Court of Justice of the European Union | EU | Judgment in Case C-466/12 - Nils Svensson and Others v Retriever Sverige AB -
From the text:
"16 It is thus apparent from that provision that the concept of communication to the public includes two cumulative criteria, namely, an ‘act of communication’ of a work and the communication of that work to a ‘public’ […] 20 […] the provision of clickable links to protected works must be considered to be ‘making available’ and, therefore, an ‘act of communication’ […] 21 So far as concerns the second of the abovementioned criteria, that is, that the protected work must in fact be communicated to a ‘public’, it follows from Article 3(1) of Directive 2001/29 that, by the term ‘public’, that provision refers to an indeterminate number of potential recipients and implies, moreover, a fairly large number of persons […] 22 An act of communication such as that made by the manager of a website by means of clickable links is aimed at all potential users of the site managed by that person, that is to say, an indeterminate and fairly large number of recipients. 23 In those circumstances, it must be held that the manager is making a communication to a public. 24 None the less, according to settled case-law, in order to be covered by the concept of ‘communication to the public’, within the meaning of Article 3(1) of Directive 2001/29, a communication, such as that at issue in the main proceedings, concerning the same works as those covered by the initial communication and made, as in the case of the initial communication, on the Internet, and therefore by the same technical means, must also be directed at a new public, that is to say, at a public that was not taken into account by the copyright holders when they authorised the initial communication to the public […]"
See also: Press release, PDF.
Claude Moraes (European Parliament) | EU | Draft report on the US NSA surveillance programme, surveillance bodies in various Member States and their impact on EU citizens' fundamental rights and on transatlantic cooperation in Justice and Home Affairs [PDF] -
"[The European Parliament,] 19. Calls on the US authorities and the EU Member States to prohibit blanket mass surveillance activities and bulk processing of personal data; 20. Calls on certain EU Member States, including the UK, Germany, France, Sweden and the Netherlands, to revise where necessary their national legislation and practices governing the activities of intelligence services so as to ensure that they are in line with the standards of the European Convention on Human Rights and comply with their fundamental rights obligations as regards data protection, privacy and presumption of innocence; in particular, given the extensive media reports referring to mass surveillance in the UK, would emphasise that the current legal framework which is made up of a ‘complex interaction’ between three separate pieces of legislation - the Human Rights Act 1998, the Intelligence Services Act 1994 and the Regulation of Investigatory Powers Act 2000 – should be revised;"
Jemima Stratford QC and Tim Johnston | UK | In the matter of state surveillance [PDF linked from this page] -
From the Introduction:
"We are asked to advise Tom Watson MP, Chair of the All Party Parliamentary Group on Drones, on the lawfulness of five possible scenarios concerning state surveillance in the United Kingdom. […] The five scenarios are necessarily to some degree based on assumed facts. However, we have been referred to a number of news reports arising out of the recent disclosures made by Edward Snowden, upon which the scenarios are based."
See also: Full text, PDF.
Anaïs Reding, Anke van Gorp, Kate Robertson, Agnieszska Walczak, Chris Giacomantonio and Stijn Hoorens | NL | Handling ethical problems in counterterrorism - An inventory of methods to support ethical decisionmaking [PDF linked from this Dutch-language page] -
From the Executive Summary:
"Counterterrorism professionals routinely face decisions that appear to require trade-offs between moral values such as privacy, liberty and security, and broader human rights considerations. Given that ethics are integral to this field, it is essential that counterterrorism professionals are proficient at making these types of decision. However, there is no existing overview of the methods that may support ethical decision-making specifically aimed at counterterrorism practitioners. To address this gap, the Research and Documentation Centre (Wetenschappelijk Onderzoek- en Documentatiecentrum, WODC) of the Dutch Ministry of Security and Justice (Ministerie van Veiligheid en Justitie), on behalf of the National Coordinator for Counterterrorism and Security (Nationaal Coördinator Terrorismebestrijding en Veiligheid, NCTV), commissioned RAND Europe to develop an inventory of methods to support ethical decision-making for the counterterrorism field. The objective of this study is not to recommend which methods should be developed, strengthened or implemented in the Netherlands. Rather, the aim is to outline the methods that counterterrorism professionals could draw on to support their ethical decision-making process."
See also: Full text, PDF.
Ann Cavoukian, Ph.D., Stuart Shapiro, Ph.D. and R.Jason Cronk, Esq | Privacy engineering - proactively embedding privacy, by design [PDF linked from this page] -
From ‘I. Introduction’:
"If Privacy by Design provides the ‘what’ to do, then privacy engineering provides the ‘how’ to do it. […] This paper is by no means exhaustive. A full treatment of privacy engineering would be voluminous. It begins with an introduction as to what privacy engineering entails, an acknowledgement that privacy is not strictly a technical concept (i.e. requires multidisciplinary considerations), and a look into how a privacy engineer approaches risks and risk analysis. Next, the broad classes of mitigating controls are considered. Finally, we briefly examine trade-offs; not between privacy and functional requirements, but rather against other considerations (costs, performance, etc.), and between the privacy implications of differing systems implementations."
See also: Full text, PDF.
Randeep Ramesh (The Guardian) | UK | Police will have 'backdoor' access to health records despite opt-out, says MP [Related articles linked from this page] -
From the article:
"David Davis MP, a former shadow home secretary, told the Guardian he has established that police will be able to access the health records of patients when investigating serious crimes even if they had opted out of the new database, which will hold the entire population’s medical data in a single repository for the first time from May. […] Davis, who established the existence of these ‘backdoors’ in a parliamentary question answered by health services minister Dan Poulter, said he had ‘no problems with the data being used for licensed medical research, but when we have police accessing from a database that people have opted out from, and companies being able to buy this data, I think we need to have a debate about whether my property, which are my patient records, can be sold and used’."
Data Privacy Monitor | 2013 Year in review -
From the ‘International privacy’ post:
"Therein lies the two contrasts starkly evident within data privacy news in 2013: The attempts to direct and curb behavior at a government level that sometimes take years between passage and force […] contrasted with the matter of weeks it took one individual to collect and disseminate tens of thousands of ostensibly extraordinarily sensitive documents. The concerted efforts within the EU to even propose a new standard law for data privacy again contrasted with the efforts of one individual to undermine years of U.S.-EU negotiation, diplomacy, and representations. 2013 was the year big data, concerns about data privacy, and one man proved Archimedes’ assertion from ~250 BC; with at least 57,974 or so documents still awaiting release, 2014 should shape up to be even more interesting."
See also: European Union | Africa | Asia | Canada | Central and South America | Ukraine | Financial institutions privacy and security | Information governance | Privacy class action - theories of liability.
Gina Pingitore, Ph.D., Jay Meyers, Ph.D., Molly Clancy and Kristin Cavallero (J.D. Powers) | Consumer concerns about data privacy rising - What can business do? [PDF] -
"J.D. Power conducted a research study with SSI among consumers in the United States, China and India to evaluate concerns about data privacy and its ownership.Results of this research show that consumers’ concerns about data privacy and ownership have increased across the past three decades and remain high. Moreover, results show that concern about personal privacy is an issue for consumers in all countries and across all age groups. To avoid a potential backlash, businesses need to provide transparent data privacy policies to build trust and brand loyalty among all of their customers."
See also: Related blog post.
Steven J. Murdoch and Ross Anderson | Security protocols and evidence - where many payment systems fail [PDF] -
"As security protocols are used to authenticate more transactions, they end up being relied on in legal proceedings. Designers often fail to anticipate this. Here we show how the EMV protocol - the dominant card payment system worldwide - does not produce adequate evidence for resolving disputes. We propose five principles for designing systems to produce robust evidence. We apply these to other systems such as Bitcoin, electronic banking and phone payment apps. We finally propose speci
EFF | 2013 in review - revelations, tragedy and fighting back -
From the blog post:
"When it comes to the fight for free expression and privacy in technology, 2013 changed everything. This was the year we received confirmation and disturbing details about the NSA programs that are sweeping up information on hundreds of millions of people in the United States and around the world. This set off a cascade of events, from EFF’s newest lawsuit against the NSA to protests in the streets to a United Nations resolution to Congressional bills both promising and terrifying. In December, a federal judge even found the surveillance likely unconstitutional, calling it ‘almost- Orwellian.’ It was also a year we lost a beloved friend and activist, Aaron Swartz. Aaron was a fellow freedom fighter working to bring the world access to knowledge. We’re still mourning his suicide, which was spurred in part by an aggressive prosecution under the vaguely worded and over-penalized Computer Fraud and Abuse Act (CFAA). In his memory, EFF and our friends at Demand Progress created a coalition to fight for reform of the CFAA."
Cisco | Cisco 2014 Annual security report [PDF] -
From the Executive Summary:
"Using methods ranging from the socially engineered theft of passwords and credentials to stealthy, hide-in-plain-sight infiltrations that execute in minutes, malicious actors continue to exploit public trust to effect harmful consequences. However, the trust problem goes beyond criminals exploiting vulnerabilities or preying on users through social engineering: it undermines confidence in both public and private organizations. Today’s networks are facing two forms of trust erosion. One is a decline in customer confidence in the integrity of products. The other is mounting evidence that malicious actors are defeating trust mechanisms, thus calling into question the effectiveness of network and application assurance, authentication, and authorization architectures."
European Union Agency for Fundamental Rights | EU | Data protection in the European Union - the role of national data protection authorities [PDF] -
From the Foreword:
"The fundamental rights architecture in the European Union has developed over time and continues to evolve. This report is one of four by the European Union Agency for Fundamental Rights (FRA) that looks at three closely related issues, and institutions, which contribute to the overarching architecture of fundamental rights in the European Union: namely, equality bodies, data protection authorities, and national human rights institutions (NHRIs). […] The report at hand, on data protection authorities, is an analysis of their crucial role with respect to the fundamental right of data protection, and encompasses an assessment of their eff ectiveness, functioning and independence."
Note: this report was published in 2010 and may be outdated in places.
Oxford Pro Bono Publico | IN | Biometric identification and privacy [PDF] -
From ‘Summary of research’:
"OPBP has been requested to prepare research on two questions:
a. Have biometric identification schemes in other countries been challenged on privacy grounds?
b. In jurisdictions that collect biometric data, what measures are in place to protect citizens’ right to privacy?”
Scott Savage and Donald M. Waldman | US | The value of online privacy [SSRN] -
"We estimate the value of online privacy with a differentiated products model of the demand for Smartphone apps. We study the apps market because it is typically necessary for the consumer to relinquish some personal information through “privacy permissions” to obtain the app and its benefits. Results show that the representative consumer is willing to make a one-time payment for each app of $2.28 to conceal their browser history, $4.05 to conceal their list of contacts, $1.19 to conceal their location, $1.75 to conceal their phone’s identification number, and $3.58 to conceal the contents of their text messages. The consumer is also willing to pay $2.12 to eliminate advertising. Valuations for concealing contact lists and text messages for “more experienced” consumers are also larger than those for “less experienced” consumers. Given the typical app in the marketplace has advertising, requires the consumer to reveal their location and their phone’s identification number, the benefit from consuming this app must be at least $5.06."
Future of Privacy Forum / Stanford Law School Center for Internet and Society | US | Big data and privacy - Making ends meet [PDF linked from this page] -
From the introduction:
"On Tuesday, September 10th, 2013, the Future of Privacy Forum joined with the Center for Internet and Society at Stanford Law School to present a full-day workshop on questions surrounding Big Data and privacy. The event was preceded by a call for papers discussing the legal, technological, social, and policy implications of Big Data. A selection of papers was published in a special issue of the Stanford Law Review Online and others were presented at the workshop. This volume collects these papers and others in a single collection. These essays address the following questions: Does Big Data present new challenges or is it simply the latest incarnation of the data regulation debate? Does Big Data create fundamentally novel opportunities that civil liberties concerns need to accommodate? Can de-identification sufficiently minimize privacy risks? What roles should fundamental data privacy concepts such as consent, context, and data minimization play in a Big Data world? What lessons can be applied from other fields?"
See also: Full text of all essays, PDF.