The Journal, 23rd July 2014
THE RULING BY the European Court of Justice just over two months ago that the citizens of Europe have a ‘right to be forgotten’ has opened a legal and ethical Pandora’s box. The original ruling, based on the case of a Spanish citizen who wished to have information about his financial woes a decade previously taken out of search results on Google, was vaguely constructed and left the door open for individuals, and maybe even organisations, to have damaging or embarrassing material about themselves no longer reachable through a Google search.
While the court said that the ruling would be applied only where it did not conflict with freedom of expression or of the press, it left the burden of proof and investigation of this up to the party running the search engine, i.e. Google, and not up to the person seeking to have his or her information “forgotten”.
Google is currently receiving about 1,000 requests a day for links to particular pieces of information to be removed from its search results. Quite understandably, the company has begun simply to grant these requests on receipt of them, as there is no way the company could (or should) wade through the sheer volume of requests and check each one for compliance with both the ruling on forgetting information and with freedom of speech. The court’s insistence that it is Google’s job to do the leg-work on each request has led inevitably to the company letting through a lot of right-to-be-forgotten requests which are dubious, to say the least.
From corrupt referees in Scotland to bankers at the former financial institution Merrill Lynch who may have played a role in the financial crash, various individuals are coming forward to have unpleasant facts about their pasts erased. Then of course there are the convicted sex offenders and individuals convicted of crimes like assault who wish to have links to articles about their crimes taken down.
This ruling is a godsend for anyone with a criminal past who wishes to scrub their own record clean.
Effective data protection
The ruling was based on the principle of ‘Data protection’ which was conceived as a way of protecting the data of private citizens when it is held by governments. It particularly applies to social services and other branches that keep large quantities of highly personal information about citizens. This is a crucial protection afforded to citizens against the one organisation whose processing of data needs to be closely monitored: their government. As exemplified by the ongoing activities of the NSA and other overly-powerful governmental organisations around the world, when it comes to government-held data, the citizen needs not just a right to be forgotten, but effective safeguards to ensure the government cannot get certain information in the first place.
Data protection does not apply well to private companies. The information to which people are attempting to restrict access is public knowledge, shared freely over the internet. Just because information is relevant to someone does not mean they have carte blanche to restrict access to it.This is especially true with online articles and other documents which are made available in the public interest, and should not be censored, no matter how embarrassing their content. The function of the press is to spread information in the public interest. Sometimes this information may be detrimental to an individual’s reputation, but the fundamental freedom of the press to spread information should not be curtailed because of this.
Empowering governments
The wide-ranging ruling handed down by the European Court has a second danger concealed within its arguments. By empowering European governments to go after companies like Google whose servers are actually based outside European territory, the court is setting a dangerous precedent. If the European courts can prosecute Google and other search engine providers for not removing links to information stored in servers outside the continent, what is to stop the the process happening elsewhere?
What if the United States government, for example, were to demand that information based on or provided by Wikileaks or Edward Snowden be deleted from European-based servers? Given that the European court said in its ruling that information could be deleted if it was “inaccurate”, “excessive” or “irrelevant” surely the US government would have grounds to demand that leaked documents be taken down from search engines or removed entirely, or even that newspaper articles relating to them be removed from Google search results.
The internet has given birth to an unprecedented free transfer of information in the modern world. It has broken down barriers and enhanced freedom across the globe. To start rowing back that freedom by way of a “Right to be forgotten” would undermine over two decades of progress. Information should be free, and not restricted by the arbitrary actions of individuals or unaccountable courts. It is time to forget about the right to be forgotten.
Tuesday, 12 August 2014
Private investigator to be tried over data breaches in October
Irish Times, 21st July 2014
A private investigator charged in relation to alleged breaches of data protection legislation will be tried in October. Michael J Gaynor, trading as MJG Investigations, Beatty Grove, Celbridge, Co Kildare, was before Dublin District Court this morning facing a prosecution by the Data Protection Commissioner. Mr Gaynor faced 72 criminal charges in relation to alleged breaches of data protection legislation, including illegally accessing and disclosing personal information on individuals held by An Garda Síochána and the ESB.
It is the first such criminal prosecution of its kind in the State. Mr Gaynor faces three charges of illegally accessing personal information held by An Garda Síochána and of disclosing it without authority, under the provisions of section 22 (1) of the Data Protection Acts 1988 and 2003.
He faces a further nine charges of illegally accessing and disclosing personal information held by the ESB under the same section of the Acts. Some 60 charges against him relate to illegally processing the personal data of a number of individuals without an entry in the register held by the Data Protection Commissioner for data processors.
The offences are all alleged to have occurred between May and October 2013. Counsel for Mr Gaynor, Justin McQuade BL, told the court today the issues had been “considerably narrowed” and that a trial would go ahead on three of the charges. He said one day would be sufficient to hear the case. Judge John O’Neill set the trial date for October 6th.
A private investigator charged in relation to alleged breaches of data protection legislation will be tried in October. Michael J Gaynor, trading as MJG Investigations, Beatty Grove, Celbridge, Co Kildare, was before Dublin District Court this morning facing a prosecution by the Data Protection Commissioner. Mr Gaynor faced 72 criminal charges in relation to alleged breaches of data protection legislation, including illegally accessing and disclosing personal information on individuals held by An Garda Síochána and the ESB.
It is the first such criminal prosecution of its kind in the State. Mr Gaynor faces three charges of illegally accessing personal information held by An Garda Síochána and of disclosing it without authority, under the provisions of section 22 (1) of the Data Protection Acts 1988 and 2003.
He faces a further nine charges of illegally accessing and disclosing personal information held by the ESB under the same section of the Acts. Some 60 charges against him relate to illegally processing the personal data of a number of individuals without an entry in the register held by the Data Protection Commissioner for data processors.
The offences are all alleged to have occurred between May and October 2013. Counsel for Mr Gaynor, Justin McQuade BL, told the court today the issues had been “considerably narrowed” and that a trial would go ahead on three of the charges. He said one day would be sufficient to hear the case. Judge John O’Neill set the trial date for October 6th.
Friday, 8 August 2014
Revealed: State gives patient records to big pharma and insurers
The Sunday Business Post, 29th June 2014
The hospital records of every patient in the country are available on request to various pharmaceutical companies and health insurers, The Sunday Business Post can reveal. The revelation has alarmed patient groups rights campaigners and privacy advocates, as it has occurred without the informed consent of patients. This means that health insurers, marketing companies and pharma giants can access intimate personal medical records.
The Healthcare Pricing Office (HPO), which collates the national database from patient records provided by 57 acute hospitals, refused to disclose which organisations and researchers have secured access to the data. The HPO, which is part of the HSE, said the data was scrubbed of certain personal identifiers, such as a patient’s name and date of birth. However, organisations can request the age, sex year of hospital discharge, county of residence of the patient and the county in which the patient was treated. Privacy experts warned that it was possible to piece together a person’s identity using their location and age. They said there were countless international examples whereby data miners has reverse-engineered the data and used additional databases, to discover the names of patients. For example, if someone knew a high-profile personality had been admitted to hospital on a certain date for a specific treatment that person’s medical data could potentially be identified.
This has happened in other countries. Fintan Lawlor, a solicitor who specialises in data protection, said gthat6 under the Data Protection Acts the HSE, ‘should seek to have the consent or explicit consent of the data subject to the transferring of that information to a third party’. Lawlor said; “Section One of the Data Protection Acts gives a definition of personal data and is described as ‘data relating to an individual who is or can be identified either from the data or from the data in conjunction with other information that is in, (or) likely to come into, the possession of the data controller.’
Lawlor, who is a partner at the Dublin-based Lawlor Partners, said’ where sensitive data is concerned, it is important that explicit consent is obtained from the data subject and that they understand the implications of the consent.’ The ESRI managed the data since the 1990s. In January of this year the Healthcare Pricing Office took over. It is unclear how long third parties have been allowed to access the data; the HSE did not say. “I would say that they suspect that they may be in breach of the Acts and, accordingly, are not prepared to disclose the information”, said Lawlor.
The HSE said it could not disclose what organisations had received medical records as it had assured them anonymity. The Irish Council for Civil Liberties (ICCL) called on the HSE to ‘come clean’. Mark Kelly, director of ICCL, said patients had a ‘legitimate interest in knowing what external organisations are receiving their highly sensitive and personal records.’ Stephen McMahon, director for the Irish Patients Association, said; ‘if privacy is dead for Citizen U, them why should those that benefit from the harvesting of Citizen U’s life data be given privacy?’ McMahon said a ‘basic right for all patients is the right to confidentiality and a right to consent to allow others to access data about them if they so wish, including the state’.
McMahon called on the Data Protection Commissioners to publish an annual report of the requests that were made, as well as the names of the organisations that requested access to data. Advocates for sharing health data say it can be used to improve overall patient health data say it can be used to improve overall patient health outcomes, make medical advances easier and ultimately save lives. Privacy experts warn there is no way for the public to work out who will ultimately have possession of their medical records or to what use their data will be put. The HSE said it was not selling patients’ data.
The hospital records of every patient in the country are available on request to various pharmaceutical companies and health insurers, The Sunday Business Post can reveal. The revelation has alarmed patient groups rights campaigners and privacy advocates, as it has occurred without the informed consent of patients. This means that health insurers, marketing companies and pharma giants can access intimate personal medical records.
The Healthcare Pricing Office (HPO), which collates the national database from patient records provided by 57 acute hospitals, refused to disclose which organisations and researchers have secured access to the data. The HPO, which is part of the HSE, said the data was scrubbed of certain personal identifiers, such as a patient’s name and date of birth. However, organisations can request the age, sex year of hospital discharge, county of residence of the patient and the county in which the patient was treated. Privacy experts warned that it was possible to piece together a person’s identity using their location and age. They said there were countless international examples whereby data miners has reverse-engineered the data and used additional databases, to discover the names of patients. For example, if someone knew a high-profile personality had been admitted to hospital on a certain date for a specific treatment that person’s medical data could potentially be identified.
This has happened in other countries. Fintan Lawlor, a solicitor who specialises in data protection, said gthat6 under the Data Protection Acts the HSE, ‘should seek to have the consent or explicit consent of the data subject to the transferring of that information to a third party’. Lawlor said; “Section One of the Data Protection Acts gives a definition of personal data and is described as ‘data relating to an individual who is or can be identified either from the data or from the data in conjunction with other information that is in, (or) likely to come into, the possession of the data controller.’
Lawlor, who is a partner at the Dublin-based Lawlor Partners, said’ where sensitive data is concerned, it is important that explicit consent is obtained from the data subject and that they understand the implications of the consent.’ The ESRI managed the data since the 1990s. In January of this year the Healthcare Pricing Office took over. It is unclear how long third parties have been allowed to access the data; the HSE did not say. “I would say that they suspect that they may be in breach of the Acts and, accordingly, are not prepared to disclose the information”, said Lawlor.
The HSE said it could not disclose what organisations had received medical records as it had assured them anonymity. The Irish Council for Civil Liberties (ICCL) called on the HSE to ‘come clean’. Mark Kelly, director of ICCL, said patients had a ‘legitimate interest in knowing what external organisations are receiving their highly sensitive and personal records.’ Stephen McMahon, director for the Irish Patients Association, said; ‘if privacy is dead for Citizen U, them why should those that benefit from the harvesting of Citizen U’s life data be given privacy?’ McMahon said a ‘basic right for all patients is the right to confidentiality and a right to consent to allow others to access data about them if they so wish, including the state’.
McMahon called on the Data Protection Commissioners to publish an annual report of the requests that were made, as well as the names of the organisations that requested access to data. Advocates for sharing health data say it can be used to improve overall patient health data say it can be used to improve overall patient health outcomes, make medical advances easier and ultimately save lives. Privacy experts warn there is no way for the public to work out who will ultimately have possession of their medical records or to what use their data will be put. The HSE said it was not selling patients’ data.
Tuesday, 24 June 2014
Private investigator prosecuted for alleged data breaches
Irish Times - 23rd June 2014
A private investigator is facing 72 criminal charges in relation to alleged breaches of data protection legislation, including illegally accessing and disclosing personal information on individuals held by An Garda Síochána and the ESB. Michael J Gaynor, trading as MJG Investigations, Beatty Grove, Celbridge, Co Kildare, was before Dublin District Court this morning facing a prosecution by the Data Protection Commissioner.
It is the first such criminal prosecution of its kind in the State. Mr Gaynor faces three charges of illegally accessing personal information held by An Garda Síochána and of disclosing it without authority, under the provisions of section 22 (1) of the Data Protection Acts 1988 and 2003. He faces a further nine charges of illegally accessing and disclosing personal information held by the ESB under the same section of the Acts.
Some 60 charges against him relate to illegally processing personal data without an entry in the register held by the Data Protection Commissioner for data processors. Counsel for Mr Gaynor, Justin McQuade BL, said he needed to assess the file on the matter and to discuss whether certain matters may or may not be admissible. He asked that the Data Protection Commissioner further distill the information in the summons and to outline what matters he would seek to rely on in the case.
Sophie More O’Ferrall of Philip Lee Solicitors, for the commissioner, said that while there may be “arguments to be had” over certain of the matters, it was the prosecution’s intention to rely on all of the matters that had been outlined in the file. Judge John O’Neill adjourned the matter for mention to July 21st next.
A private investigator is facing 72 criminal charges in relation to alleged breaches of data protection legislation, including illegally accessing and disclosing personal information on individuals held by An Garda Síochána and the ESB. Michael J Gaynor, trading as MJG Investigations, Beatty Grove, Celbridge, Co Kildare, was before Dublin District Court this morning facing a prosecution by the Data Protection Commissioner.
It is the first such criminal prosecution of its kind in the State. Mr Gaynor faces three charges of illegally accessing personal information held by An Garda Síochána and of disclosing it without authority, under the provisions of section 22 (1) of the Data Protection Acts 1988 and 2003. He faces a further nine charges of illegally accessing and disclosing personal information held by the ESB under the same section of the Acts.
Some 60 charges against him relate to illegally processing personal data without an entry in the register held by the Data Protection Commissioner for data processors. Counsel for Mr Gaynor, Justin McQuade BL, said he needed to assess the file on the matter and to discuss whether certain matters may or may not be admissible. He asked that the Data Protection Commissioner further distill the information in the summons and to outline what matters he would seek to rely on in the case.
Sophie More O’Ferrall of Philip Lee Solicitors, for the commissioner, said that while there may be “arguments to be had” over certain of the matters, it was the prosecution’s intention to rely on all of the matters that had been outlined in the file. Judge John O’Neill adjourned the matter for mention to July 21st next.
Thursday, 19 June 2014
Facebook privacy case sent to Europe
Irish Examiner June 19, 2014
The European Court of Justice (ECJ) is to be asked to examine the law governing data protection following a student’s legal challenge over the rejection of his complaint about interference with personal privacy by the mass transfer of data by Facebook to the US intelligence services.
Max Schrems, an Austrian post-graduate law student behind a data privacy campaign group called ‘Europe v Facebook’, brought a High Court challenge claiming Ireland’s Data Protection Commissioner Billy Hawkes wrongly interpreted and applied the law governing the mass transfer of personal data of Facebook users to the US National Security Agency (NSA). Mr Hawkes found Mr Schrems’ complaint did not meet the threshold required to merit investigation. Mr Schrems had asked Mr Justice Gerard Hogan to quash that decision and refer it back to Mr Hawkes for re-consideration. He said the Commissioner’s decision was irrational and asked that a preliminary reference be made to the ECJ. Mr Hawkes, who found Facebook had acted within the terms of an EU-US data-sharing agreement in July 2000 called ‘Safe Harbour’, opposed the action. He found Facebook had no case to answer and was in compliance with relevant regulations.
The court heard Mr Hawkes rejected suggestions that he was not prepared to take on big companies, arguing that he was already investigating 22 other similar complaints from Mr Schrems, but this particular one did not warrant an investigation. Yesterday, Mr Justice Hogan said he was referring the matter to the ECJ for re-evaluation given that “much has happened” since the Safe Harbour agreement. This included the enhanced threat to national and international security, disclosures regarding mass and undifferentiated surveillance of personal data by US security forces, and the advent of social media.
The main development, from a legal perspective, was the introduction, after July 2000, of Article 8 of the Charter of Fundamental Rights of the EU governing personal data, he said. While Mr Schrems maintained Mr Hawkes had not adhered to the requirements of EU law by rejecting his (Schrems’) complaint, the opposite was the truth, the judge said. Mr Hawkes had demonstrated “scrupulous steadfastness” to the letter of a 1995 EU directive... which gave rise to the Safe Harbour agreement. Mr Schrems’ objection was, in reality, to the terms of the Safe Harbour regime itself rather that to the manner in which Mr Hawkes had actually applied that regime, he said.
There was perhaps much to be said for the argument that Safe Harbour had been overtaken by events, including the revelations by former NSA computer systems administrator Edward Snowden, which may be thought to have exposed “gaping holes” in contemporary US data protection practice, the judge said. The judge also noted the Snowden revelations demonstrated “a massive overreach” on the part of the security authorities “with an almost studied indifference to the privacy interests of ordinary citizens”. The judge said Mr Schrems contended the Snowden revelations about Prism showed there was no meaningful protection in US law or in practice regarding data transfer as far as surveillance was concerned and in particular there was no requirement by those services to obtain a court order for their activities.
In this specific complaint, Mr Schrems had not challenged the validity of either the Safe Harbour decision or of the original 1995 EU directive. In those circumstances, Mr Hawkes is bound by the 2000 Safe Harbour decision and until the issue of re-evaluating that decision is dealt with, Mr Schrems’ application for judicial review and the complaint to Mr Hawkes must fail, he said. Given the general novelty and practical importance of the issues raised, which have considerable practical implications for all 28 EU member states, it was appropriate this question should be determined by the ECJ. The case was adjourned until next month for papers of the referral to be prepared.
The European Court of Justice (ECJ) is to be asked to examine the law governing data protection following a student’s legal challenge over the rejection of his complaint about interference with personal privacy by the mass transfer of data by Facebook to the US intelligence services.
Max Schrems, an Austrian post-graduate law student behind a data privacy campaign group called ‘Europe v Facebook’, brought a High Court challenge claiming Ireland’s Data Protection Commissioner Billy Hawkes wrongly interpreted and applied the law governing the mass transfer of personal data of Facebook users to the US National Security Agency (NSA). Mr Hawkes found Mr Schrems’ complaint did not meet the threshold required to merit investigation. Mr Schrems had asked Mr Justice Gerard Hogan to quash that decision and refer it back to Mr Hawkes for re-consideration. He said the Commissioner’s decision was irrational and asked that a preliminary reference be made to the ECJ. Mr Hawkes, who found Facebook had acted within the terms of an EU-US data-sharing agreement in July 2000 called ‘Safe Harbour’, opposed the action. He found Facebook had no case to answer and was in compliance with relevant regulations.
The court heard Mr Hawkes rejected suggestions that he was not prepared to take on big companies, arguing that he was already investigating 22 other similar complaints from Mr Schrems, but this particular one did not warrant an investigation. Yesterday, Mr Justice Hogan said he was referring the matter to the ECJ for re-evaluation given that “much has happened” since the Safe Harbour agreement. This included the enhanced threat to national and international security, disclosures regarding mass and undifferentiated surveillance of personal data by US security forces, and the advent of social media.
The main development, from a legal perspective, was the introduction, after July 2000, of Article 8 of the Charter of Fundamental Rights of the EU governing personal data, he said. While Mr Schrems maintained Mr Hawkes had not adhered to the requirements of EU law by rejecting his (Schrems’) complaint, the opposite was the truth, the judge said. Mr Hawkes had demonstrated “scrupulous steadfastness” to the letter of a 1995 EU directive... which gave rise to the Safe Harbour agreement. Mr Schrems’ objection was, in reality, to the terms of the Safe Harbour regime itself rather that to the manner in which Mr Hawkes had actually applied that regime, he said.
There was perhaps much to be said for the argument that Safe Harbour had been overtaken by events, including the revelations by former NSA computer systems administrator Edward Snowden, which may be thought to have exposed “gaping holes” in contemporary US data protection practice, the judge said. The judge also noted the Snowden revelations demonstrated “a massive overreach” on the part of the security authorities “with an almost studied indifference to the privacy interests of ordinary citizens”. The judge said Mr Schrems contended the Snowden revelations about Prism showed there was no meaningful protection in US law or in practice regarding data transfer as far as surveillance was concerned and in particular there was no requirement by those services to obtain a court order for their activities.
In this specific complaint, Mr Schrems had not challenged the validity of either the Safe Harbour decision or of the original 1995 EU directive. In those circumstances, Mr Hawkes is bound by the 2000 Safe Harbour decision and until the issue of re-evaluating that decision is dealt with, Mr Schrems’ application for judicial review and the complaint to Mr Hawkes must fail, he said. Given the general novelty and practical importance of the issues raised, which have considerable practical implications for all 28 EU member states, it was appropriate this question should be determined by the ECJ. The case was adjourned until next month for papers of the referral to be prepared.
Wednesday, 11 June 2014
Journalist who ran Edward Snowden revelations warns of privacy risk
Irish Times Sat, Jun 7, 2014
Pulitzer Prize-winning journalist Glenn Greenwald has said Europeans should defend their online privacy themselves rather than wait for Ireland to adopt a more robust approach to regulating Facebook. A year after he began publishing material provided by Edward Snowden, exposing widespread US surveillance of global telecommunications, Greenwald said Irish politicians had little chance against large corporations such as Facebook, which he said were effectively operating outside democratic control. “These companies have become so incredibly powerful . . . that we have a situation where even elected governments are almost no match and that poses a very serious problem,” said Greenwald, speaking in Berlin, where he was promoting his book No Place to Hide. “It is inconceivable to think of the Irish Government, the EU or US government imposing meaningful constraints on companies like Facebook and Google. ”
Instead the most effective way of limiting digital surveillance, he said, was for people to think twice about using services “with a track record of supplying information to US intelligence”. Another approach, he said, was for people to “build bricks” around their online activity by encrypting their digital communication. Encrypting email and boycotting Facebook was, he said, “a more promising way of limiting their behaviour than hoping that some politicians in a capital somewhere will issue a regulation that does that”. Greenwald’s call comes ahead of a High Court ruling due on June 18th on whether Ireland’s Data Protection Commissioner (DPC) was correct not to investigate Snowden’s claims that Facebook International, based in Dublin and thus under Irish jurisdiction, supplied the NSA with European user data. Greenwald said he met Snowden recently in Moscow and that he found the computer specialist essentially unchanged from the man he met for the first time a year ago in Hong Kong. “The fact he is not in a penal cage is a pretty good thing.
He is free to participate in the debate he helped galvanise around the world,” said Greenwald. He is free to move around in Moscow and is able to keep a low profile, the journalist said, because he looks “like an 18-year-old kid from Iowa ... on an exchange programme” rather than a world-famous whistleblower. After months of revelations about high-level US spying in Germany, a Bundestag parliamentary inquiry has agreed to hear testimony from the ex-NSA contractor and has asked to meet him in Moscow for an “informal conversation” before deciding how to proceed.
While opposition parties and civil rights groups are demanding asylum for Snowden to allow him to testify in Berlin, the German government and their deputies sitting on the inquiry are opposed to this. Greenwald has described their stance as “shameful”, arguing that German politicians had “not just a moral but a legal duty” to their voters to conduct a thorough investigation of the NSA claims by questioning Snowden in person.
The wrangling over testimony, Greenwald said, suggested German politicians remained “fearful of doing anything that might offend Washington”. For his part, Snowden told Stern magazine that Berlin’s hesitation might be because “German intelligence services are in bed with the Americans”. “Clearly facts continue to be kept secret which would cause outrage in public,” he said. This week Germany’s attorney general opened a formal investigation into claims that the NSA tapped Chancellor Angela Merkel’s mobile phone, but said there was, so far, insufficient evidence for an investigation into claims of widespread data collection.
In Berlin, Greenwald promised to increase the pace of revelations from the Snowden files, a move he hopes will help boost awareness of the need for privacy in the digital age. “Even though privacy is a difficult value to express and defend, the need for it is intuitive to all human beings,” he said. On the first anniversary of his revelations, Snowden’s German lawyer confirmed this week that his client would apply to renew his asylum in Russia for another year. The whistleblower, meanwhile, warned that unchecked collection and cross-referencing of digital data, from email messages to mobile phone mast signals, had made it easier than ever before to analyse, predict and influence human behaviour. “By linking data and analysing it,” he told Stern magazine, “I don’t just know when you went to bed, I also know with whom.”
Pulitzer Prize-winning journalist Glenn Greenwald has said Europeans should defend their online privacy themselves rather than wait for Ireland to adopt a more robust approach to regulating Facebook. A year after he began publishing material provided by Edward Snowden, exposing widespread US surveillance of global telecommunications, Greenwald said Irish politicians had little chance against large corporations such as Facebook, which he said were effectively operating outside democratic control. “These companies have become so incredibly powerful . . . that we have a situation where even elected governments are almost no match and that poses a very serious problem,” said Greenwald, speaking in Berlin, where he was promoting his book No Place to Hide. “It is inconceivable to think of the Irish Government, the EU or US government imposing meaningful constraints on companies like Facebook and Google. ”
Instead the most effective way of limiting digital surveillance, he said, was for people to think twice about using services “with a track record of supplying information to US intelligence”. Another approach, he said, was for people to “build bricks” around their online activity by encrypting their digital communication. Encrypting email and boycotting Facebook was, he said, “a more promising way of limiting their behaviour than hoping that some politicians in a capital somewhere will issue a regulation that does that”. Greenwald’s call comes ahead of a High Court ruling due on June 18th on whether Ireland’s Data Protection Commissioner (DPC) was correct not to investigate Snowden’s claims that Facebook International, based in Dublin and thus under Irish jurisdiction, supplied the NSA with European user data. Greenwald said he met Snowden recently in Moscow and that he found the computer specialist essentially unchanged from the man he met for the first time a year ago in Hong Kong. “The fact he is not in a penal cage is a pretty good thing.
He is free to participate in the debate he helped galvanise around the world,” said Greenwald. He is free to move around in Moscow and is able to keep a low profile, the journalist said, because he looks “like an 18-year-old kid from Iowa ... on an exchange programme” rather than a world-famous whistleblower. After months of revelations about high-level US spying in Germany, a Bundestag parliamentary inquiry has agreed to hear testimony from the ex-NSA contractor and has asked to meet him in Moscow for an “informal conversation” before deciding how to proceed.
While opposition parties and civil rights groups are demanding asylum for Snowden to allow him to testify in Berlin, the German government and their deputies sitting on the inquiry are opposed to this. Greenwald has described their stance as “shameful”, arguing that German politicians had “not just a moral but a legal duty” to their voters to conduct a thorough investigation of the NSA claims by questioning Snowden in person.
The wrangling over testimony, Greenwald said, suggested German politicians remained “fearful of doing anything that might offend Washington”. For his part, Snowden told Stern magazine that Berlin’s hesitation might be because “German intelligence services are in bed with the Americans”. “Clearly facts continue to be kept secret which would cause outrage in public,” he said. This week Germany’s attorney general opened a formal investigation into claims that the NSA tapped Chancellor Angela Merkel’s mobile phone, but said there was, so far, insufficient evidence for an investigation into claims of widespread data collection.
In Berlin, Greenwald promised to increase the pace of revelations from the Snowden files, a move he hopes will help boost awareness of the need for privacy in the digital age. “Even though privacy is a difficult value to express and defend, the need for it is intuitive to all human beings,” he said. On the first anniversary of his revelations, Snowden’s German lawyer confirmed this week that his client would apply to renew his asylum in Russia for another year. The whistleblower, meanwhile, warned that unchecked collection and cross-referencing of digital data, from email messages to mobile phone mast signals, had made it easier than ever before to analyse, predict and influence human behaviour. “By linking data and analysing it,” he told Stern magazine, “I don’t just know when you went to bed, I also know with whom.”
Monday, 9 June 2014
Europe to force Google, Facebook to abide by EU privacy rules
Irish Times 6th
June 2014
A deal to force Internet companies such as Google and Facebook to abide
by EU rules is a first step in a wider reform package to tighten privacy laws
Companies based outside the European Union
must meet Europe’s data protection rules, ministers agreed on Friday, although
governments remain divided over how to enforce them on companies.
The agreement to force
Internet companies such as Google
and Facebook
to abide by EU rules is a first step in a wider reform package to tighten
privacy laws - an issue that gained prominence following revelations of US
spying in Europe.
Vodafone’s disclosure on
Friday of the extent of telephone call surveillance in European countries
showed the practice was not limited to the United States. The world’s
second-largest mobile phone company, Vodafone
is headquartered in the United Kingdom.
“All companies operating on European soil have to apply the rules,” EU
Justice Commissioner Viviane Reding
told reporters at a meeting in Luxembourg where ministers agreed on a position
that has also been backed by the Court of Justice of the European Union (ECJ).
Germany and the European
Commission, the EU executive, have been highly critical of the way
the United States accesses data since former US National
Security Agency contractor Edward Snowden
last year revealed US surveillance programmes.
Disclosures that the United
States carried out large-scale electronic espionage in Germany, including
bugging chancellor Angela Merkel’s mobile phone, provoked indignation in
Europe.
“Now is the day for European
ministers to give a positive answer to Edward Snowden’s wake-up call,” Ms
Reding said.
Commenting on Vodafone’s
disclosure, she said: “All these kind of things show how important it is to
have data protection clearly established.”
The reform package, which was
approved by the European
Parliament in March, has divided EU governments and still needs work
to become law despite Friday’s progress.
While ministers also agreed on
provisions allowing companies to transfer data to countries outside the
European Union, there was no decision on how to help companies avoid having to
deal separately with the EU’s 28 different data protection authorities.
That issue was thrown into
stark relief by a ruling from Europe’s top court requiring Google to remove
links to a 16-year-old newspaper article about a Spanish man’s bankruptcy.
The search engine has since
received tens of thousands of requests across Europe, and under current rules
has to deal with each national authority.
A ‘one-stop-shop’ arrangement
would allow companies to deal exclusively with the data protection authority in
the country where it has its main establishment. But governments are concerned
about a foreign data protection authority making binding decisions that they
would then have to enforce.
For example, if a complaint
originated in Denmark against a company based in Ireland, the Danish
authorities would have to implement a decision by the Irish data protection
body, something that is both legally and politically difficult
Subscribe to:
Posts (Atom)