Tagged: EU Toggle Comment Threads | Keyboard Shortcuts

  • Gerrit Eicker 07:42 on 30. January 2012 Permalink
    Tags: , , Cybercrime, , Denmark, , , EU, , , , , , , , , , , , , Slovenia, , , , , , , , ,   

    Internet Freedom vs. Government 

    TC: Twitter’s new policies demonstrate the complicated relationship between Internet freedom and government; http://eicker.at/2o

     
  • Gerrit Eicker 11:49 on 30. November 2011 Permalink
    Tags: , , , , EU, EU Commission, , , , , , , , , , , Privacy Audits, , , , , , , , , , , ,   

    Facebook Privacy: FTC Settlement, EU Fires 

    While Facebook settles with the FTC, the EU commission starts firing at its business model; http://eicker.at/FacebookPrivacy

     
    • Gerrit Eicker 11:50 on 30. November 2011 Permalink | Reply

      FTC: “The social networking service Facebook has agreed to settle Federal Trade Commission charges that it deceived consumers by telling them they could keep their information on Facebook private, and then repeatedly allowing it to be shared and made public. The proposed settlement requires Facebook to take several steps to make sure it lives up to its promises in the future, including giving consumers clear and prominent notice and obtaining consumers’ express consent before their information is shared beyond the privacy settings they have established. … The proposed settlement bars Facebook from making any further deceptive privacy claims, requires that the company get consumers’ approval before it changes the way it shares their data, and requires that it obtain periodic assessments of its privacy practices by independent, third-party auditors for the next 20 years. – Specifically, under the proposed settlement, Facebook is: barred from making misrepresentations about the privacy or security of consumers’ personal information; required to obtain consumers’ affirmative express consent before enacting changes that override their privacy preferences; required to prevent anyone from accessing a user’s material more than 30 days after the user has deleted his or her account; required to establish and maintain a comprehensive privacy program designed to address privacy risks associated with the development and management of new and existing products and services, and to protect the privacy and confidentiality of consumers’ information; and required, within 180 days, and every two years after that for the next 20 years, to obtain independent, third-party audits certifying that it has a privacy program in place that meets or exceeds the requirements of the FTC order, and to ensure that the privacy of consumers’ information is protected. – The proposed order also contains standard record-keeping provisions to allow the FTC to monitor compliance with its order.

      ATD: “Facebook has agreed to 20 years of privacy audits in response to complaints by the U.S. Federal Trade Commission that it unfairly deceived users about the privacy of their personal information, as was anticipated. The settlement, which is not particularly punitive and comes years after some of the incidents in question, shames Facebook for promising users that their information was kept private while it was in fact shared with advertisers and outside applications that the users or their friends installed. … Facebook’s punishment is in line with what its competitors Twitter and Google have already agreed to: Clearer privacy policies that are audited every two years for the next 20 years.”

      AdAge: “Facebook has settled with the Federal Trade Commission on charges that it rolled out upgrades that overrode users’ privacy settings without obtaining their consent and shared their private information with third-party apps and advertisers. – The settlement marks the first time that the FTC has taken action against the social network, though its European counterparts have been more aggressive in attempts to regulate Facebook and others. The European Commission reportedly intends to amend data-protection laws to ban targeted advertising unless users explicitly opt in, and Facebook would be subject to fines if it fails to comply. … Like the settlement reached with Google over its now-defunct social-networking Buzz product in March, the settlement carries no financial penalty. Facebook is subject to a $16,000 fine per violation per day if it fails to comply with the terms of the order.”

      SEL: “[T]he FTC settlement is also a reminder that privacy is alive and well. It’s also concrete proof that there are consequences for being cavalier about privacy. – This is even more true in Europe, where governments and regulators take privacy 10x more seriously that we do in the US. There are several investigations pending in Europe; and proposed legislation to be introduced early next year by the European Commission would place disclosure requirements and other constraints around Facebook’s ad targeting capabilities.”

      NYT: “Several privacy bills are pending in Congress, and Internet companies have stepped up their lobbying efforts. The F.T.C., meanwhile, has ratcheted up its scrutiny of Internet companies. This year alone, it has reached settlement orders with some of the giants of Silicon Valley, including Google. – The order comes amid growing speculation about Facebook’s preparations for an initial public offering, which could be valued at more than $100 billion. The settlement with the F.T.C., analysts say, could potentially ease investors’ concerns about government regulation by holding the company to a clear set of privacy prescriptions.”

      VB: “Now with third party audits required for the next two decades, including the FTC’s new ability to monitor Facebook’s compliance with the settlement (standard record-keeping procedure), Facebook users will be much more informed and kept up-to-date with any changes the platform might make that has the potential to distribute or share a consumer’s private information without his or her express permission. Or that’s the hope, right?

      Zuckerberg, Facebook: “I founded Facebook on the idea that people want to share and connect with people in their lives, but to do this everyone needs complete control over who they share with at all times. – This idea has been the core of Facebook since day one. When I built the first version of Facebook, almost nobody I knew wanted a public page on the internet. That seemed scary. … Overall, I think we have a good history of providing transparency and control over who can see your information.That said, I’m the first to admit that we’ve made a bunch of mistakes. In particular, I think that a small number of high profile mistakes, like Beacon four years ago and poor execution as we transitioned our privacy model two years ago, have often overshadowed much of the good work we’ve done. … I’m committed to making Facebook the leader in transparency and control around privacy. … Recently, the US Federal Trade Commission established agreements with Google and Twitter that are helping to shape new privacy standards for our industry. Today, the FTC announced a similar agreement with Facebook. These agreements create a framework for how companies should approach privacy in the United States and around the world. … Even before the agreement announced by the FTC today, Facebook had already proactively addressed many of the concerns the FTC raised. … In addition to these product changes, the FTC also recommended improvements to our internal processes. … As part of this, we will establish a biannual independent audit of our privacy practices to ensure we’re living up to the commitments we make. … Erin Egan will become Chief Privacy Officer, Policy. … Michael Richter will become Chief Privacy Officer, Products. … These two positions will further strengthen the processes that ensure that privacy control is built into our products and policies. I’m proud to have two such strong individuals with so much privacy expertise serving in these roles. – Today’s announcement formalizes our commitment to providing you with control over your privacy and sharing…

      RWW: “Since the settlement, Zuckerberg has penned a blog post outlining the Facebook features that the site has launched, which include friend lists, the ability to review tags before they appear on a profile, mobile versions of privacy controls, amount other notable updates. … According to the Sophos Security Blog, in addition to the privacy audits, if the settlement proceeds, Facebook also must stop misrepresenting its security and privacy policies, obtain consent when handing personal data, establish a stronger privacy program and, perhaps most importantly, prevent people from accessing information from deleted/deactivated accounts 30 days after they have been closed.”

      GigaOM: “Not surprisingly, Facebook appears keen to put the FTC incident in the past. CEO Mark Zuckerberg on Tuesday addressed the settlement with a lengthy company blog post in which he noted that it is ‘a similar agreement’ to those the FTC has previously reached with Google and Twitter. He also said Facebook has been proactive in bolstering privacy prior to today’s announced settlement with a number of product updates enacted in the past 18 months.”

      RWW: “On the one hand: As any IT security manager knows, the way to implement privacy control in an organization is not to make the private data available in the first place. Modern information security policies are never about per-instance restrictions to the otherwise free flow of information. The same level of controls can, and perhaps should, be provided for directing flow in the opposite direction. That is to say, share nothing by default, and opt in to services that other users and even apps may request. – On the other hand: Facebook’s responsibility for the protection of data provided by users of their own free will, and without any binding contract other than the implied consent agreement, is somewhat limited. The FTC made clear to cite Facebook for misrepresenting its services from the outset, and that misrepresentation gives the government the leverage it needed to force Facebook to change its policies (even though Zuckerberg implies no such change is necessary now). But had that misrepresentation not existed, the FTC may not have had much ground to stand on. It’s hard to establish a standard of care for property that so many millions of individuals willingly give for free.

      TC: “Zuckerberg Loves That The FTC Wants You To ‘Like’ Them On Facebook – You know what Zuck (and around 400 Facebook employees including PR rep Caryn Marooney) do take lightly, according to this comment thread on a Facebook internal network? The fact that the FTC ironically asks readers to ‘Like’ them on Facebook at the bottom of the release statement outlining today’s Facebook settlement. – My favorite part of this? ‘This would make a great public post.’ Be careful what you wish for.

      Telegraph: “Facebook faces a crackdown on selling users’ secrets to advertisers – The European Commission is planning to stop the way the website ‘eavesdrops’ on its users to gather information about their political opinions, sexuality, religious beliefs – and even their whereabouts. – Using sophisticated software, the firm harvests information from people’s activities on the social networking site – whatever their individual privacy settings – and make it available to advertisers. – However, following concerns over the privacy implications of the practice, a new EC Directive, to be introduced in January, will ban such targeted advertising unless users specifically allow it. … Viviane Reding, the vice president of European Commission, said the Directive would amend current European data protection laws in the light of technological advances and ensure consistency in how offending firms are dealt with across the EU. – ‘I call on service providers – especially social media sites – to be more transparent about how they operate. Users must know what data is collected and further processed (and) for what purposes. Consumers in Europe should see their data strongly protected, regardless of the EU country they live in and regardless of the country in which companies which process their personal data are established.’ … A spokesman for the UK Information Commissioner said: ‘Facebook should ensure that any data it collects should be used in the manner that its users expect. If personal data is being passed on to a third party or used for targeted advertising then this should be made clear to the user when they sign up to the site and reinforced when users are invited to use an application.'”

      SEL: “A new directive by the European Commission may stop advertisers from leveraging users’s information when advertising on Facebook. … The new laws would require that users would need to approve more than the standard 4,000 word contract if their personal information was to be used in ad targeting. … If Facebook does not conform to the new rules laid out by the EC, they could face legal action or a ‘massive fine.’

      VB: “Facebook’s entire business model is under fire in the EU – Facebook (and just about every other free Web service) has built a business on that saying and its implications, and the European Commission is taking the social network to task for it. The EU is considering a ban on Facebook’s practice of selling demographic data to marketers and advertisers without specific permission from users. … Facebook is on track for $4.27 billion in revenue this year, largely due to its wildly successful ad platform. The company also has a full 16.3 percent of the overall share of U.S. online display ad revenue.”

  • Gerrit Eicker 08:33 on 3. October 2011 Permalink
    Tags: , , , , , , , EU, EU Directive, EU Directives, , , Facebook Cookies, Facebook Logout, Facebook Logout Process, , , , , , Logout, Logout Process, Logout Processes, , , , , Personal Identifiers, , , , , , , , , , Supercookies, , ,   

    Facebook Cookies 

    Cubilovic: Logging out of Facebook is not enough; maybe fixed.Arrington: brutal dishonesty; http://eicker.at/FacebookCookies

     
    • Gerrit Eicker 08:33 on 3. October 2011 Permalink | Reply

      Arrington: “‘Facebook does not track users across the web,‘ – A Facebook spokesperson on September 25, 2011 and ‘Generally, unlike other major Internet companies, we have no interest in tracking people.‘ – Facebook employee on September 25, 2011 v. ‘A method is described for tracking information about the activities of users of a social networking system while on another domain.‘ – Facebook Patent application dated September 22, 2011Whoops

      Cubrilovic: “[L]ogging out of Facebook only de-authorizes your browser from the web application, a number of cookies [including your account number] are still sent along to all requests to facebook.com. Even if you are logged out, Facebook still knows and can track every page [that integrate facebook] you visit. The only solution is to delete every Facebook cookie in your browser, or to use a separate browser for Facebook interactions. … To clarify, I first emailed this issue to Facebook on the 14th of November 2010. I also copied the email to their press address to get an official response on it. I never got any response. … I have been sitting on this for almost a year now. The renewed discussion about Facebook and privacy this weekend prompted me to write this post.”

      Cubrilovic: “My goal was to both identify bugs in the logout process and see that they are fixed, and to communicate with Facebook in getting some of the unanswered questions answered so that the Facebook using public can be informed of how cookies are used on the site – especially with regard to third-party requests. – In summary, Facebook has made changes to the logout process and they have explained each part of the process and the cookies that the site uses in detail. … Facebook has changed as much as they can change with the logout issue. They want to retain the ability to track browsers after logout for safety and spam purposes, and they want to be able to log page requests for performance reasons etc. I would still recommend that users clear cookies or use a separate browser, though. I believe Facebook when they describe what these cookies are used for, but that is not a reason to be complacent on privacy issues and to take initiative in remaining safe. – I discovered a lot of other issues and interesting areas ripe for further investigation while researching the cookie logout issue – and I will be taking each one of them up on the blog here in the near future.”

      BBC: “Facebook has said that it has ‘fixed’ cookies that could have tracked users after they logged out of the site. … In a statement, the firm told the BBC that it had done nothing wrong. ‘There was no security or privacy breach-Facebook did not store or use any information it should not have. Like every site on the internet that personalises content and tries to provide a secure experience for users, we place cookies on the computer of the user.’ … Most cookies perform basic tasks like storing your login details or personal preferences. – But some track the sites users visit, which means that they may be presented with adverts for products or services they researched on the web once they visit other unrelated sites. Consumer concerns over this type of cookie led to a new EU directive, with online firms across Europe currently working out how they can allow users to opt out of these bits of code.

      SEW: “It was recently discovered that some Facebook cookies were left in-tact after logout. While the issue has since been resolved, select data is still tracked and recent Facebook patent information indicates that all logged-out tracking may be intentional. … Facebook reports that the remaining cookies exclude personal identifiers and are completely benign in nature; they serve functions such as generating timestamps, contributing to Facebook’s page reporting, and helping to keep public computers secure. … Facebook isn’t the only one facing privacy and tracking issues, either. Marketers should give note to a couple other stories, including The Wall Street Journal’s recently revised privacy policy (which permits WSJ to track personally identifiable behavior without user consent) and the FTC probe into undeletable ‘supercookies‘ used by Hulu and MSN.com.”

      SMH: “On Friday, 10 public interest groups asked the US Federal Trade Commission to investigate Facebook’s tracking of internet users after they log off. They urged the commission to examine whether Facebook’s new ticker and timeline features increased privacy risks for users by combining biographical information in an easily accessible format. … The lawsuit – filed by Perrin Aikens Davis, of Illinois – seeks class status on behalf of other Facebook users in the US. Davis seeks unspecified damages and a court order blocking the tracking based on violations of federal laws, including restrictions on wiretapping, as well as computer fraud and abuse statutes. – ‘We believe this complaint is without merit and we will fight it vigorously,’ Andrew Noyes, a Facebook spokesman, said in a statement.

  • Gerrit Eicker 09:28 on 10. March 2011 Permalink
    Tags: , , , , , , , , , , , , , , Data Protection Directive, , Directive 2002/58/EC, E-Privacy, E-Privacy Directive, , EU, , Explicit Consent, , , , , , , , , , , , , , , , ,   

    E-Privacy Directive: Cookies 

    The EU E-Privacy Directive and cookies: making companies less competitive or more transparent? http://eicker.at/PrivacyCookies

     
    • Gerrit Eicker 09:29 on 10. March 2011 Permalink | Reply

      BBC: “From 25 May, European laws dictate that ‘explicit consent’ must be gathered from web users who are being tracked via text files called ‘cookies’. … The changes are demanded by the European e-Privacy directive which comes into force in the UK in late May. – The section of the directive dealing with cookies was drawn up in an attempt to protect privacy and, in particular, limit how much use could be made of behavioural advertising. – This form of marketing involves people being tracked across websites, with their behaviour used to create a profile that dictates the type of adverts they see. … The exact steps that businesses have to go through to comply with the law and gain consent from customers and users are being drawn up by the Department for Culture, Media and Sport (DCMS).”

      TC: “As if European startups weren’t already at a notional disadvantage in addressing smaller markets, having access to less venture capital and being geographically spread out, a new EU-wide law proposes to hobble its innovation companies by slapping big privacy warning signs all over their sites. … Although businesses are being urged to work out how they gain ‘consent’ from users, this is bound to cause consternation.Nick Halstead, CEO of Tweetmeme and new startup DataSift told me: ‘It clearly makes UK companies less competitive because sites we build will need to be plastered with warnings – and our competitors will not.

      GigaOM: “It’s not a law. The EU is saying member states should enact their own legislation in this area to harmonize with each other, but each country gets to apply it in its own way. Britain’s government will have no impact on the French; the Spanish solution may be very different from the Italian, and so forth. – It doesn’t make opt-in compulsory yet. Because of the system, directives take a long time to become enforceable laws. So while the directive might come into force on May 25, it’s not going to be resulting in court cases for years. – It doesn’t ban cookies. It just asks that those sites which use cookies to track user behavior off site – usually to serve targeted ads – tell users that they’re doing so. Login cookies and shopping carts would be exempt. It’s not aimed at making businesses less competitive. It’s aimed at making them more transparent.

      TNW: “Even if it doesn’t drive startups or their users elsewhere, it’s still sure to be annoying. I’ve had my current computer for three months and I already have 5000 cookies stored on it. Even if only a fraction of those are from European sites, the idea of approving hundreds of ‘explicit permissions’ per month is daunting.”

      pC: “In any case, the member countries of the European Union have substantial leeway in how they implement the rule and work it into their national legal systems. Member countries have until May 25 to do that, but it’s not unusual for them to be late. – While U.S. regulators have also begun considering beefing-up online privacy, including various ‘Do Not Track’ measures, no politician stateside has gone as far as the UK Information Commissioner went by suggesting that an explicit opt-in for standard HTTP cookies should be required.”

      Heise: “Die Bundesregierung will die neuen Leitlinien zur Handhabung von Cookies und weiterer ‘Schnüffel-Software’ nicht so bald umsetzen. … Ein Sprecher des Bundesdatenschutzbeauftragten Peter Schaar erklärte gegenüber heise online, dass seine Behörde im Gegensatz zur Bundesregierung einen Umsetzungsbedarf sehe. So sei ins Telemediengesetz eine Ergänzung einzufügen, dass Cookies nur dann gesetzt werden dürften, wenn eine Einwilligung des Nutzer erfolge. … Man setze nun darauf, dass eine solche Bestimmung im parlamentarischen Beratungsverfahren der Reform der TK-Regeln noch eingeführt werde.”

    • Privacy Blogger 19:21 on 26. April 2011 Permalink | Reply

      The EU cookie controversy has been an issue ever since e-Privacy Directive was amended in November 2009. At the cippguide.org, we take a look at privacy issues worldwide. We also help prepare candidates for the CIPP certification. Check out our blog post that discusses the EU e-Privacy Directive and the development of the cookie problem.

  • Gerrit Eicker 11:17 on 28. November 2009 Permalink
    Tags: , , EU, , , , , , , , , , , , , ,   

    Open Declaration: Next Steps? 

    Ministerial Declaration on eGovernment [PDF]: How to maximise the impact of the open declaration? http://j.mp/4RxB9o

     
  • Gerrit Eicker 14:10 on 10. November 2009 Permalink
    Tags: , , EU, , , , , Ministerial eGovernment Conference, , , , , , , , ,   

    Ministerial eGovernment Conference 

    Only a few days left until the 5th Ministerial eGovernment Conference: Endorse the Open Declaration; http://j.mp/EPS-OD

     
  • Gerrit Eicker 10:25 on 3. November 2009 Permalink
    Tags: , Consilium, , EU, , , , , , , , , , , , , ,   

    Open Declaration on European Public Services 

    The Open Declaration on European Public Services calls for: transparency, participation, empowerment; http://j.mp/EPS-OD

     
    • Gerrit Eicker 10:26 on 3. November 2009 Permalink | Reply

      The Open Declaration on European Public Services will be presented at to the Malmö Ministerial conference, a contribution from you and me and everybody who cares enough. This is the first time ever – in the rather complex Euro ritual – that a citizen declaration is presented alongside the declaration of the European ministers. It will only be backed by our voices. So our voices need to be many and clear. Join!

  • Gerrit Eicker 09:50 on 17. January 2009 Permalink
    Tags: , , EU, , , , , ,   

    EU vs. Internet Explorer 

    EU: Microsoft’s tying of Internet Explorer to Windows harms competition between Web browsers; http://cli.gs/ZyRa0q  

     
  • Gerrit Eicker 12:01 on 10. December 2008 Permalink
    Tags: , , , , , EU, , , ,   

    Amazon EC2 in Europe 

    Amazon: Developers and businesses can now run their Amazon EC2 instances in the EU; http://is.gd/aYlS  

     
c
Compose new post
j
Next post/Next comment
k
Previous post/Previous comment
r
Reply
e
Edit
o
Show/Hide comments
t
Go to top
l
Go to login
h
Show/Hide help
shift + esc
Cancel