- EU rule on web ‘cookies’ bears £500,000 fine (in UK) http://on.ft.com/edXkyz #privacy #dataprotection #
- Google Street View faces Dutch demands http://bit.ly/hJ5T3u #privacy #dataprotection #
- My Life According to the iPhone’s Secret Tracking Log http://bit.ly/fYwzdq #privacy #ediscovery #
- Who’s Screwing You Over on #Privacy Issues? Pretty Much Everybody http://bit.ly/fheOPn #dataprotection #
- Google Probed By Belgian Authorities Over #Privacy Lapses http://bloom.bg/i1VQux #dataprotection #
- Internet ‘Right to be Forgotten’ debate hits Spain #privacy #
- Got an iPhone or 3G iPad? Apple is recording your moves http://oreil.ly/i7dC7Q #privacy #dataprotection #ediscovery #
- European, German authorities assess implications of iPhone tracking http://bit.ly/dYvIpG #privacy #dataprotection #
- Logging off for Passover/Seder preparations. Happy Passover! #
- EC evaluates the Directive on retention of telecommunications data http://bit.ly/hWSjmK #privacy #dataprotection #
- Europe’s Article 29 Working Party issues smart meter guidelines http://bit.ly/dSSiUF #dataprotection #
- Surveillance cameras on duty at more public parks http://bit.ly/hxF144 #privacy
From The Detroit News: http:/… (cont) http://deck.ly/~sqzft #
- Erasing Our Past On The Internet http://bit.ly/ety0rP #privacy #ediscovery #
- Risk Management in #Cloud Computing http://bit.ly/hqmiOr #privacy #ediscovery #
- (Kerry/McCain)’Privacy Bill of Rights’ Exempts the Government, Short Sells Consumers http://bit.ly/fDxQ4y #dataprotection #
- Study: Many children use social-networking sites, unaware of how to protect themselves http://bit.ly/hnr9Mz #privacy #dataprotection #
- Skype for Android leaks user data http://bit.ly/gXoY5b #privacy #dataprotection #
- New Jersey Library Association Critical of Google Privacy Issues http://bit.ly/fO6Emj #
- Yahoo! jacks data retention from 90 days to 18 months http://bit.ly/gbeG4T #privacy #dataprotection #
- EU Commission to boost privacy protection in data retention rules http://bit.ly/dOdDMo #dataprotection #privacy #
- RT @Forsheit: #FollowFriday @kashhill @gigibsohn @JanetSteinman @donnaseyle @EUdiscovery @KelceyPF @KrystleTho… (cont) http://deck.ly/~Ub5Ov #
- Thnx! RT @InfoLawGroup: #FollowFriday @kashhill @gigibsohn @JanetSteinman @donnaseyle @EUdiscovery @KelceyP… (cont) http://deck.ly/~tkRfs #
- Representative Stearns Introduces Consumer Privacy Protection Act http://bit.ly/gzGz70 #
- RT @StewartRoom: #Internet_Advertising industry launches Online Behavioural Advertising framework for Europ… (cont) http://deck.ly/~PqZtO #
- RT @UKPrivacyLawyer: My blog on the new IAB self-regulatory principles for online behavioural advertising i… (cont) http://deck.ly/~BCihx #
- #privacy RT @Cyber_Panda_: #MySpace Sued For Leaking Users’ Identities To Advertisers http://ow.ly/4ASvM #dataprotection #
- #privacy RT @felicianointini: Toshiba to launch self-erasing hard drives http://cnet.co/fWGQoc #dataprotection #DLP #
- RT @IntegreonEDD: Sedona Conference Proposes 6 Principles of Proportionality http://bit.ly/gA1SCQ | @LawTechNews #ediscovery #
- China Publishes Draft Privacy Guidelines http://bit.ly/e5ZsbF #
- RT @jayshep: More people asking for Twitter names than biz cards #LegalChat #ABATechShow #
- Thnx! RT @RTeDiscovery: “More Cowbell?” Weekly Top 5 “Cowbellers”: @antigonepeyton @barsocchini @EUDiscover… (cont) http://deck.ly/~JNcvu #
- Thnx! RT @ComplexD: “More Cowbell?” Weekly Top 5 “Cowbellers”: @antigonepeyton @barsocchini @EUDiscovery @Insi… (cont) http://deck.ly/~kyx0c #
- Thnx! RT @Privacymatters: #privacy FF @EUdiscovery @PrivacyCamp @IsCool @sunil_abraham @privacyfocused @PrivacyMemes #
- Thnx! RT @hectorguzmanmx: Privacy #FF to @sunil_abraham @EUdiscovery @PrivacyWonk @steph3n @PogoWasRight @Priv… (cont) http://deck.ly/~nKCqZ #
- Thnx!RT @FortaliceLLC: #FF #Safety @momsmaterial @jabolins @internetcrimes @insiderthreats @gtiadvisors @janeb… (cont) http://deck.ly/~cPccJ #
- Twitter Weekly Updates for EUdiscovery http://t.co/Ag7dD57 #
- Reading "Towards more effective #DataProtection in the Information Society" by Peter Hustinx http://bit.ly/eqCTKe #privacy #
- EU, US discuss #dataprotection deal in Hungary http://bit.ly/fk20xD #TFTP #PNR #SWIFT #privacy #
- « La vie privée en péril », le cri d'alarme d'Alex Turk http://bit.ly/heYxW7 #privacy #dataprotection #
- Obama still believes in the American Dream. ( Does he also believe in the resuscitation of the dead?…) #
- Obama: This is not about the budget, this is about changing the social compact of America. #
- Reader Privacy Bill Passed Through California Senate Judiciary Committee http://bit.ly/fUwjLg #
- #TSA is trying something new and groundbreaking . Watch this video http://bit.ly/ewQJX6 #security #j Read more: http://ti.me/g3GZ1M #
- Civil Liberties Delegation in Washington – #DataProtection and #Security http://bit.ly/faK7De #PNR #TFTP #SWIFT #
- Data retention, child protection and the law http://bit.ly/h6O8Nx #
- #Dataprotection EU Parliament to lead new round of EU-US talks http://bit.ly/eNYnas #SWIFT #PNR #
- EU Commission has yet to prove worth of PNR plans, says Article 29 Working Party http://bit.ly/gQcw0h #privacy #dataprotection #
- NZ Data Protection Law Gets Tick From EU Working Party http://bit.ly/f1nHhn #privacy #dataprotection #
- this is much better: http://bit.ly/hVJWZV @AdamThierer: wow RT @mcerickson: Is this kind of invasive TSA scree… (cont) http://deck.ly/~tOTgE #
- TSA's New and Enhanced Security (video)http://youtu.be/U7Z5t7w7Hms #security #TSA #
- Roskam Baking Co. lawsuit draws attention to mistaken identity as potential job killer http://bit.ly/ha6h2B #FCRA #privacy #
- RT @rcalo: Registration for Computers Freedom Privacy 2011 is open. http://bit.ly/dR5PC8 #
- thnx! RT @FortaliceLLC: #FF @Tips4Tech @co2hog @marykayhoal @wireheadlance @infosecisland @lawscomm @PrivacyPr… (cont) http://deck.ly/~aJniK #
- CPS (UK) refuses to prosecute Phorm and BT http://bit.ly/eoifIH #privacy #
- Thnx! RT @Tips4Tech: #FF #infosec #privacy @anthonymfreed @wireheadlance @infosecisland @FortaliceLLC @Privacy… (cont) http://deck.ly/~5Ib4I #
- Thnx! RT @privacyfocused: #FF @adamthierer @PRC_Amber @gamambel @EUdiscovery @techdirt @PrivacyMemes @declan… (cont) http://deck.ly/~7clkT #
- Thnx! RT @direwolff: #FF @adamthierer @PRC_Amber @gamambel @EUdiscovery @techdirt @PrivacyMemes @declanm @Evry… (cont) http://deck.ly/~zdqX5 #
- EU Data Protection Commissioners insist on the need for a comprehensive approach to #dataprotection http://bit.ly/hJT5Lt #
- Day 11 w/o phone service. #Verizon #fail #3rd world country service. Please RT. #
- Justice Department opposes digital privacy reforms http://cnet.co/h0gOt2 via @cnet #
- European RFID pact aims to safeguard privacy http://bit.ly/gxg0am #
- The future of IT, security, privacy, compliance and e-discovery http://bit.ly/fOO9Uh #convergence #
- Czech Court Says No To Data Retention Rules http://bit.ly/eLmEB1 #pivacy #dataprotection #
- EU, Companies, Privacy Watchdogs Sign Agreement On RFID Chips http://bit.ly/hyDoOj Privacy #dataprotection #
- Why SWIFT matters "SWIFT and the Asymmetric Control of Data "http://bit.ly/e07gGS #privacy #dataprotection #
- RT @Drudge_Report: PANDORA subpoenaed in smartphone investigation… http://drudge.tw/ehoXMD #
- You don't need to understand French to understand these #Google Streetview pics! http://bit.ly/i9fpcc #privacy #dataprotection #
- Are u for "The Right To Be Forgotten for All" or for "The Right To Be Forgotten for Those Who Can Pay For It"? http://bit.ly/dPRfOa #privacy #
- Our crumbling infrastructure:100,000 NY #Verizon customers W/O phone/DSL service for > ONE WEEK and will last another TWO #
- 100,000 #Verizon customers w/o phone/DSL service for > ONE WEEK and will last another TWO: why is that not covered in the news? #
- Study shows lagging compliance with an online ad privacy program http://bit.ly/eJZuWF #AdChoices #selfregulation #
- #privchat A4 Google, Facebook, et al, challenging France's one year data retention requirement: the pot is calling the kettle black #
- #privchat Q4: It's the pot calling the kettle black #
- #privchat Q3 : CDA230 is from 1996: a bit outdate, maybe? #
- dream on, kid RT @alexanderhanff: A3 #privchat ass kicking, severe fines and criminal charges in extreme cases #
- RT @Reputation_Com: A2. An email address may seem benign, but when compared with something as simple as a ful… (cont) http://deck.ly/~EEu7e #
- Lobby for MEANINGFUL legislation, not scams RT @CenDemTech: #PrivChat An obvious followup to Q2: What can/should consumers do? #Epsilon #
- RT @jdp23: A1: All of the clauses should sunset. If not, then they all need significant reforms. #privchat #
- Hi! Monique Altheim, attorney #privchat #
- agreed, it'ds outdated; i vote for "identity" RT @JustinBrookman: @EUdiscovery Or just junk the concept . . . #
- Practical plans for cookie compliance http://bit.ly/f6gsvG #privacy #a mystery wrapped in an enigma! #
- Menino’s Teen Data Sharing Proposal Draws Criticism http://bit.ly/hGt48f #privacy #
- PNR should be deleted after 30 days, says EU privacy watchdog http://bit.ly/hYrqB9 #privacy #dataprotection #
- didn't Google Streetview do exactly that when it collected wi-fi info? RT @rigow: @EUdiscovery look at the ori… (cont) http://deck.ly/~E4djs #
- Don't Google & Facebook have an "unofficial" retention policy anyways? hypocrisy? RT @rigow: @EUdiscovery, ac… (cont) http://deck.ly/~Uf3io #
- What is Epsilon, and why did it have your e-mail?http://bit.ly/gXraGK #privacy #dataprotection #
- What is Epsilon, and why did it have your e-mail? http://snipr.com/27qrb8 #privacy #dataprotection #
- The Irony! – Google, Facebook take France to court over #privacy http://snipr.com/27qrap #
- Swiss Court Says Google's Street View Breaks Privacy Rules http://snipr.com/27qr9b #
- Verizon phone service down in Brooklyn for 100,000 customers, already one week. #fail #
- Phone service down in my street already one week. Verizon notified by all neighbors. Broken cable. Still not repaired #FAIL #VERIZON #
- A Right to Be Forgotten for those who can afford it http://snipr.com/27qgmq #privacy #dataprotection #
- States Attempt to Address #Privacy Risks Associated with Digital Copiers and Electronic Waste http://snipr.com/27q9gd #
- Thanks! Whoever is smart, should! RT @StopTrespass: @EUdiscovery Good work! Will they also hire you? #
- South Korea Enacts Comprehensive Privacy Law http://snipr.com/27q8py #privacy #
- EDiscoveryMap quoted in Dutch Parliament discussion on behavioral advertising! (footnote 1) !http://snipr.com/27q8ci #privacy #
- #privacy #DNTrack RT @CFP11: AP First to use #Do not-track http://bit.ly/etZnGl #
- Thnx! RT @FortaliceLLC: #ff #safety @Tips4Tech @kakroo @PrivacyProf @gtiadvisors@anthonymfreed @wireheadlanc… (cont) http://deck.ly/~u6W4z #
- EPIC Files Objection to Lawsuit Settlement http://snipr.com/27q885 #privacy #google #FTC #
- Thnx! RT @Privacyactivism: I"m late for #FF : @PogoWasRight @clarinette02 @PRC_Amber @EUdiscovery @BeatTheChi… (cont) http://deck.ly/~AHOdB #
- DuPont Granted Safe Harbor Certification for EU personal data transfer http://snipr.com/27q7m4 #privacy #dataprotection #
- Thnx! RT @Tips4Tech: #FF #privacy #security @FortaliceLLC @PrivacyProf @shaundakin @anthonymfreed @wireheadlan… (cont) http://deck.ly/~xDa7L #
- Twitter Weekly Updates for EUdiscovery http://t.co/34dLwf9 #privacy #ediscovery #socialmedia #EU #
- EU-US Talks on Data Exchange Start Amid Controversy http://snipr.com/27q6bz #privacy #PNR #SWIFT #
- UK: Industry struggles with achievability of 'right to be forgotten' http://snipr.com/27q69y #privacy #dataprotection #
- Annual report on the application of the EU Charter of Fundamental Rights – faqs http://snipr.com/27q68q #privacy #dataprotection #
- We’re not in a democracy anymore, Toto – “Of the 1%, by the 1%, for the 1%” by Joseph Stiglitz http://snipr.com/27q16t #
- UK Communications Minister : global web privacy standard needed http://snipr.com/27ps2p #dataprotection #
- FTC Charges Deceptive Privacy Practices in Google’s Rollout of Its Buzz Social Network http://snipr.com/27prwx #dataprotection #
- LinkedIn Sued For Privacy Violations http://snipr.com/27pr7v #
- #ediscovery It’s time for a data diet! RT @IntegreonEDD: Is your data center obese? http://bit.ly/dIWNWW | @DCDFOCUS #ECM #
- RT @_pidder_: RT @hunton_privacy Announcing the Launch of a New Journal on International Data Protection an… (cont) http://deck.ly/~shoPk #
- US Court and German Data Protection Authority in Accord on Discovery Limitations http://snipr.com/27pp83 #ediscovery #dataprotection #
- Privacy: reidentification a growing risk http://snipr.com/27pou4 #dataprotection #
- RT @reuters: Europe and U.S. converging on Internet privacy http://t.co/02EQrLE #
- Is It Time for EU-U.S. Consensus on Online #Privacy http://snipr.com/27plv0 #dataprotection #
- Get in the ring: US, Europe vow to bash out Internet personal privacy protection http://snipr.com/27pl8i #privacy #dataprotection #
- Twitter is shallow indeed, how else w. 140? RT @aarontitus: @shaundakin @CenDemTech As a result, some of th… (cont) http://deck.ly/~zN3UP #
- Europe rules against general passenger data slurp http://snipr.com/27pjjs #PNR #privacy #dataprotection #
- “Even in the US…” ha ha ha – EU and US working together on Web regulation http://snipr.com/27pj3k #privacy #dataprotection #
- The New EU Cookie Directive Leads to Cookie Wars in The Netherlands http://snipr.com/27p44y #privacy #dataprotection #
- What Readability is doing is dishonest #fail #
- Just deleted echofon, didnt like peoples webposts taken over by “readability” w/o permission #fail #
- New Post: Cookie Wars in The Netherlands http://snipr.com/27p44y #privacy #dataprotection #
- Business lost waiting for EU privacy compliance (NZ) http://bit.ly/fSkZWU #privacy #dataprotection #
- #privacy (great ad!) RT @michaelfertik: Video from @reputation_com on #privacyhorrorstory Emphasizes potential harm. http://bit.ly/i5aSmK #
- Thnx! RT @PogoWasRight: Sharing what they know #FF @PRC_Amber @WarrenEHart @PrivacyActivism @LossofPrivacy @Dy… (cont) http://deck.ly/~EZ2Qi #
- Twitter Weekly Updates for EUdiscovery http://t.co/NvgWtk8 #privacy #ediscovery #socialmedia #
- Color founder Nguyen:”We collect no PII” http://snipr.com/27ovfm – and face recognition techn. and smartphones’ UDIDs do WHAT? #privacy #
- RT @hrucic: RT @EPPGroup: #EPP Group hearing on #DataProtection on Thu 31 March, with @AxelVossMdEP & @Viviane… (cont) http://deck.ly/~VceEM #
- My “Privacy Interview with Experts” interview http://snipr.com/27otkc #ediscovery #dataprotection #EU #
- #ediscovery #edisclosure RT @OrangeLT: How Relevant is Legal Hold to the UK Market? http://tinyurl.com/4qvg6va (CY4OR) #
- how so “accidentally?” RT @TheNextWeb: A Dutch politician accidentally tweeted the most erotic tweet ever. http://tnw.co/e8wNa0 #
As of now, the Dutch law requires an opt-out regime for cookies: users need to be informed about the placement of tracking cookies, and they need to have an option to opt-out of having these cookies placed on their computers.
In the initial proposal for the new bill, the Minister of Economic Affairs proposed an “unambiguous consent” requirement, which caused a big uproar. That would have involved having a window pop up each time a cookie was placed with the request “Do you want this cookie placed on your computer?” and was deemed to be very impractical by the ad industry.
The Minister thereafter dropped the “unambiguous consent” requirement and changed it into just “consent”, and also mentioned that this consent can be given through activation of the appropriate browser settings, as long as the user is properly informed.
The ad industry claims that self-regulation through placement of icons by each behavioral advertisement would be sufficient to provide the user with the necessary information and opt-out choices.
Since the Independent Post and Telecommunications Authority (OPTA), will be in charge of supervising the application of the new cookie law, it has requested an independent study from TNO (Netherlands Organisation for Applied Scientific Research) and IVIR (Institute for Information Law), in order to find out how well website owners have abided until now by the current Dutch cookie law. The current law requires that the user needs to be informed and given the possibility of opting out of having tracking cookies placed on their computer.
The study, published on March 17, came to the conclusion that the majority of Dutch website owners do not abide by these laws, that the majority of Dutch people have no clue about their rights under the current law, and do not have sufficient understanding of the cookie tracking mechanisms to even make an informed choice, or to give meaningful consent. See this Dutch article.
The publication of this study has led to angry reactions from the advertisement industry. Joris van Heukelom, president of International Advertising Bureau (IAB), claimed that the study was biased and Henry Meijdam, president of the Dutch Dialogue Marketing Association (DDMA), said that the study misrepresented the current legal requirements and that the current Dutch law did not require consent for the placing of cookies.
The ad industry did aknowledge that the general public is ignorant about the placing and working of tracking cookies. Advertisers and marketers claim that they are busy with self regulating measures, like the placement of icons by each behavioral advertisement, to inform the web users of the workings of cookies and behavioral tracking and to give users the chance to opt-out of being tracked.
In this previous post, this author has made it quite clear that the way the AdChoice icons currently are implemented is very user-unfriendly and that the AdChoice icons, while giving the user a choice to opt-out of being shown behavioral advertisements, does not guarantee a choice of opting out of being tracked.
- Europe's Kroes warns against cloud lock-in http://snipr.com/27oq1e #portability #interoperability #
- Matchmaking firms are violating (privacy) laws: watchdog (Taiwan) http://snipr.com/27op7z #dataprotection #
- EP demands personal dataprotection in US WikiLeaks investigation http://snipr.com/27op76 #
- cool! love it! RT @Tips4Tech: Slideshow featuring 10 apps to increase #iPad productivity. http://bit.ly/e4sJRb #
- Yahoo's AdChoice Buttons and the new EU Cookie Rule http://snipr.com/27okwv #privacy #dataprotection #
- Calling everyone in my vicinity: I'll show you mine if you'll show me yours! http://snipr.com/27oo5v #privacy #apps #iPhone #
- RT @PrivacyMemes: Opting Out of Facebook's Creepy Social Ads Campaign http://bit.ly/eKDi9R #privacy #
- RT @PrivacyMemes: MeMap app lets you track Facebook friends on one central map http://bit.ly/fXRiDF #privacy #
- Firefox 4 Adds “Do Not Track”, but Buries It http://snipr.com/27onzv #DNTrack #privacy #dataprotection #
- AT&T Confident Its Partner in Crime Will Let It Take Over T-Mobile http://snipr.com/27onwk #privacy #dataprotection #
- AdChoice Buttons from Yahoo are not Privacy Choice Buttons http://t.co/7VaWwZn @Pogue #
- AdChoice Buttons from Yahoo are not Privacy Choice Buttons http://t.co/7VaWwZn @EDRi_org #
- AdChoice Buttons from Yahoo are not Privacy Choice Buttons http://t.co/7VaWwZn @JuliaAngwin #
- AdChoice Buttons from Yahoo are not Privacy Choice Buttons http://t.co/7VaWwZn @TechCrunch #
- AdChoice Buttons from Yahoo are not #Privacy Choice Buttons http://t.co/7VaWwZn #dataprotection #DNTrack #cookies #
- AdChoice Buttons from Yahoo: Ad Choices made Complicated http://t.co/7VaWwZn #
- AdChoice Buttons from Yahoo: Ad Choices made Complicated http://snipr.com/27okwv [ediscoverymap_com] #privacy #dataprotection #DNTrack #
- State Laws to be pre-empted, no private right of action plus Safe Harbor loophole; how lovely Draft "Commercia… (cont) http://deck.ly/~hWlDf #
- this way you know for sure they're not 3rd part cookies! @IsCool: Baking cookies for joe and his best friend. Yummy ! #
- "Do Not Track me online" for the average internet user ( but are they on twitter?) http://bit.ly/hqCtGA #DNtrack #privacy #dataprotection #
- A disk holding SSNs of 24,903 students in the Laredo ISD (TX) has gone missing in the mail http://bit.ly/dInnKs #privacy #dataprotection #
- RT @Reputation_Com: "Comprehensive Internet #privacy reform requires giving individuals control & ownership ov… (cont) http://deck.ly/~coSK6 #
- Here's what I think of Yahoo's new "AdChoices" Button http://on.fb.me/ebrbKu #privacy #dataprorection #
- RT @PrivacyMemes: Germany Rules Google Street View Legal http://bit.ly/hLVXYg #privacy #
- #privacy #dataprotection RT @MarieAndreeW: Yahoo's Offers Cookie Opt-out Button Ahead of New EU Law – http://bit.ly/hrGkui #
- Practical tips for compliance with EU #Dataprotection laws in global data transfers http://bit.ly/eb0Mib #privacy #
It stated: “The plan allows users to click an “AdChoices” button visible in the upper right-hand corner of ads.This will provide users with information about Yahoo’s advertising business and the chance to opt out of cookies.”
Of above statements, two are right and one is wrong.
There is a button, (barely) visible in the upper right-hand corner of (some) ads. It does provide users with information about Yahoo’s advertising business.
But it does not provide a chance to opt out of cookies. And thus, it is certainly not ahead on the New EU law.
The new EU law that the headline is referring to, is the e-Privacy Directive 2002/58/EC as amended by Directive 2009/136/EC, that has to be implemented by member states by May 25, 2011.
The article most relevant to online cookies, tracking and targeted advertising, is Article 4(3) of the revised e-Privacy Directive that states that placing cookies on a user’s computer is only allowed on the condition that the user concerned has given “his or her consent, having been provided with clear and comprehensive information … about the purposes of the processing.”
It is not clear whether this informed consent means “express” consent, but what is 100% clear is that the user has to somehow give his/her consent, which implies at a minimum a choice to opt-out of having cookies placed on his/her device. A website that informs its users of its processing practices , or more specifically, of its tracking practices via the placement of cookies on the user’s device, but does not give the user the choice to refuse those cookies, does not abide by the requirement of consent. How can the user consent to the placement of cookies, when he/she doesn’t have a choice whether to agree or not with that practice? It’s like feeding a real “cookie” intravenously to a child without asking it permission, explaining to the child what the ingredients of the intravenous cookie is and the mechanism of intravenous feeding, but not giving the child the option to disconnect the feeding tube. Did the child consent? No, because being forced is not the same as consenting.
It’s exactly the same with Yahoo’s AdChoice Button, which is NOT a cookie opt-out button. All it is, is an opt-out button for receiving targeted ads. If one opts out through the AdChoice opt-out button, one will not see “creepy” ads personally targeted to the user’s profile. That’s all. The user who opts out, will still have cookies placed on his/her computer, will still be tracked by third parties advertisers and will still end up in lists and profiles, to be sold to the highest bidder, and will still risk being dicriminated by employers, insurers, bankers etc…because of information found on these databases.
I wanted to check this for myself, so I decided to click on one of Yahoo’s AdChoice buttons and see what happens. Follow me on my oddyssee:
I first had to click on a few Yahoo pages until I found an ad with the AdChoice button. It is obviously not a widely accepted practice yet.
Finally I found one: It is the little grey icon above the “over 80%” ad: do you see it?
That was CLICK NUMBER ONE:
After I clicked on the AdChoice Button, I got the page below, offering me a slew of links to “learn more about this ad”.
I clicked on the “manage” icon under “What choices do I have about interst- based advertising from Yahoo?”
That was CLICK NUMBER TWO:
On the page that appeared next, I finally saw an icon for opting-out of Interest-based ads. I clicked.
That was CLICK NUMBER THREE.
Oh, but what did I see in tiny letters below the opt-out icon?
“To make your opt out apply to every computer you use, sign in to your Yahoo! account and choose persistent opt-out. Learn more.”
Aha, another click, if I want this to work from my laptop or my smartphone, or from the computer at work.
I clicked. That was CLICK NUMBER FOUR.
This is the page that appeared next: Yahoo Ad Interest Manager FAQ. There were 21 FAQs. I started reading.
The FAQs explained the different aspects of targeted advertising. OK, a nice long read, but what was I looking for again? I forgot.
I went back a page, ( CLICK NUMBER FIVE) looked around and found a link that said : “Additional choices:Yahoo! will apply your ad interest opt-out to certain other products we offer. By opting out of receiving interest-based ads, you will also be opting out of both receiving interest-based content and data collection through partner sites for our analytics products.”
Great! Additional choices. I like that. I clicked on “analytics products”.
And that was when I finally found out the truth:
“Yahoo! Web Analytics is a browser-based system used to collect information about visitors to our customers’ websites.
Information Collection and Use
Yahoo! Web Analytics uses web beacons and cookies to collect data about visitors to our customer’s websites. This data is sent to Yahoo! by your web browser as part of your interaction with a customer’s website. The data collected commonly includes IP address, time spent on webpages, links clicked, or advertisements viewed on those pages etc…etc..
Your Opt-out Choices
Most browsers are initially set up to accept cookies. If you would prefer, you can set your browser to reject cookies, or to reject third party cookies only. If you reject cookies, you may not be able to sign in or use other features of websites that rely on cookies to enable the user experience.
If you do not wish to have information about your activities on our customer’s websites used by Yahoo! as stated above, you can opt-out here. This opt-out applies both to use of the information on behalf of our customers and by Yahoo! for its own purposes as described above.
I FINALLY FOUND THE OPT-OUT ICON FOR OPTING OUT OF COOKIES! YAHOO!
Triumphant CLICK NUMBER SIX!
And what does appear after my triumphant click?
If this page looks familiar, that is because it is the same page I got after CLICK NUMBER THREE, allowing me to opt out of the creepy targeted ads, but not out of any cookie placement and/or tracking.
You see, at Yahoo, there is no escaping the evil tracking cookies by clicking on some magic AdChoice button.
They do mention on the previous page that one can set the browser to reject third party cookies, but you don’t need an ADChoice button to do that.
Many people still don’t know about this option, and those people will certainly not learn about this option through reading a text, buried somewhere after the FIFTH CLICK.
I looked around a bit more and found a link to third parties that have cookies on Yahoo. The list is quite long.
I hope I have suffiently demonstrated why the AdChoice button will not, by any standards, satisfy the new e-privacy laws in the EU.
I believe it is also clear that the AdChoice button, by requiring so many clicks to get to an actual choice button, and by requiring a user to spend a few hours on the site to actually understand what the AdChoice button is all about, falls short of satisfying all current thinking on privacy principles, whether one calls it FIPPs (Fair Information Privacy Practices), Privacy by Design or Privacy by Default.
Viviane Reding, Vice President of the European Commission, Commissioner for Justice, Fundamental Rights and Citizenship, explained at a recent meeting in Brussels, that in her concept of “Privacy by Default”,the privacy settings are designed to be easily found and manipulated by the user, so that “you don’t have to be an engineer to set your privacy settings.”
In other words, when you explain to the child what cookie you put into the feeding tube, do it in plain English, not in Chinese. At least the child will understand that it is being forcefed a cookie.
Oh, I remember now what I forgot I was looking for:
“To make your opt out apply to every computer you use, sign in to your Yahoo! account and choose persistent opt-out.”
On which page of Yahoo’s “novel” was that to be found again?
I have to make a living too.
- RT @bendrath: #EP rapporteur Axel Voss (EPP, DE) suggests a regulation for #dataprotection in the internal market of EU, not a directive #
- exactly, and it's confusing too RT @PogoWasRight: @EUdiscovery Reding's "privacy by default" seems a misnome… (cont) http://deck.ly/~Q6Mwd #
- You know the difference betw. #Privacy by Design (US) & Privacy by Default(EU)? http://bit.ly/eX0LUH #dataprotection #senprivacy #epprivacy #
- The Review of the EU #DataProtection Framework v. The State of Online Consumer #Privacy in the US http://bit.ly/eX0LUH #
- The Review of the EU Data Protection Framework v. The State of Online Consumer Privacy in the US http://bit.ly/eX0LUH – My new post! #
- Busy day for #privacy #dataprotection: In Washington, D.C., Senate Hearings on the State of Online Consumer Pr… (cont) http://deck.ly/~YzVCd #
- RT @StewartRoom: My Blog: #Commissioner #Reding: downer on the #US http://www.stewartroom.com/?p=1103 #Privacy #Security #dataprotection #
- RT @SJLambrinidis: Reding principles 1) right 2 b forgotten 2) more transparency 3) privacy by default 4) prot… (cont) http://deck.ly/~e2evf #
- RT @VivianeRedingEU: Your data, your rights: Safeguarding your privacy in a connected world http://bit.ly/9lnp8T #epprivacy #dataprotection #
- RT @bendrath: If you missed the #EP discussion on EU #DataProtection Framework you can watch the recorded stre… (cont) http://deck.ly/~0cNNU #
- yes, but FB, Ggle,YouTube etc.. still richest source material RT @JulesPolonetsky: @EUdiscovery aint just abou… (cont) http://deck.ly/~Bhb7k #
- of crse, but the only social media site that matters happens to be a US co. @JulesPolonetsky: I know, it i… (cont) http://deck.ly/~5zapC #
- I think the point was that EU law would apply to non-EU based co. too, even if they hve no territotial connect… (cont) http://deck.ly/~4CgJH #
- that's not what the article said RT @JulesPolonetsky: EU #privacy law to be applied primarily vs US companies… (cont) http://deck.ly/~JQ6Wk #
- Reding : EU privacy laws will apply to any online co. targeting EU market http://reut.rs/dZU2K1 #dataprotection #
- RT @LossofPrivacy: The Loss of Privacy Daily is out! http://bit.ly/hoDwKC ▸ Top stories today via @molecule18 @iscool @wc2a_2ae @truste #
- #TAPtalk A7: Do Not Call did not have to address secondary PII databases issues that tracking creates #
- no, because tracking creates those profiles to begin with and users have no control RT @techlawmaven #taptalk #
- #TAPtalk you can't get a job, life insurance or a mate, because of (maybe inaccurate) profile on you that is for sale: harm? #
- the harm is in profiling @AdamThierer: #TAPtalk – at risk of sounding like a broken record, I still don't se… (cont) http://deck.ly/~nYjPm #
- IYou should be able to sell me without my consent @AdamThierer: so I can't use your name in public? Can a journalist report on you?#taptalk #
- #TAPtalk Neither #DNTrack nor icon address lager issue of user control of and access to theirvown data #
- Calabrese:extensive online /offline databases, with personal profiles legally for sale, with no access or control by consumers #senprivacy 5 #
- Soltani: consumers need more transparency on what info is being collected, how it is used and sold #senprivacy 4 #
- Biting article: Online behavioural advertising: threat or menace? http://bit.ly/7Lyelw #SenPrivacy #
- Strickling: Baseline FIPP based protections needed to enable FTC enforcement #SenPrivacy 3 #
- Accountability and enforcement of DNtrack mechanisms have not been addressed #SenPrivacy 2 #
- Leibowitz concerned: DNTrack should not only allow opt-out of targeted ads, but also opt-out of being tracked and datamined. #SenPrivacy 1 #
- Just realized I used wrong # for #SenPrivacy so here come my (belated) notes #
- RT @IntegreonEDD: EU Clarifies Proposed Data-Privacy Rules http://on.wsj.com/dMitue | @WSJ #
- RT @VivianeRedingEU: I am a firm believer in the necessity of enhancing individuals’ control over their own data #epprivacy #dataprotection #
- Calabrese: extensive online /offline databases, with personal profiles legally for sale, with no access or control by consumers #senpriv #
- Soltani: consumers need more transparency on what info is being collected, how it is used and sold #senpriv #
- Biting article: Online behavioural advertising: threat or menace? http://bit.ly/7Lyelw #SenPriv #
- RT @tlordan: Wow. Sen @clairecmc bluntly tells #FTC Chair: More $ 4 #privacy not coming, Agency has plent… (cont) http://deck.ly/~ZRH4t #
- Strickling: Baseline FIPP based protections needed to enable FTC enforcement #SenPriv #
- #senpriv Accountability and enforcement of DNtrack mechanisms have not been addressed #
- Leibowitz concerned: DNTrack should not only allow opt-out of targeted ads, but also opt-out of being tracked and datamined. #SenPriv #
- RT @CFP11: DHS wants to monitor social networks #privacy #cfp11 http://bit.ly/fwib8P #
- Sen. Kerry proposes commercial privacy bill of rights http://ow.ly/4fEot #SenPrivacy #privacy #
- RT @AppPrivacy: Senate hearings on online #Privacy starting now. Live here #SenPrivacy > http://ow.ly/4fEot #
- great read & funny too-Online behavioural advertising: threat or menace? http://bit.ly/7Lyelw #privacy #
- Breaking News: Obama Administration to Support Baseline Privacy Law http://bit.ly/gurlr0 #
- #privchat Mark your calendars for June 14 – 16, CFP conf in Washington, D.C. http://bit.ly/d8BAG2 #privacy #
- or smokescreen RT @jdp23: RT @SelectOut: Do Not Track is a good PR piece for online #privacy despite its flaws. | agreed #privchat #
- #privchat A4 Useless, no oversight, no enforcement #
- #privchat we'e soo far from "overly paternal" RT @GetAbine: A3 It's always a delicate balance between overl… (cont) http://deck.ly/~UDsZx #
- yes, let's have business decide what's good for the consumer RT @privacypug: A3: good presentation on givin… (cont) http://deck.ly/~tpG38 #
- Most don't expect what they put "out there" to be aggregated and turned into some KGB file about them RT @Just… (cont) http://deck.ly/~eOmJW #
- RT @abrandtva: #PrivChat A3: I really like the theory that I heard last week at the #iappsummit set the priva… (cont) http://deck.ly/~obnPM #
- #privchat add: without my consent RT @EUdiscovery: in a physical market, tracking me would be illegal. hint. #
- without my consent RT @EUdiscovery: in a physical market, tracking me would be illegal. hint. #
- in a physical market, tracking me would be illegal. hint. RT @CenDemTech: @EUdiscovery… we're in a tough spot, no? #PrivChat #
- RT @CenDemTech: #PrivChat Q2 pt. 2: Social Media is the new market place; either participate or disappear #
- agree RT @privacypug: A2: Depends on how much real control the SM platform gives you over how your data is broadcast. #PrivChat #
- A1 #privchat reframing the question What's the economic value of a bad/good reputation because of datamining? #
- #privchat A1: #paywithdata Data subject should retain some control over which data he/she wants to exchange #
- #PrivChat A1: The concept of #PayWithData there should be a clear sign of the price of the goods, just like in a store #
- for subject of data, value may be not value, but unmeasurable damage RT @PrivacyCamp: #PrivChat – less than a 10th of a cent #
- #privchat A1: I first have to know that an economic transaction is going on. #
- Monique Altheim i NY http://bit.ly/d8BAG2 #privchat #
- #privacy RT @privacychoice: FTC slaps Chitika for bad opt-out …http://goo.gl/9jqXN – be sure to check you… (cont) http://deck.ly/~Evt2w #
- RT @ComplexD: LinkedIn Now Serves as Professional Profile of Record for Lawyers – http://tinyurl.com/4bsx8wp (Kevin O'Keefe) #
- Mark your calendars: June 14-16 Computers, Freedom and #Privacy Washington D.C. http://snipr.com/27aloh #privchat #
- Mark your calendars: June 14-16 Computers, Freedom and #Privacy Washington D.C. http://snipr.com/27aloh #
- TFTP/SWIFT Agreement– 1st inspection by Europol JBS raises serious concerns about compliance with #dataprotec
As an attorney, licensed both in the EU and in the US, with a special interest in privacy law, I was able to observe quasi simultanuous policy making by both Brussels and Washington, D.C. on the same subject matter, from the comfort of my office in New York, thanks to the marvel of web streaming.
In Brussels, a meeting of the “European Privacy Platform” group of the European Parliament convened to hear Viviane Reding, Vice President of the European Commission, Commissioner for Justice, Fundamental Rights and Citizenship, give her insights on the “The Review of the EU Data Protection Framework”, the proposed overhaul of the European Data Protection Directive 95/46/EC. Axel Voss, Rapporteur on the Communication of the Commission on the strategy for personal data protection in the European Union shared his opinion as well. The event was chaired by MEP Sophie in ‘t Veld, and was attended by a vast array of stakeholders, among whom I recognized attorneys Monika Kuschevsky and Tanguy Van Overstraeten, Marisa Jimenez from Google and privacy consultant Dan Manolescu.
On the same day, in Washington, D.C., the U.S. Senate Committee on Commerce, Science and Transportation, held a hearing on “The State of Online Consumer Privacy”, with a witness panel consisting of FTC Chairman Leibowitz, Lawrence E. Strickling, Assistant Secretary for Communications and Information of the Department of Commerce, Erich D. Andersen of Microsoft, John Montgomery, COO of GroupM Interaction, Ashkan Soltani, a researcher and consultant, Barbara Lawler, the Chief Privacy Officer of Intuit, and Chris Calabrese, Legislative Counsel for the American Civil Liberties Union.
Check out the recorded stream of the EP session here, and for a complete overview of the Senate hearing’s witnesses’ prepared statements, look here.
In Brussels, the debate occurred in the context of the revision of the comprehensive data protection directive, passed a good 16 years ago, while in Washington the hearing was held in the context of a possible introduction of a comprehensive privacy bill for the very first time.
These two sessions, held simultaniously across the two sides of the Atlantic, exposed how very different the EU’s and US’s approaches to privacy still are.
At the basis lies a dramatically different motivation for the passing of privacy laws and regulations or systems self-regulation.
As Viviane Reding reminded the audience in her opening statement, the Charter of Fundamental Rights and the Lisbon Treaty guarantees the right to protection of personal data in the EU as a human right.
In the US, there has never been a recognition of privacy and protection of personal data as a human right. Instead, there seemed to be a consensus at the hearing that the introduction of a global privacy bill (or “Consumer Privacy Bill of Rights”) with some baseline principles should be warranted because it would offer a competitive advantage to corporations by increasing consumer trust and would improve international commerce by alignigning the US with the Asia-Pacific Economic Coordination (APEC) Privacy Principles and the E.U. Directive.
In the competing interests between individual rights and commerce, commerce always comes first in the US.
The difference in approach also gets translated in the language that is used: While in the EU the debate is about “individuals, people, EU citizens and data subjects”, in the US the only concern seems to be for “consumers”.
While in Washington, D.C., the stakeholders were debating on how to introduce some basic online privacy protection legislation, the session in Brussels was trying to finetune an entrenched, but already antiquated body of laws.
In Wasington, D.C., Jon Leibowitz, Chairman of the Federal Trade Commission (FTC), proposed a framework to balance consumer privacy with industry innovation by:
1) building privacy protections into everyday business practices (“privacy-by-design”);
2) simplifying privacy choices for consumers; and
3)improving transparency with clearer, shorter privacy notices.
The FTC also proposed a Do Not Track mechanism that would allow consumers to choose not to have their Internet browsing tracked by third parties. The testimony noted that two of the major Internet browsers – Microsoft and Mozilla – “have recently announced the development of new choice mechanisms for online behavioral advertising that seek to provide increased transparency, greater consumer control, and improved ease of use.”
Ashkan Soltani explained the two types of Do Not Track mechanisms:
The Header Approach: The user who toggles a Do Not Track setting in his web browser sends a signal to each remote server that he wishes not to be tracked. But “The online industry has not yet committed to respect the header” and ”Of course, in order this mechanism to be effective, it will depend upon a clear set of rules defining what websites should do when they receive this signal.”
The Blocking Approach: the consumer has to engage a list of unwanted servers engaged in tracking behavior, in order for the browser to block the connections to the servers. The problem is that there are about 600 domains engaged in tracking and growing…
Lawrence E. Strickling, Assistant Secretary for Communications and Information of the Department of Commerce, urged Congress to enact new legislation setting forth baseline consumer data privacy protections—that is, a “consumer privacy bill of rights” consisting of comprehensive Fair Information Practice Principles (FIPPs), providing the FTC with the authority to enforce any baseline protections. Of course, this legislation would also contain the usual loopholes, a.k.a. safe harbors for companies that implement codes of conduct that are consistent with the baseline protections.
Christopher R. Calabrese, Legislative Counsel American Civil Liberties Union, made a poignant statement, refuting the many sceptics who still dispute the possibility of harm to the consumer brought on by the status quo in datamining and lack of data protection.
“The harms caused by excessive and invasive data collection are real and pressing. They begin with straightforward invasions of privacy. Should anyone have the right to know and sell to others the fact that you are overweight, or depressed, or gay? These are all commonplace occurrences with marketers and social networking sites routinely making and selling these determinations. They have significant consequences for consumers who have no say in the collection and use of their own information.
Personal information can also reveal weaknesses that unscrupulous actors can exploit. Ninety-two year old veteran Richard Guthrie was bilked out of more than $100,000 by criminals who identified him from marketing lists. InfoUSA routinely advertised lists of:
―Elderly Opportunity Seekers,‖ 3.3 million older people ―looking for ways to make money,‖ and ―Suffering Seniors,‖ 4.7 million people with cancer or Alzheimer‘s disease.
―Oldies but Goodies‖ contained 500,000 gamblers over 55 years old, for 8.5 cents apiece. One list said: ―These people are gullible. They want to believe that their luck can change.‖
He also warned of the real risk to First Amendment Rights the status quo poses:
“Courts have uniformly recognized that government requests for records of which books, films, or other expressive materials individuals have received implicate the First Amendment and trigger exacting scrutiny.These cases are grounded in the principle that the First Amendment protects not only the right of individuals to speak and to express information and ideas, but also the corollary right to receive information and ideas through books, films, and other expressive materials. Within this protected setting, privacy and anonymity are vitally important.
An individual may desire anonymity when engaging in First Amendment activities—like reading, speaking, or associating with certain groups—because of ―fear of economic or official retaliation, . . . concern about social ostracism, or merely . . . a desire to preserve as much of one‘s privacy as possible.”
In Brussels meanwhile, Vivian Reding introduced her “four pillars” on which people’s rights need to be built:
1)The right to be forgotten:
The right ( and not the mere possibility) of the data subjects to withdraw their consent to data processing, with the burden of proof shifting to the data controller to show that retention of data is necessary.
2) More transparency:
“Individuals must be informed about which data is collected and for what purposes. They need to know how it might be used by third parties. They must know their rights and which authority to address if those rights are violated. They must be told about the risks related to the processing of their personal data so that they don’t loose control over their data or that their data is not misused. This is particularly important for young people in the online world.”
3) Privacy by Default:
Vivian Reding introcuced a new concept here, not to be confused with Anne Cavoukian’s “Privacy by Design”.
Whereas under ‘Privacy by Design” , the default settings are always set to “private”, in “Privacy by Default”, Reding explained, the privacy settings are designed to be easily found and manipulated by the user, so that “you don’t have to be an engineer to set your privacy settings.” This does not imply, however, that the default setting has to be “private” or, in other words, this does not imply an opt-in requirement, like “Privacy by Design” does.
So “Privacy By Design” implies privacy settings by default, while “Privacy by Default” does not imply privacy settings by default.
Between “Privacy by Design” and “Privacy by Default”, I am by now confused by design and perplexed by default.
4) Protection regardless of location of data:
Since personal data protection of EU citizens is a human right, Reding argued it should be safeguarded no matter the location of the data, the servers, or the controllers.
The present framework is “controller centric”. The defining criterion is the location of the data “controller”: is it/he/she located within the EU/EEA, either physically or symbolically? If yes, the controller is subject to the EU Data Protection framework.
Contrast this to the US model, which is “consumer centric”: The defining criterion for most US privacy laws, like e.g. COPPA, is the targeted market. Is the company targeting children in the US market? If yes, the US laws, in this case COPPA, are applicable, regardless of where the data controller is located.
Reding’s proposal of a “targeted market” model would actually emulate the US system.
Reding cited the following example ”For example, a US-based social network company that has millions of active users in Europe needs to comply with EU rules. To enforce the EU law, national privacy watchdogs shall be endowed with powers to investigate and engage in legal proceedings against non-EU data controllers whose services target EU consumers.”
This had the headlines screaming: Facebook, Google “must adhere” to EU privacy rules.
While in the Washington, D.C., the different stakeholders seemed to finally agree on a need for more transparancy for consumers, but were still unsure on whether to implement it through legislation, regulation, self regulation, or Do Not Track mechanisms that so far have no oversight nor enforcement of the user’s wishes, in Brussels, the regulators were arguing for more stringent transparency and for an additional right of the data subject, the right to be forgotten.
While the general understanding in the US is that we are moving towards a system of self-regulation, with maybe a very basic and vague privacy bill for good measure, the EU seems to be moving towards a much more stringent application of personal data protection of its citizens.
When asked about the possibility of including self-regulation in the future framework, Vivian Reding answered: “Self-regulation is an interesting concept, but it has to be based on EU law, has to be compatible with EU law and has to be enforceable.”
As Sophie in’t Velt woefully noted:”We still have a lot of work to do across both sides of the Atlantic.”
This year’s theme is “The Future is Now”, and will engage not only the experts and the policymakers, but the public as well in discussions about the information society, and the future of technology, innovation, and human rights.
Unlike most other privacy conferences that focus exclusively on the needs of the industry, this conference seeks to involve multi-stakeholder participation as speakers and attendees that represent the diverse global community of organizations and professionals who work on policy, technology and law.
Some of the topics will revolve around hot topics such as social media’s role in the democracy movement in the Middle East and North Africa and the impact of mobile personal computing technology on freedom and privacy.
The multi-stakeholder participation at this conference will for sure generate intellectually stimulating discussions on the subjects of Computers, Freedom and Privacy.
Below is a short video with testimonials by organizers and previous participants of CFP conferences.
For the sake of full disclosure, I produced, filmed and edited this video in my spare time and I am also on the Committee of the CFP conference 2011.
For more details see http://www.cfp.org/ and http://epic.org/events/CFP_2011_Brochure.pdf