ARTICLE 29 DATA PROTECTION WORKING PARTY: Opinion 2/2010 on online behavioural advertising

Behavioural advertising entails the tracking of users when they surf the Internet and the  building of profiles over time, which are later used to provide them with advertising matching  their interests. While the Article 29 Working Party does not question the economic benefits  that behavioural advertising may bring for stakeholders, it firmly believes that such practice  must not be carried out at the expense of individuals' rights to privacy and data protection.  The EU data protection regulatory framework  setting forth specific safeguards must be  respected. To facilitate and encourage compliance, the present Opinion clarifies the legal  framework applicable to those engaged in behavioural advertising.   In particular, the Opinion notes that advertising network providers are bound by Article 5(3)  of the ePrivacy Directive pursuant to which  placing cookies or similar devices on users'  terminal equipment or obtaining information through such devices is only allowed with the  informed consent of the users. The Opinion notes that settings of currently available browsers  and opt-out mechanisms only deliver consent in very limited circumstances. The Opinion
asks advertising network providers to create prior opt-in mechanisms requiring an affirmative  action by the data subjects indicating their willingness to receive cookies or similar devices  and the subsequent monitoring of their surfing behaviour for the purposes of serving tailored  advertising. The Opinion considers that users' single acceptance to receive a cookie may also  entail their acceptance for the subsequent readings of the cookie, and hence for the  monitoring of their internet browsing. Thus, to meet the requirements of Article 5(3) it would  not be necessary to request consent for each reading of the cookie. However, to keep data  subjects aware of the monitoring, ad network providers should: i) limit in time the scope of  the consent; ii) offer the possibility to revoke it easily and iii), create visible tools to be  displayed where the monitoring takes place. This approach would address the problem of  burdening users with numerous notices while ensuring that the sending of cookies and the  subsequent monitoring of Internet surfing behaviour for the  purposes of serving tailored  advertising only takes place with data subjects' informed consent.   Because behavioural advertising is based on the use of identifiers that enable the creation of  very detailed user profiles which, in most  cases, will be deemed  personal data, Directive  95/46/EC is also applicable. The Opinion comments on how advertising network providers  should comply with the obligations that arise from this Directive, notably, with respect to  rights of access, rectification, erasure, retention, etc. Taking into account that publishers may  share certain responsibility for the data processing that takes place in the context of
behavioural advertising, the Opinion calls upon publishers to share with ad network providers  the responsibility for providing information to individuals and encourages creativity and  innovation in this area. Given  the nature of the practice of behavioural advertising,  transparency requirements are a key condition for  individuals to be able to consent to the  collection and processing of their personal data and exercise effective choice. The Opinion  sets out the information obligations of advertising network providers/publishers vis-à-vis data  subjects, referring in particular to the ePrivacy Directive, which requires that users be  provided with "clear and comprehensive information".  The Opinion analyses and clarifies the obligations set forth by the applicable legal  framework. However, it does not prescribe how, from a technology point of view, such
obligations must be complied with.  Instead, in different areas, the Opinion invites industry to  undertake a dialogue with the  Article 29 Working Party with the view to put forward  technical and other means to comply with the framework as described in the Opinion as soon  as possible. Towards this end, the Article 29 Working Party  will contact stakeholders to  request their input. Entities that are not explicitly consulted are welcomed to send their  contributions to the Secretariat of the Article 29 Working Party.

If you want to know more please click here

Why the EU Privacy Directive is not a real threat to the internet industry

The new EU e-Privacy Directive that comes into effect in the UK on May 25 has caused a major stir in the local internet community, but its real impact will depend on enforcement and ‘cost’ to end users.

Could common sense prevail? Perhaps, but in the end practicality will...

Read more for the  EU e-Privacy Directive 

Source: http://econsultancy.com/uk/blog

Location Based Services: European Data Protection Rules for Mobile Commerce

Wireless systems and unique identification of communication devices, combined with location data, enable service providers to deliver services based on location information. Information services that use the localization of the user via mobile network cells or satellites, in order to offer the user services that are tailored to its precise geographic position (so-called ‘‘Location Based Services’’ (LBS)), are among the most attractive services of mobile commerce. Examples of such services include; navigation services (tourist offers, management of car fleets or sales representatives, etc.); computer games and other games that make use of the possibility to locate the player (scavenger hunt, quiz, etc.); information services (weather, leisure time, restaurants, shopping, etc.); as well as advertisements (vouchers, etc.).
Read more for the Location-based services

Source: http://www.hunton.com/files  JORG HLADJ

Data Protection and Small and Medium Enterprises - REPORT

1 There is a high level of awareness of data protection and the Data Protection Act. 


2 There is broad acceptance of the values and principles of data protection, although opinions  appear divided as to the benefits of compliance. 


3 Awareness and acceptance of principles in broad terms does not necessarily translate into 
specific knowledge of registration/notification. 


4 The compliance or ‘red tape’ burden associated with government regulation does not appear to  be a major issue for the Data Protection Act for most of the business, although there is a small  ‘vocal minority’ who consider this an issue. 


5 Two key terms registered most strongly with the businesses  (1) Security of Data and Information, and (2) Confidentiality.  Privacy also figured as a significant term, but not to the  same extent. 


6 Effective practice in data protection was closely associated with wider information management  and data control within the business – those enterprises that deployed information for business benefit tended to be actively supportive of data protection principles and found it easy to comply  with the Act. 


7 Individual and shared attitudes towards data protection and information are key influences on  business approaches to this issue, and so constitute a primary influence on compliance and  engagement with the Act and the ICO. 


8 Different approaches to data protection and information can be identified, and used to identify  distinctive segments – each with different requirements and approaches. 


9 There was some indication that respondents were considering effective practice in information  and data management and handling, with data protection being seen as a ‘sub-set’ of these  considerations.  Good practice in data protection, in other words, appears to be part of and to  stem from wider approaches to information. 


10 Although the Act itself had a high profile, the ICO was less well known and some businesses  thought that it would be useful for the ICO to engage more with SMEs
Full Report


Source: http://www.ico.gov.uk

Safe Harbor: Why EU data needs 'protecting' from US law

Why were the Safe Harbor principles created in the first place? To maintain trade between Europe and the United States, with Europe fully aware of the lax attempts at data privacy performed on the part of the U.S.’s biggest companies.

Why Europe needed Safe Harbor principles

The vast majority of people using services on the web — be it web-based email like Hotmail or Yahoo!, social networks like Facebook and Twitter, or anything as minute as a website requiring registration– tend not to think about where their personal data like photos and email is stored.

On the whole, these services are designed to save us time and energy, and we have come to want the offerings of these services on-demand, without thinking too much about privacy. We expect our respective governments, wherever we are in the world, to protect us to a level where we can act and communicate freely.

However, an inequality in legal protection between the United States and the European Union could have massive consequences for users of ‘the cloud’.

Data protection legislation differs greatly between the European Union and the United States. With a vast number of organisations branching out to worldwide offices during the dot-com boom, it was clear to legislators that data transfer and protection laws needed a global overhaul. A particular area of focus for data legislation was the European Union, with dozens of countries sharing elements of the same law.

If you want to read more, click here

Source: http://www.zdnet.com/

EU privacy report: Search engines should delete data

A European Union privacy panel wants Internet search engine providers like Google and Yahoo to delete data taken from users after six months, even when they operate abroad.

If you want to read more, please click here

Source: http://abcnews.go.com/Technology/story?id=4627800&page=1

Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data

The unofficial text 
on the protection of individuals with regard to the processing of personal data and on the free movement of such data


Source: http://www.cdt.org

Case study- Emails, right to privacy at work

The European Court of Human Rights has ruled that a UK employer was wrong in law in monitoring the private email, phone and Internet use of one of its employees.
If you want to read more, please click here


source: http://www.privacydataprotection.co.uk

What Are Your Rights Regarding Email Privacy In The Workplace?

Does the Law Protect My Privacy Regarding Emails At Work?

How Email Monitoring Works?

How can I Protect my Email Privacy In The Workplace?

If you want to know more, please click on this link 

source:   http://www.yourprivacy.co.uk

What is Traitorware?

Your digital camera may embed metadata into photographs with the camera's serial number or your location. Your printer may be incorporating a secret code on every page it prints which could be used to identify the printer and potentially the person who used it. If Apple puts a particularly creepy patent it has recently applied for into use, you can look forward to a day when your iPhone may record your voice, take a picture of your location, record your heartbeat, and send that information back to the mothership.
This is traitorware: devices that act behind your back to betray your privacy.
If you want to read more, please click here:

source:  Eva Galperin, https://www.eff.org/

What Are Your Rights Regarding Email Privacy In The Workplace?

Is someone spying on your emails? Use an email account at work and they could well be. The laws protecting your email privacy at work are sticky: so get to know your rights, and make sure you maintain your dignity. Did you hear the one about the woman whose husband burned her tea? Best not…
If you want to read more, please click here

Cyberstalking

"Cyberstalking can be defined as threatening behavior or unwanted advances directed at another using the Internet and other forms of online and computer communications."
If you want to know more please click here

Source: http://www.ncvc.org/