy
- Mexico Issues Privacy Regulations for Public Comment – http://bit.ly/nw685Z #
- Twiiter & Google+ http://bit.ly/oInf7s #
- How To Update Your Twitter Status Via Google… #
- Germany Launches National Cyber Defense Center http://bit.ly/nyDiHN #
- Washington Post reports breach of job seeker data http://bit.ly/q8rpw4 #privacy #
- Cloud Computing Security: 10 Ways to Enforce It http://bit.ly/qZR72z #
- New figures highlight (UK) police’s shameful data breaches http://bit.ly/qCJOtH #privacy #
- Personal Data (Privacy) (Amendment) Bill 2011 (Hong Kong) soon to be introduced into the Legislative Council. http://bit.ly/qxrnyX #
- Remember When Twitter Was A Joke? No One Is Laughing Anymore.http://t.co/lrSZadF #askobama #
- French Data Protection Authority Releases New Guidance for Health Professionals http://bit.ly/oEuFxX #privacy #
- excellent and in plain English! Cloud Computing: Legal Quagmire http://bit.ly/k3a8dH #
- Facebook made $1.86 billion from your content in 2010 http://zd.net/jHQK1z #privacy #socialmedia #
- Hulu Disables Facebook Connect Over #Privacy Glitch http://bit.ly/jLyseM #socialmedia #
- Report: Morgan Stanley warns 34,000 clients of #databreach http://cnet.co/rpltcP #privacy
Read more: http://… (cont) http://deck.ly/~zbeSb #
- Oregon’s prescription tracking program monitors your meds http://bit.ly/mIqKnD #privacy #HIPAA #
- Opportunities for insurers as EU #DataProtection Directive looms http://bit.ly/kvkIFI #databreach #
- How safe is your iPhone data? http://bit.ly/lswMxD #privacy #security #
- Thnx! RT @Tips4Tech: Shout-out #gratitude @ConnerLawTweets @DebbieMahler @lpingree @EUdiscovery @controzo @Dou… (cont) http://deck.ly/~5eRic #
- Top Five #eDiscovery Trends for 2011 http://bit.ly/mMtwyc #
- Epiq Systems Breakfast Seminar: Cross-Border Regulatory Investigations, by @chrisdale http://bit.ly/mdBK87 #
- #eDiscovery Case Law: Private Social Media Posts Deemed Discoverable in Personal Injury Case http://bit.ly/jd7KoG #privacy #
- Court orders full trial in Google open Wi-Fi data gathering claim http://bit.ly/int5Gp #privacy #
- Google Street View resumes photography in the Czech Republic after agreeing to restrictions http://bit.ly/iM038H #privacy #
- French Parliamentary Commission Recommends Privacy Law Reform http://bit.ly/lsexCA #dataprotection #EU #
- Supreme Court Agrees to Hear Geolocation Privacy Case http://bit.ly/jh7ceC #privacy #geotracking #
- Thnx! RT @FortaliceLLC: #FF #safety tweeps @Neondog82 @cyberwar_geek @cyberwar @digininja @PrivacyProf @sha… (cont) http://deck.ly/~jA0pI #
- Thnx RT @Tips4Tech: #FF #security @FortaliceLLC @PrivacyProf @shaundakin @anthonymfreed @wireheadlance @EUdisc… (cont) http://deck.ly/~1EVWw #
- Thnx! RT @BayesCleaners: The #FF #green crew @EUdiscovery @ProQure @greentim @GerberPlumbing @greencelebrit… (cont) http://deck.ly/~BD3Wc #
- Obama Administration Wants Privacy Rule to Work Worldwide http://bit.ly/jCtwy4 #
- Welch’s GPS tracking bill, the Geolocation, Privacy & Security (GPS) Act covers private companies & law enforcement. http://bit.ly/iLPlDn #
- Senate Hearing Shows No Broad Consensus on Details for Privacy Legislation http://bit.ly/lQt4GL #
- Privacy in Europe and the United States: I Know It When I See It , by @omertene http://bit.ly/lBuTAt #dataprotection #
- The first Google+ privacy flaw http://on.ft.com/k8s2YN #
- OECD leaders split on web’s future | News | PC Pro http://t.co/hPhRf1V #
- Push in Washington to create new data privacy framework -EU perspective http://bit.ly/l6JpUy #privacy #dataprotection #
- w/o knowledge/consent of the consumer!! #privacy RT @eff: Judge Kozinski explains how the Safeway Club Card le… (cont) http://deck.ly/~Gkt1R #
- RT @kkish: Google complied with 94% of all US gov't requests for data about users in 2nd half of 2010: http://on.wsj.com/ikilss #privacy #
- Microsoft admits Patriot Act can access EU-based cloud data http://zd.net/kSlt7J #privacy #dataprotection #
- Thnx! RT @ProQure: @ADHumlen @jkcallas @BayesCleaners @EUdiscovery @Vinny_Yankees @GerberPlumbing Cheers to a great start of the week! #
- Neelie Kroes' C.O.M.P.A.C.T for the Internet http://bit.ly/kvwozA #
- Twitter Weekly Updates for EUdiscovery http://t.co/qYL6qrn #ediscovery #privacy #socialmedia #
- Thanks! RT @jkcallas: #FollowFriday @JavaJoeMyspace @BCRE8TV @ADHumlen @BayesCleaners @costrike @TrippBrade… (cont) http://deck.ly/~kykBu #
- Dutch Parliament Approves Net Neutrality Law http://snipr.com/1opjaa #
- Judge Scheindlin Withdraws Her NDLON Opinion http://snipr.com/1oputk #ediscovery #
- Supreme Court Strikes Down Vermont Prescriber Privacy Law http://snipr.com/1oqk0q Supreme Court Strikes Do… (cont) http://deck.ly/~HYJke #
- Looking forward to Dr. Dix (German DPA) & Hon. Scheindlin talk on conundrum betwn #dataprotection & #ediscovery at Sedona conference #
- #ediscovery RT @ComplexD: E-Discovery Goes Mainstream – http://tinyurl.com/4yypq62 (Hilary McQuaide) #
- RT @IntegreonEDD: Arizona Court Rejects "Per Se Gross Negligence" Rule from Pension Committee http://bit.ly/kiluYM | #ediscovery #
- RT @IntegreonEDD: Both LPO and Contract Attorneys Growing in US http://bit.ly/kffGCE | Integreon Blog Post b… (cont) http://deck.ly/~x8SsJ #
- Failure to Preserve and Produce Relevant Electronic Records Can Lead to Significant Sanctions http://snipr.com/1wc0iz #ediscovery #
- sorry missed #Privchat am at Sedona Conference on cross-border discovery & privacy RT @PrivacyCamp: Missed to… (cont) http://deck.ly/~l9wiK #
- Malaysia to Establish New Government Department for Personal #DataProtection http://snipr.com/1wdhcu #privacy #ediscovery #
- EU Commissioner Reding Signals Intention to Introduce Mandatory #DataBreach Notification http://snipr.com/1we3uu #
- The #CFPconf YouTube videos are up! Watch them here: http://snipr.com/1xyi8e More to come! #privacy #infosec #internet #
- Global DataProtection, ECPA and Privacy Policies at the Computers Freedom and Privacy Conference 2011 http://snipr.com/23ysy0 #
- According to @klout, @CFP11 is influential about: privacy, washington dc, and video http://t.co/VqK4Bi1 #
- According to @klout, I'm influential about: legal, privacy, and europe http://t.co/UGd2qbA #
- Dutch publishing, ad industry hit back against cookie bill http://snipr.com/22z6mi #privacy #
- I'm going to The Sedona Conference's Third Annual International Programme on Cross-Border Discovery & Data #Privacy – #ediscovery #
- Senator P. Leahy explains why he introduced the ECPA Amendment Act 2011- YouTube http://snipr.com/23590c #privacy #surveillance #
- Global #DataProtection ECPA and #Privacy Policies at the Computers Freedom and Privacy Conference 2011 http://snipr.com/23ysy0 #
- YouTube – New EU data protection law wins support http://bit.ly/le4hLd #privacy #
- RT @DataMan99: The Week in #Privacy (Just Between You and Me) – http://nyti.ms/krWol4 George #Orwell where are you? #
- RT @ThePrivacyTrap: EU: Stronger Rules On Personal Data Protection Needed http://trap.it/23MJJu #privacy #
- RT @d9binnews: New post: Franken's Location Privacy Bill To Close Mobile Tracking 'Loopholes' http://bit.ly/kMttC3 #Privacy #
- Live Coverage from Budapest: Day One of the Hungarian International #DataProtection Conference http://bit.ly/ivMe73 #privacy #
- RT@eff: EFF shows you how to disable #Facebook #039;s facial recognition feature and control photo tagging #privacy http://youtu.be/JJOffOX98nY #
- RT @donttag: #facebook provides UE art29 party with additional information to address #privacy concerns ove… (cont) http://deck.ly/~fTChQ #
- RT @europrise: #EU #DataProtection: #EDPS urges Commission to meet the challenge of an ambitious reform – http://bit.ly/kE8gU7 #
- RT @dapixwatch: Annual Report 2010 of the European #DataProtection Supervisor: http://bit.ly/kv68ld #EU #privacy #
- RT @ict_endorse: New post: New Survey on European Citizens' Attitudes on Privacy, Identity and data protectio… (cont) http://deck.ly/~fRj69 #
- My recording of Keynote by Senator P. Leahy at the #CFPconf http://bit.ly/k2NfyI #privacy #ECPA #databreach #
- RT @PrivacyCamp: RT @senatorleahy: Working to bring #privacy laws into Digital Age; remarks frm Computer Freed… (cont) http://deck.ly/~hrCHC #
- If you have pics of #CFPconf 2011 on Flickr, you can pool them this CFP group http://snipr.com/3q2q1 #privacy #internet #infosec #
- New set of #CFPconf pictures http://tinyurl.com/3uupdl4 More to come #privacy #dataprotection #
- Have a safe trip, and thanks for your wonderful blog posts! RT @christinazaba: Leaving on a jet plane. Thanks again to all at #cfpconf #
- RT @CFP11: Thanks Lilllie Coney & @JulesPolonetsky for a wonderful #CFPconf 2011! #privacy #internet #infosec #
- Find blog posts, pics, videos of #CFPconf 2011 here: https://www.facebook.com/cfpconf Like it! #privacy #internet #infosec #
- Thnx my wonderul media team for covering #CFPconf @christinazaba @jimmilles @koa @KCGEventsMedia @RKCLearning @amprivacy and C. Fraser. #