Tag: EU

The Right to be Forgotten: EU Decision

~ Peggy Reetz ~ Leave a comment

euflagth4P2UWF78

Historic Decision by the European Union’s Highest Court

The European Court of Justice ruled in favor of an individual’s right to have Google delete certain links about that individual. The decision was based in part on a finding by the court that Google is a data controller, which apparently is at odds with earlier EU rulings – ECJ’s Advocate General decided in 2013 that Google did not need to delete the links because it was not the “controller” of data and that information should only be deleted when the personal information is either incomplete or inaccurate.

Some commentators question the basis for the decision: “Given that the EU has spent two years debating this right as part of the reform of EU privacy legislation, it is ironic that the ECJ has found it already exists in such a striking manner.” Richard Cumbley of Linklaters told The New York Times.

And, practitioners sound the alarm: Operationally, this will “put search engines in the extremely onerous position of having to take a view on how to comply with potentially millions of individual requests.”  (See more details at IAPP Newsletter, The Privacy Advisor, https://www.privacyassociation.org/publications)

Google and others will argue that this amounts to censorship; from Levi Sumagaysay’s blog:

* * * *

Does the right to be forgotten — or the right to privacy — outweigh censorship concerns? “[The decision] is one of the most wide-sweeping Internet censorship rulings that I’ve ever seen,” Wikipedia founder Jimmy Wales told the BBC. Wales said he expects Google to fight back hard. “If they have to start coping with everybody who whines about a picture they posted last week, it’s going to be very difficult for Google.”

http://www.siliconbeat.com/author/lsumagaysay/

Reports of ‘Safe Harbor’ Demise are Premature?

~ Peggy Reetz ~ Leave a comment

Brill addresses Issues at IAPP Data Protection Congress in Brussels
HiRes

FTC Commissioner Julie Brill delivered remarks at the IAPP Data Protection Congress in Brussels today along with one the EU’s Commissioners, Constantijn van Orange-Nassau.  Commissioner Brill acknowledged some of the criticism being leveled at the U.S.-EU Safe Harbor Data Protection process in light of revelations from the Edward Snowden-NSA so-called spying scandal.  Snowden’s disclosures included copies of PowerPoint presentation slides identifying the NSA’s PRISM program, which program reportedly allowed the NSA to gain access to the private communications of users of nine popular Internet services (including Google, Yahoo!, Facebook, Microsoft and others).  The Safe Harbor framework is supposed to allow for the transfer of such personal data in compliance with the EU Data Protection Directive.  The FTC is responsible for compliance enforcement, once an entity self-reports to the U.S. Department of Commerce.

As a result of the revelations, certain EU principals began to question the efficacy of the terms of transferring data between U.S. and EU entities, via the Safe Harbor program.  See remarks from Vice President Reding as of July 2013:

http://europa.eu/rapid/press-release_MEMO-13-710_en.htm

–“PRISM has been a wake-up call. The data protection reform is Europe’s answer.”

–“The Safe Harbour agreement may not be so safe after all.”

Now, Commissioner Brill acknowledges the issue and responds, in part:

–“[Safe Harbor is a] very effective tool for protecting the privacy of EU consumers … the FTC has vigorously enforced the Safe Harbor.”

–“We’ve taken the initiative to look for Safe Harbor violations in every single privacy and data security investigation we conduct. That’s how we discovered the Safe Harbor violations of Facebook, Google and Myspace.”

–“[Safe Harbor has]received its share of criticism in large part due to revelations about government surveillance. There’s no doubt that has created tensions in the transatlantic partnership.”

Commissioner Brill likewise took to Twitter to drive home the point:  “Safe Harbor is strong – can help make it strong; increase transparency; make ADR more affordable; strengthen accountability #dpcongress”

BrillTweetsreEU

BrillSafeHarborttweets


See article at:

https://www.privacyassociation.org/publications/eu_u.s._officials_indicate_potential_privacy_agreement_at_data_protection_c

Her EU colleague took the opportunity to outline what should be the focus for these cross-Atlantic partnerships: 1) a standard commitment to Privacy by Design; 2) any Big Data applications that might put fundamental rights at risk should have a privacy impact assessment required; 3) consent is a cornerstone of data protection; and, 4) there needs to be a commitment to de-identification.

euflagth4P2UWF78

Brill, for her part, Tweeted a photo of the two privacy regulators engaged in conversation; apparently, doing some one-on-one diplomacy to try to calm these choppy waters!
brilltweets

blue anchor