"In this Opinion, the WP analyses the effectiveness and limits of existing anonymisation techniques against the EU legal background of data protection and provides recommendations to handle
these techniques by taking account of the residual risk of identification inherent in each of them. […] The main anonymisation techniques, namely randomization and generalization, are described in this
opinion. In particular, the opinion discusses noise addition, permutation, differential privacy, aggregation, k-anonymity, l-diversity and t-closeness. It explains their principles, their strengths and
weaknesses, as well as the common mistakes and failures related to the use of each technique."
"This Opinion analyses the criteria set down in Article 7 of Directive 95/46/EC for making data processing legitimate. Focusing on the legitimate interests of the controller, it provides
guidance on how to apply Article 7(f) under the current legal framework and makes recommendations for future improvements."
"In the wake of the NSA revelations, there has been an avalanche of state bills requiring law enforcement to obtain a probable cause warrant before tracking an individual’s location in an
investigation. Most state legislators know they can’t control the NSA—but they can control their state and local law enforcement, which are engaging in some of the same invasive practices. […] Working
closely with our lobbyists in state capitols around the country, we’ve been tracking this activity and working hard to make sure these privacy-protective bills become law. The chart below shows the
current status of state legislation as we understand it. We will keep this chart up-to-date as we receive new information."
"EU approaches to data protection, competition and consumer protection share common goals, including the promotion of growth, innovation and the welfare of individual consumers. In practice,
however, collaboration between policy-makers in these respective fields is limited. Online services are driving the huge growth in the digital economy. Many of those services are marketed as ‘free’ but in
effect require payment in the form of personal information from customers. An investigation into the costs and benefits of these exchanges for both consumers and businesses is now overdue. Closer dialogue
between regulators and experts across policy boundaries can not only aid enforcement of rules on competition and consumer protection, but also stimulate the market for privacy-enhancing
"Some of the most sensitive information in the world—our prescription history, medical records, sexual history, drug usage information, and more—is entering the digital world. The digitization of medical records is being sold as an opportunity to revolutionize healthcare. But while digital medical records surely come with special benefits, this technological innovation also has huge ramifications for our privacy. EFF’s medical privacy project examines emerging issues in medical privacy, looking at how lagging medical privacy laws and swiftly advancing technological innovation leave patients vulnerable to having their medical data exposed, abused, or misconstrued."
"The Court observes first of all that the data to be retained make it possible, in particular, (1) to know the identity of the person with whom a subscriber or registered user has communicated and by what means, (2) to identify the time of the communication as well as the place from which that communication took place and (3) to know the frequency of the communications of the subscriber or registered user with certain persons during a given period. Those data, taken as a whole, may provide very precise information on the private lives of the persons whose data are retained, such as the habits of everyday life, permanent or temporary places of residence, daily or other movements, activities carried out, social relationships and the social environments frequented.
The Court takes the view that, by requiring the retention of those data and by allowing the competent national authorities to access those data, the directive interferes in a particularly serious manner with the fundamental rights to respect for private life and to the protection of personal data. Furthermore, the fact that data are retained and subsequently used without the subscriber or registered user being informed is likely to generate in the persons concerned a feeling that their private lives are the subject of constant surveillance. […] Although the retention of data required by the directive may be considered to be appropriate for attaining the objective pursued by it, the wide-ranging and particularly serious interference of the directive with the fundamental rights at issue is not sufficiently circumscribed to ensure that that interference is actually limited to what is strictly necessary."
"The American Civil Liberties Union writes to offer its perspective on the proposed amendment to Rule 41 concerning remote searches of electronic storage media. […] The proposed amendment
would significantly expand the government’s authority to conduct remote searches of electronic storage media. Those searches raise serious Fourth Amendment questions. It would also expand the government’s
power to engage in computer hacking in the course of criminal investigations, including through the use of malware and other techniques that pose a risk to internet security and that raise Fourth
Amendment and policy concerns."
"We describe cryptographic protocols for secure execution of warrants or legal orders authorizing access to data held by private parties. Using cryptography enables a better combination of
security, privacy, and accountability properties than would otherwise be possible. We describe a series of protocols, based on different assumptions about trust and technical sophistication of the
parties, and making use of wellstudied cryptographic tools. We report benchmark results from our prototype implementation of the tools involved in one such protocol, and show that the protocol’s entire
computational cost is easily feasible even for very large data sets, such as ‘cloud’ software service or telecommunications databases comprising billions of records."
"It’s not that I’m saying that data privacy is unimportant. Unfortunately in the real world not everyone one has evolved to the point where prejudices don’t exist. The security reasons for
some data privacy is more urgent now than ever before. But data privacy should not be done by rote, instead it should be done with thought and consideration. […] There always will be someone who wants
to use and abuse that information for profit and exploitation. So anyone who is a caretaker of personal data still needs to ensure that they leave decisions on what is no longer private to the data owner
- the individual. But let’s also keep our minds open that ‘personal’ is about being living, breathing people and not something to be imprisoned under lock and key."
"Submissions and recommendations cover five main themes: the meaning of interferences with the right to privacy in the context of communications surveillance, the out-dated distinction between
communications data and content, the conceptualisation of mass surveillance as inherently disproportionate, the extra-territorial application of the right to privacy, and the need or legal frameworks to
provide protections for the right to privacy without discriminating on the basis of nationality."
”[…] big data does not present wholly – or even mostly – new challenges. In reality these issues have been confronting policymakers since at least the 1970s, when the federal government
developed the first version of the Fair Information Practice Principles. In fact, we already have solutions for some of the privacy issues that confront us today and there are specific actions the
executive branch can take to improve Americans’ privacy. With that goal in mind, the bulk of these comments will focus on two main areas. The first area is immediate actions the administration can and
should take to improve how the federal government collects and uses personal information. The second area is a few specific subjects where sustained focus and attention could improve privacy knowledge and
best practices in the future.”
"Unlocking the value of data and instituting responsible data practices go hand-in-hand, and both have been an important focus of FPF’s work since our founding in 2008. FPF recognizes the
enormous potential benefits to consumers and to society from sophisticated data analytics, yet FPF also understands that taking advantage of big data may require evolving how we implement traditional
privacy principles. Through our work on inter-connected devices and applications and the emerging Internet of Things, FPF has acquired experience with the technologies involved in data collection and use.
FPF appreciates this opportunity to provide Comments and share its insights into how best to promote the benefits of big data while minimizing any resulting privacy risks or harms."
"Cisco estimates that some 25 billion devices will be connected in the IoT by 2015, and 50 billion by 2020. Analyst firm IDC makes an even bolder prediction: 212 billion connected devices by 2020. This massive increase in connectedness will drive a wave of innovation and could generate up to $19 trillion in savings over the next decade, according to Cisco’s estimates. But the ingenuity and innovation which companies will apply to turn the IoT into practical reality is constrained by law and regulation. Existing issues may take on new dimensions and, as technologies combine, so will the legal consequences of those technologies. In this article, we look at the prospects for the IoT as well as the likely legal and regulatory factors that will affect the development and growth of IoT technology and the markets that such technology will create."
"Modern cell phone technology provides access to an extraordinary amount of personal data. Cell phone users routinely store sensitive and intimate information on a device that they keep close
to their body. Misplacing a cellphone is an immediate cause for concern. Allowing police officers to search a person’s cell phone without a warrant following an arrest would be a substantial infringement
on privacy, is unnecessary, and unreasonable under the Fourth Amendment. First, the warrantless search of a cell phone provides access to personal information and private files, stored both on the phone
and on remote servers that are accessible from the phone. Second, there is no need to allow warrantless searches when currently available techniques allow law enforcement to secure the cell phone data
pending a judicial determination of probable cause. Neither of the interests recognized by this Court underlying the search incident to arrest exception would justify the warrantless search of an
individual’s cell phone."
"As an EU privacy professional working in the US, one of the things that regularly fascinates me is each continent’s misperception of the other’s privacy rules. Far too often have I heard EU
privacy professionals (who really should know better) mutter something like ‘The US doesn’t have a privacy law’ in conversation; equally, I’ve heard US colleagues talk about the EU’s rules as being ‘nuts’
without understanding the cultural sensitivities that drive European laws. So I thought it would be worth dedicating a few lines to compare and contrast the different regimes, principally to highlight
that, yes, they are indeed different, but, no, you cannot draw a conclusion from these differences that one regime is ‘better’ (whatever that means) than the other."