From: [log in to unmask] [[log in to unmask]] On Behalf Of EDRI-gram newsletter [[log in to unmask]]
Sent: 19 May 2010 20:48
To: [log in to unmask]
Subject: EDRi-gram newsletter - Number 8.10, 19 May 2010

============================================================

            EDRi-gram

 biweekly newsletter about digital civil rights in Europe

     Number 8.10, 19 May 2010


============================================================
Contents
============================================================

1. Two Digital Agendas, but one European Union
2. Irish Court allows Data Retention Law to be challenged in ECJ
3. Industry proposed RFID Privacy Impact Assessment Framework
4. New Belarus Internet regulations require compulsory web registration
5. Google: We have collected information sent over the WiFi via StreetView
6. German supreme court fines owner of open WiFi network
7. ECJ Advocate General: Limitations to the levy on private copies
8. Facebook under pressure for not observing its privacy principles
9. Macedonia: New Law on Electronic Communications Adopted
10. UK: Dismantling the database state
11. Belgium: Win your privacy!
12. ENDitorial: Malmström seeks to distance from blocking as criticism grows
13. Recommended Action
14. Recommended Reading
15. Agenda
16. About

============================================================
1. Two Digital Agendas, but one European Union
============================================================

The European Parliament (EP) passed on 6 May 2010, with a large
majority, a resolution adopting the report on a new Digital Agenda for
Europe: 2015.eu by MEP Pilar del Castillo Vera. The report outlines the
Internet policy for the next five years and beyond.

Two weeks later, on 19 May 2010, the European Commission made public its
Digital Agenda for Europe - an action plan that "would contribute
significantly to the EU's economic growth and spread the benefits of the
digital era to all sections of society."

The EP report asks that a European Charter of citizens' and consumers'
rights in the digital environment, consolidating data privacy and protection
against cybercrime with special protection of minors and young adults,
should be implemented by 2012 and that the Cybercrime Convention should be
ratified by 2015. "Preserving 'a fair balance between the right-holders'
rights and the general public's access to content and knowledge' is also
crucial" says the report. The Charter should consolidate the Community
acquis including, in particular, users' rights relating to the protection of
privacy, vulnerable users and digital content as well as guaranteeing
adequate interoperability performance. The protection of privacy constitutes
a core value and all users should have control of their personal data,
including the "right to be forgotten." By this report, the MEPs reaffirm
that rights in the digital environment should be considered within the
overall framework of fundamental rights.

"Citizens should be made aware of the privacy impact of their behaviour in
an online context, and should be afforded the right to require the removal
of personal data even when the data was initially collected with the consent
of the data subject," also says the report which consider that the "fight
against cybercrime is another significant challenge. The effective
enforcement of EU legislation in this field is often obstructed by
cross-border legal issues, such as competent jurisdiction or applicable
law."

The Commission's Digital Agenda also talks about the need of increased
cooperation between the different government entities for tracking down
criminal organizations. Even though a lot of rumours have indicated the
presence of child pornography blocking issues in the Agenda, the final text
dilutes the message, but keeps the text "preventing viewing", which may lead
to dangerous interpretations for digital human rights: "For instance, to
tackle sexual exploitation and child pornography, alert platforms can be put
in place at national and EU levels, alongside measures to remove and prevent
viewing of harmful content."

EP calls on the Commission, the Body of European Regulators for Electronic
Communications and the National Regulatory Authorities to promote the "net
neutrality" provisions, to monitor its implementation closely and to report
to the European Parliament before the end of 2010. It also considers that EU
legislation should preserve the "mere conduit" provision established in the
e-Commerce Directive (2000/31/EC) as a crucial way of enabling free and open
competition on the digital market.

The Commission is announcing a public debate in the summer of 2010 on net
neutrality, while it "will also monitor closely the implementation of the
new legislative provisions on the open and neutral character of the
internet."

The report emphasises the need to develop a "Fifth Freedom" that enables the
free circulation of content and knowledge and to achieve, by 2015, a
convergent, consumer-friendly legal framework for accessing digital content
in Europe, which would improve certainty for consumers and achieve a fair
balance between the right-holders' rights and the general public's access to
content and knowledge. MEPs consider that sanctions, as possible tools in
the field of copyright enforcement, should be targeted at commercial
exploiters before individual citizens, as a point of principle.

On the other hand the European Commission is leaving its conservationist
position and is no longer talking of a further enforcement of copyright
online, making this "a first timid step, that it might pave the way to a
reasonable and balanced evolution of copyright in the EU if it leads to a
truly open debate on the question, and creates the conditions for a possible
policy-shift", as La Quadrature de Net interprets it.

However the Commission's Digital Agenda has omitted using the term "open
standards", that had been present in previous versions. "While it
includes some important building blocks for Free Software, the omission of
Open Standards rips a gaping hole in this agenda," explains Karsten Gerloff,
President of the Free Software Foundation Europe.

The EP report has in view high-speed broadband Internet access and digital
skills for everybody, including disadvantaged population groups and people
living in rural and remote regions, at a competitive price. MEPs believe 50%
of EU households should be connected to very high-speed networks by 2015 and
100% by 2020 and "all primary and secondary schools must have reliable,
quality Internet connections by 2013 and very high-speed Internet
connections by 2015". Moreover, in addition, "ICT training and e-learning
should become an integral part of lifelong learning activities, enabling
better and accessible education and training programmes". MEPs also want 75%
of mobile subscribers to be 3G users by 2015.

The EC's plans are establishing the 2020 target for the "internet speeds of
30 Mbps or above for all European citizens, with half European households
subscribing to connections of 100Mbps or higher."

Europe's digital revolution by 2015.eu (5.05.2010)
http://www.europarl.europa.eu/news/public/focus_page/008-73866-120-04-18-901-20100430FCS73854-30-04-2010-2010/default_p001c010_en.htm

Digital Agenda: Commission outlines action plan to boost Europe's prosperity
and well-being (19.05.2010)
http://europa.eu/rapid/pressReleasesAction.do?reference=IP/10/581&format=HTML&aged=0&language=EN&guiLanguage=en

A new Digital Agenda for Europe: 2015.eu (5.05.2010)
http://www.europarl.europa.eu/sides/getDoc.do?type=TA&reference=P7-TA-2010-0133&language=EN&ring=A7-2010-0066

Communication from the Commission: A Digital Agenda for Europe (19.05.2010)
http://ec.europa.eu/information_society/digital-agenda/documents/digital-agenda-communication-en.pdf

EU Parliament calls for data rights charter (07.05.2010)
http://www.out-law.com:80/page-11002

Digital Agenda: Caution required for the future EU Net policies (Press
Release) (19.05.2010)
http://www.laquadrature.net/en/digital-agenda-caution-required-for-the-future-eu-net-policies-press-release

Lack of Open Standards "gaping hole" in EC's Digital Agenda (19.05.2010)
http://fsfe.org/news/2010/news-20100519-01.en.html

============================================================
2. Irish Court allows Data Retention Law to be challenged in ECJ
============================================================

Recently, the Irish High Court ruled in favour of EDRi-member Digital Rights
Ireland (DRI) allowing the civil liberties campaign group to challenge the
EU Data Retention Directive at the European Court of Justice (ECJ). This is
the result of four years of work by the legal team of the group.

In its action introduced in 2008 against the Ministers for Communications
and Justice, the Garda Commissioner and the State, DRI claimed the
defendants had illegally processed and stored data related to DRI and other
mobile phone users contrary to Irish and European law. Also involved in the
case was the Human Rights Commission (HRC) as adviser to the court on legal
matters.

DRI claimed the European data retention directive was in breach of
fundamental rights under the EU treaties, the European Convention on Human
Rights and the Charter of Fundamental Rights.

The Irish court ruled that, in this matter, a reference to the ECJ was
required and appropriate at the current stage of the proceedings.

Justice McKechnie noted that "the matters pleaded in this case do raise
issues of significant public importance. Given the rapid advance of current
technology it is of great importance to define the legitimate legal limits
of modern surveillance techniques used by governments. Without sufficient
legal safeguards the potential for abuse and unwaranted invasion of privacy
is obvious. That is not to say that this is the case here, but the potential
is in my opinion so great that a greater scrutiny of the proposed
legislation is certainly merited," and decided that Digital Rights Ireland
had the right to contest whether the provisions of the data retention
directive "violate citizen's rights to privacy and communications".

Ireland is thus following other European countries that have lately
questioned the constitutionality of the European directive, such as Germany,
Hungary, Bulgaria and Romania.

The decision of the Irish High Court gives ECJ the opportunity to decide
whether the Data retention Directive is lawful or not. Article 8 of the
European Convention on Human Rights related the right to privacy will
probably be the base of the challenge. The answer of the ECJ on the matter
will very much depend on the questions prepared by the Irish Court. DRI had
suggested a form of questions to be submitted in its Statement of Claim but
the High Court needed more suggestions. The questions are part of the Order
of the Court making the reference to the ECJ that should be received by
every EU Member State.

"To avoid a defeat before the European Court of Justice the European
Commission must propose swift amendments to the unconstitutional data
retention directive. The EU-wide compulsion to collect communications data
is outdated and must be repealed. Blanket data retention has proven to be
superfluous, harmful or unconstitutional in many states across Europe and
the world, such as Germany, Austria, Belgium, Greece, Romania, Sweden and
Canada. These states prosecute crime just as effectively using targeted
instruments, such as the internationally agreed Convention on Cybercrime,"
stated Sandra Mamitzsch of the German Working Group on Data Retention.

The High Court will determine in about. 3 weeks the precise text of the
questions to be referred to the ECJ. Once this is done the case is formally
referred and it will probably take about two years to get a hearing in the
ECJ. Every Member State of the EU has a right to intervene and be heard in
the matter.

Data Retention Challenge: Judgement re Preliminary Reference, Standing,
Security for Costs - High Court decision (5.05.2010)
http://www.scribd.com/doc/30950035/Data-Retention-Challenge-Judgment-re-Preliminary-Reference-Standing-Security-for-Costs

High Court decision on our data retention challenge (5.05.2010)
http://www.digitalrights.ie:80/2010/05/05/high-court-decision-on-our-data-retention-challenge/

European court to rule on data storage law (6.05.2010)
http://www.irishtimes.com/newspaper/ireland/2010/0506/1224269793253.html

Digital Rights Ireland Data Retention Case (10.05.2010)
http://www.mcgarrsolicitors.ie:80/2010/05/10/digital-rights-ireland-date-rention-case/

Digital Rights Ireland no longer a voice in the wilderness (6.05.2010)
http://www.irishtimes.com/newspaper/ireland/2010/0506/1224269793309.html

EDRi-gram: Digital Rights Ireland Challenge to Data Retention (2.08.2006)
http://www.edri.org/edrigram/number4.15/drireland

============================================================
3. Industry proposed RFID Privacy Impact Assessment Framework
============================================================

Following the RFID recommendation issued by the European Commission on
12.05.2009, an informal working group on the implementation on the
recommendation was set up, especially focusing on the task of creating a
RFID Privacy Impact Assessment Framework. Members of the group were mainly
industry representatives, some representatives of European standardisation
organisations and a very limited number of civil society representatives -
EDRi amongst them. While the status of the group was strictly informal, its
meetings were facilitated and organised by the European Commission.

As suggested in the RFID recommendation the drafting of the Privacy Impact
Assessment (PIA) Framework was carried out by the industry. Other
stakeholders had the opportunity to comment on the respective current draft
version after three of the five meetings that took place in the course of
one year.

Following the RFID recommendation, the final industry proposal was submitted
for endorsement to the Article 29 Working Party on 31.03.2010. Almost one
month later, on 26.04.2010 - one day before it was published on the website
of the European Commission - the members of the informal working group also
received a copy of this final proposal from industry representatives.

Compared to the last known draft version the final proposal incorporates a
number of significant changes. EDRi therefore still needs to analyse the
final proposal in detail in order to gain a complete picture and to develop
a final opinion on the framework.

What can be said so far is that EDRi's recommendation to base the PIA
Framework on an structured analytical approach as commonly used in IT risk
assessment (e.g. as provided by the German IT-Grundschutz Catalogues or the
EuroPriSe Criteria Catalogue) was not considered to be a suitable approach
for this Framework.

While the text of the framework states that "a PIA is a practical privacy
and data protection risk tool" (page 3) helping the RFID Application
Operator "to manage risks to its organisation and to users" (page 4), it
apparently fails to identify a single specific risk and suitable
counter-measures but rather concentrates on a general description of a
potential PIA process and the potential structure of PIA reports.

Analyse will show if the framework provides sufficient guidance for "RFID
Operators, regardless of their size and sector" (page 3) to properly analyse
the privacy and data protection risks associated with the use of RFID
technology and to answer these risks effectively.

According to the process defined in the Commission's RFID recommendation, it
is now on the Article 29 Working Party to respond to the Industry proposal,
either by endorsement or otherwise. EDRi will continue to work on privacy
and data protection in the area of RFID and the Internet of Things and to
contribute at European and national levels to the creation of a
privacy-friendly information infrastructure.

The Industry Proposal Privacy and Data Protection Impact Assessment
Framework for RFID is publicly available on the website of the European
Commission.

European Commission: Commission Recommendation on the implementation of
privacy and data protection principles in Applications supported by
radio-frequency identification (12.05.2009)
http://ec.europa.eu/information_society/policy/rfid/documents/recommendationonrfid2009.pdf

Industry Proposal Privacy and Data Protection Impact Assessment Framework
for RFID Applications (31.03.2010)
http://ec.europa.eu/information_society/policy/rfid/documents/d31031industrypia.docx

Bundesamt für Sicherheit in der Informationstechnik: IT-Grundschutz
Catalogues
https://www.bsi.bund.de/cln_156/EN/Topics/ITGrundschutz/ITGrundschutzCatalogues/itgrundschutzcatalogues_node.html

European Privacy Seal: EuroPriSe Criteria
https://www.european-privacy-seal.eu/criteria/EuroPriSe%20Criteria%20Catalogue%20public%20version%201.0.pdf

(contribution by Andreas Krisch - EDRi)

============================================================
4. New Belarus Internet regulations require compulsory web registration
============================================================

Based on a decree issued on 1 February 2010 by President Alyaksandr
Lukashenka, Belarus Council of Ministers adopted five resolutions
introducing new Internet regulations which require a compulsory registration
of all web sites and the collection of personal data of Internet cafe users.

According to one of the resolutions, the registration is required for all
Internet resources on the territory of the Republic of Belarus, irrespective
of their commercial or non-commercial nature. Starting with 1 July 2010,
legal entities and individual entrepreneurs are obliged to make the
transition to the use of information networks, systems and resources of the
national segment of the Internet, located on the territory of the Republic
of Belarus.

Lawyer Lyudmila Chekin explained that, in terms of the resolutions, all
Internet resources that are on the territory of Belarus must be registered
as Internet Service Providers. It seems it is still not clear what specific
provider the law will apply to: the hosting provider which provides virtual
hosting, or only to the physical host. Providers will also need to record
additional information (a statement in the State Register of information
networks, systems and resources, including more than 30 points that cover
not only the name, passport details and contact of the owners of the
resource, but also a detailed description of the site, network (IP) resource
addresses, domain names, registration number of the data centre, the type of
hosting used by resource ports transport protocols and others.)

Moreover, besides the fact that all websites must register and that the
registration will cost, they must also be hosted in Belarus which implicitly
means that all foreign-based sites may be sanctioned, leading to the
termination of their service provision. The decree leaves however room for
interpretation. According to Chekin, a first possible interpretation could
be that the requirements for the transition to the Belarusian hosting would
only apply to residents or non-residents having a permanent establishment on
the territory of Belarus. A second possible interpretation could be that the
provision of Internet services on the territory of the Republic of Belarus
by non-residents who do not have branches or representative offices in
Belarus is completely prohibited.

Belarus New Internet Regulations (12.05.2010)
http://globalvoicesonline.org:80/2010/05/12/belarus-new-internet-regulations/

Regulated enough? (only in Russian, 12.05.2010)
http://habrahabr.ru/blogs/bynet/93378/

EDRi-gram: Censorship in Belarusian Internet cafes (27.02.2010)
http://www.edri.org/edrigram/number5.4/belarus

============================================================
5. Google: We have collected information sent over the WiFi via StreetView
============================================================

Google admitted that the previous information on the data they have gathered
with their Street View service was wrong and this included "samples of
payload data from open (i.e. non-password-protected) WiFi networks."

The information comes after several letters were sent to Google by the Data
Protection Authorities on the information the company had gathered in their
StreetView service. As reported in the previous EDRi-gram, the initial
answer from Google posted on 27 April acknowledged that the Google's Street
View cars gather information only in three categories: photos of the
street, WiFi network information, and 3D building imagery.

However, a new answer published on 14 May 2010, confirmed that the initial
information was incomplete and they also collected "payload data
(information sent over the network)".

Google claims that this was done by mistake and the data was never used in
any Google products. They have also indicated that only fragments of payload
data were gathered because: the cars are on the move, someone would need to
be using the network as a car passed by and the in-car WiFi equipment
automatically changes channels roughly five times a second.

The blog post published by Alan Eustace, Senior VP, Engineering & Research
announced that Google wanted to delete the data as soon as possible and that
they had decided to stop collecting WiFi network data entirely with their
Street View cars.

According to an update on 17 May 2010, following a request of the Irish Data
Protection Authority, Google announced that the "all data identified as
being from Ireland was deleted over the weekend in the presence of an
independent third party."

The decision was challenged also by an open letter of the Privacy
International (PI) that considers the instruction to delete the date "is
based on advice that is ill-informed and irresponsible, as the action may be
unlawful. We urge Google to politely ignore these instructions and, instead,
securely store the data with a trusted third party pending further
investigation." PI has also announced that it will seek a prosecution for
unlawful interception under the UK's Regulation of Investigatory Powers Act,
noting that "in those circumstances there would be no question of destroying
the data."

This latest privacy issue can only support the arguments of the public
letter sent some months ago by several privacy Commissioners from Canada,
France, Germany, Ireland, Israel, Italy, the Netherlands, New Zealand, Spain
and the UK. The letter called on Google to collect and process the minimum
amount of personal information required for a service, to be clear about how
it would be used and to ensure that privacy settings were default and easy
to use.

As PI has recently replied to the public blog post: "This latest incident
was not caused by a mistake; it was caused by a failure of process that cuts
across the entire company. In the absence of a systemic change in product
development and deployment procedures the latest incident will be just one
in a continuing litany of transgressions on personal privacy."

Google said Street View cars had been collecting WiFi data in Australia,
Austria, Belgium, Brazil, Britain, Canada, the Czech Republic, Denmark,
Finland, France, Germany, Greece, Hong Kong, Hungary, Ireland, Italy, Japan,
Luxembourg, Macau, Mexico, the Netherlands, New Zealand, Norway, Poland,
Portugal, Romania, Singapore, South Africa, South Korea, Spain, Sweden,
Switzerland, Taiwan and the United States.

The latest statements of Google chief Eric Schmidt tried to downplay the
current privacy concerns over Google Street View Service. Mr Schmidt said at
the company's annual Zeitgeist conference UK : "Who was harmed? Name the
person", considering that it was "highly unlikely" that any of the collected
information was "useful" and that there appeared to "have been no use of
that data."

WiFi data collection: An update (14.05.2010)
http://googleblog.blogspot.com/2010/05/wifi-data-collection-update.html

An open letter to EU privacy commissioners regarding deletion of Google WiFi
data (18.05.2010)
http://www.privacyinternational.org/article.shtml?cmd[347]=x-347-566323

Google chief Eric Schmidt downplays wi-fi privacy row (18.05.2010)
http://news.bbc.co.uk/2/hi/technology/10122339.stm

Google and privacy: What crisis? (19.05.2010)
http://www.bbc.co.uk/blogs/thereporters/rorycellanjones/2010/05/google_and_privacy_what_crisis.html

EDRi-gram: UK and Germany question the data collected by Google Street View
(5.05.2010)
http://www.edri.org/edrigram/number8.9/google-street-view-wifi-germany-uk

============================================================
6. German supreme court fines owner of open WiFi network
============================================================

The Federal Supreme Court in Germany (Bundesgerichtshof (BGH)) has ruled in
a case where an illegal download took place via an open wireless Internet
Access point, that the owner of the which should have secure it with a
password.

In this case, it was an intellectual property related issue with a musician
asking for damages because a piece of music was illegally downloaded and
later on made available via a file-sharing network.

But the owner of the WiFi network could prove that he was away on
holiday and someone else used his unprotected wireless network.

BGH indicated that, in this case, he should have switched off or
sufficiently protect the network. Since this did not happen, he was
awarded a fine for negligence and the fine was set to a maximum of 100
Euros. This ruling makes now clear that damages cannot be claimed in
Germany from a WiFi owner.

A similar case in Denmark in 2008 had a contrary decision. In that situation
the women who allegedly infringed Intellectual property rights was the
owner of an open wireless connection. She was not found guilty though
because it was not clear if she was the person actually responsible for the
infringement, or any other member of the family or a guest that used the
open WiFi.

In UK, Professor Lilian Edwards of Sheffield University warned that
according to the recent Digital Economy Bill, users might be responsible for
other people's use of their networks to infringe copyright.

German court fines man who failed to secure his Wi-Fi network
http://www.out-law.com/page-11023

BGH restricts consequences of disturber liability for wireless operators
(12.05.2010)
http://www.heise.de/newsticker/meldung/BGH-schraenkt-Folgen-der-Stoererhaftung-fuer-WLAN-Betreiber-ein-998591.html

Danish WiFi Case - 2008 (only in Danish 5.09.2008)
http://www.itpol.dk/files/AabenTraadlosDom_0.pdf

============================================================
7. ECJ Advocate General: Limitations to the levy on private copies
============================================================

Verica Trstenjak, Advocate General at the EU Court of Justice, believes the
levy on private copies imposed on digital equipment, devices and media
should be limited to cases "where it may be presumed that they are to be
used for private copying".

The European Directive on copyright and related rights in the information
society gives reproduction rights for audio, visual and audio-visual
material to authors, performers and producers, but lets the Member States
allow private copying, provided there is a 'fair compensation' for
rightholders.

Spain has decided to allow the reproduction for private use of works which
have already been circulated, without the rightholders' permission and has
provided for a lump-sum compensation by means of a levy to be paid by
manufacturers, importers or retailers to intellectual property rights
management societies on private copies, applied indiscriminately to digital
reproduction equipment, devices and media. In Trstenjak's opinion, such a
levy in favour of authors, artists and producers may not be applied
indiscriminately to companies and professional persons who acquire equipment
and data media for other purposes.

The question arose as SGAE, a Spanish collective society, sued PADAWAN, a
company marketing electronic storage media such as CD-Rs, CD-RWs, DVD-Rs and
MP3 players. SGAE claimed the payment of 16 760 euro as compensation for
private copying related to the storage media marketed between September 2002
and September 2004 by the company. The appeal to the case was brought in
front of the Audiencia Provincial de Barcelona which had to consider whether
the Spanish levy rule was compatible with the European directive and asked
ECJ on how the "fair compensation" required by the directive should be
organised. The decision of the Spanish court and therefore the output of
SGAE case will depend on ECJ's answer.

According to the General Advocate, although the concept of "fair
compensation" used in the directive should be interpreted uniformly in all
the Member States, each Member State may determine the most appropriate
criteria for ensuring compliance with the directive concept. Irrespective of
the system used by each Member State in calculating fair compensation, there
is the obligation to ensure a fair balance between the rightholders affected
by the private copying exception, and the persons directly or indirectly
liable to pay the compensation. Therefore, in her opinion, when a Member
State, such as Spain, chooses a levy on digital reproduction equipment,
devices and media, there should be the presumption that the respective
equipment, devices and media are to be used for making private copies and
not for other purposes.

Although the Court of Justice may be influenced by the Advocate General's
Opinion, this has however no binding force as the role of the Advocates
General is to independently propose to the Court a legal solution to the
cases for which they are responsible.

Court of Justice of the European Union - Press release no 45/10 on SGAE case
(11.05.2010)
http://curia.europa.eu/jcms/upload/docs/application/pdf/2010-05/cp100045en.pdf

Opinion of Advocat General Trstenjak on SGAE case (11.05.2010)
http://curia.europa.eu:80/jurisp/cgi-bin/form.pl?lang=EN&Submit=rechercher&numaff=C-467/08

Advocate-general limits application of private copying levy (11.05.2010)
http://www.europolitics.info/advocate-general-limits-application-of-private-copying-levy-art271571.html

============================================================
8. Facebook under pressure for not observing its privacy principles
============================================================

The recent changes of Facebook's privacy settings have attracted a lot of
negative comments from regular users, but also from Data Protection
authorities and NGOs.

In a public letter, the Article 29 Working Party, the group of European data
protection authorities, has bluntly accused Facebook for its data
protection practices, calling "unacceptable that the company fundamentally
changed the default settings on its social-networking platform to the
detriment of a user."

The 75th plenary session of the Working Party has also addressed letters to
the 20 social network operators that have signed the "Safer Networking
Principles for the EU " asking them for a "a default setting in which access
to the profile information and information about the connections of a user
is limited to self-selected contacts. Any further access, such as by search
engines, should be an explicit choice of the user." The letters also
included the issues of the third-party application providers of social
network services and of third persons contained in users' profiles.

On a different level, Trans Atlantic Consumer Dialogue (TACD), a coalition
of U.S. and European consumer advocacy groups has adopted a new resolution
criticizing the U.S. and European governments for failing to protect social
network users from privacy and marketing abuses. "Social networks are like
virtual homes for millions of people, but they are being invaded by data
miners and marketers seeking to capitalize on information that users never
intended to provide to strangers," said Susan Grant, co-chair of the TACD
Information Society Policy Committee. The resolution calls for the U.S. and
EU governments to prohibit social networks from targeting advertisements to
children under 16 and to bar them from using online marketing practices that
studies show can have a negative impact on individuals, particularly
children - for instance, digital marketing of products that contribute to
childhood obesity.

Facebook is trying to redeem its respect, by publicly answering questions
posted to New York Times in relation with these new privacy concerns and
even leaking some information that they are working again on "its privacy
options".

But the current answers are flatly contradicting its own stated Principles
on privacy, as EDRi-member Electronic Frontier Foundation (EFF) explains:
"Facebook wrote these Principles and designed them to not only reassure its
users, but to give itself wiggle room for the future. It is a carefully
drafted document, and Facebook has no excuse not to live up to the minimum
standards it set out for itself. If Facebook wants to regain the trust of
its users, following its own principles would be a good place to start."

Article 29 Data Protection Working Party: European data protection group
faults Facebook for privacy setting change (12.05.2010)
http://ec.europa.eu/justice_home/fsj/privacy/news/docs/pr_12_05_10_en.pdf

TACD: US/EU Consumer Advocates Demand Strong Rules to Protect Privacy and
Security of Social Network Users (05.2010)
http://tacd.org/index.php?option=com_content&task=view&id=161&Itemid=43

TACD: Resolution on Social Networking (05.2010)
http://tacd.org/index2.php?option=com_docman&task=doc_view&gid=265&Itemid=40

Facebook Executive Answers Reader Questions (11.05.2010)
http://bits.blogs.nytimes.com/2010/05/11/facebook-executive-answers-reader-questions/

Facebook Should Follow Its Own Principles (13.05.2010)
http://www.eff.org/deeplinks/2010/05/facebook-should-follow

Updated: Facebook Further Reduces Your Control Over Personal Information
(19.04.2010)
http://www.eff.org/deeplinks/2010/04/facebook-further-reduces-control-over-personal-information

Facebook to simplify privacy settings in response to backlash (18.05.2010)
http://www.sfgate.com/cgi-bin/blogs/techchron/detail?&entry_id=63881

============================================================
9. Macedonia: New Law on Electronic Communications Adopted
============================================================

The amendments to the Law on electronic communications would allow the
Ministry of Interior to play the "Big Brother" role, concluded the
opposition parties during the debate on this bill that took place in the
Assembly on 11 May 2010.

According to the allegations of the opposition party SDSM, not only the
Ministry of Interior would eavesdrop on telephone conversations without any
obstruction, but it would also be authorized to monitor the computers of all
Macedonian citizens.

According to the opposition party New Democracy, these amendments are not
prepared in accordance with the European standards and they are jeopardizing
the privacy of all Macedonian citizens. This party argued that the current
government, aside from adopting a law which is not harmonized with the
European legislation is also strengthening the position of the Ministry of
Interior, thus creating a police state.

On the other hand, Deputy Minister of Transport and Communications Goran
Mihajlovski claims that the proposed amendments to the Law on electronic
communications have been prepared in accordance with the latest report of
the European Commission.

According to the Deputy Minister, the amendments clearly define the
authorizations and responsibilities of relevant institutions, therefore
enabling the further development of the competition, the liberalization of
the electronic communications, the entry of new operators and the
introduction of new services and affordable charges for the citizens.

"Brussels expects the government to submit the adopted Law on Electronic
Communications. The Commission has not been consulted about the adopted
amendments, and Brussels would comment once it receives the text of the
bill" announced the Delegation of the European Commission in Skopje.

Assembly of Republic of Macedonia: Proposal for changing and amending
the Law on electronic communications (second reading) (only in Macedonian)
http://www.sobranie.mk/ext/materialdetails.aspx?Id=4055857c-81de-45b1-b3d6-838f5eaeaa8a

(contribution by EDRi-member Metamorphosis Foundation - Macedonia)

============================================================
10. UK: Dismantling the database state
============================================================

The new UK government's coalition agreement includes a list of measures in
order "to reverse the substantial erosion of civil liberties under the
Labour Government and roll back state intrusion."

This includes the following:

- The scrapping of ID card scheme, the National Identity register, the
next generation of biometric passports and the Contact Point Database.
- Outlawing the finger-printing of children at school without parental
permission.
- The extension of the scope of the Freedom of Information Act to
provide greater transparency.
- Adopting the protections of the Scottish model for the DNA database.
- The protection of historic freedoms through the defence of trial by
jury.
- The restoration of rights to non-violent protest.
- The review of libel laws to protect freedom of speech.
- Further regulation of CCTV.
- Safeguards against the misuse of anti-terrorism legislation.
- Ending of storage of internet and email records without good reason.

The latter two points make a possible reference to the Regulation of
Investigatory Powers Act and the reform or repeal of the Data Retention
Directive implementation respectively.

The legal status of several state databases have been called into question
in a 2009 comprehensive map of UK government databases called the "Database
State" published by the liberal Joseph Rowntree Reform Trust

Full Text: Conservative-Lib Dem deal (12.05.2010)
http://news.bbc.co.uk/2/hi/uk_news/politics/election_2010/8677933.stm

Welcome to the former Big Brother House (17.05.2010)
http://www.openrightsgroup.org/blog/2010/welcome-to-the-former-big-brother-house

EDRi-gram: Database state (25.03.2009)
http://www.edri.org/edri-gram/number7.6/reading

============================================================
11. Belgium: Win your privacy!
============================================================

Retaining telecommunications data, the new law on the Special Intelligence
Methods, the use of passenger data from airlines by judicial authorities and
the police, and the ubiquity of cameras are but a few examples of measures
that violate our right to privacy.

The Liga voor Mensenrechten is deeply worried about the increasing number of
violations of the right to privacy. In the past few years, many measures
have been taken by the government under the guise of fighting terrorism and
serious crime that threaten and erode the privacy of citizens. This is
unacceptable and in violation of the international and national privacy
laws. The right to privacy is a fundamental human right that can only be
limited in case that is absolutely necessary. These days, the
proportionality and subsidiarity principles have however all but disappeared
from the radar.

The Liga helps you win back your right to privacy! Citizens have largely
lost their right to privacy, but the Liga voor Mensenrechten offers people
the chance to fight back and regain their privacy. The fight starts in Gent
on 18 May 2010 where the privacy campaign will be launched, and will finish
with a grand closing event on 17 November 2010.

During the coming six months, the Liga will organise numerous activities,
a.o., guided privacy walks, events in the streets, theoretical classes,
camera spotting, a city game and - as closing event - handing out the Big
Brother Awards on 17 November in the Vooruit in Ghent, Belgium.

Campaign website
http://www.winuwprivacy.be

Nominees of the Belgium Big Brother Awards
http://www.winuwprivacy.be/kandidaten

(contribution by Jonas Maebe - Liga voor Mensenrechten - Belgium)

============================================================
12. ENDitorial: Malmström seeks to distance from blocking as criticism grows
============================================================

Over the last two weeks, Commissioner Malmström has made several determined
efforts to distance herself from Internet blocking and related policies
supported by her and her services.

In June of last year, DG Justice, Freedom and Security (which is now under
Commissioner Malmström's responsibility) proposed Internet blocking as well
as revoking of IP addresses and domain names. When the same policies were
copied and pasted into a Council of Ministers document recently,
Commissioner Malmström used her blog to present this as proof that that
these proposals were not hers and, oddly, that it is too early for the
Commission to fully understand what the Council meant when it put forward
these ideas.

The Commissioner also tried to argue in a recent meeting of the Civil
Liberties Committee meeting that blocking, which was launched by her
services under her leadership, is not just her policy, but that of the
Commission as a whole (which is, of course, true, due to the "collegial"
nature of the institution). In order to encourage this impression she has
been trying to persuade her Liberal colleague Neelie Kroes to add blocking
to the Digital Agenda, even though it was not mentioned in any version up
until shortly before publication. In the end, Commissioner Kroes chose not
to include unequivocal support for blocking in the document - although
probably because it would have been incongruous rather than due to any lack
of support for her colleague.

One of the reasons for Commissioner Malmström's desire to distance herself
from this measure may be the European Data Protection Supervisor's (EDPS)
recent Opinion on the proposal. While being critical of the measure in
general, as well as its possible implications, the EDPS made a point of
condemning the lawless, privatised restrictions on freedom of communication
that have been publicly supported by the Commissioner. In a criticism that
goes far beyond Internet blocking and which has major implications for the
"self-regulatory" approaches proposed by the Commission, which aim to push
Internet Service Providers into proactive Internet police, he stressed "that
a code of conduct or voluntary guidelines would not bring enough legal
certainty".

While Commissioner Malmström is focusing on the symptom (websites containing
illegal material), Commissioner Reding (who has responsibility for child
rights) has taken the initiative to launch a dialogue with the United States
authorities to ensure that the worst child abuse material is taken offline
as soon as possible. Following the crackdown on such material in Russia
after pressure from the EU, positive cooperation with the United States
would be a major step forward in dealing with web-based abuse material.

In the European Parliament, this week will see the first meeting of the MEP
responsible for the blocking dossier (Roberta Angelilli, EPP, Italy)(the
"rapporteur", in Eurospeak) with the MEPs responsible for the dossier from
each of the other political groups ("shadow rapporteurs"). The nature of
these discussions will set the scene for the ultimate compromises that will
be achieved by the Parliament when adopting the legislation.

Commissioner's blog (Swedish)
http://ceciliamalmstrom.wordpress.com/2010/05/10/hall-ordning-pa-anklagelserna/

Commissioner's blog (machine translation - English)
http://bit.ly/aF25pr

Commission's June 2009 proposal
http://www.statewatch.org/news/2009/jun/eu-com-stockholm-prog.pdf

Council Conclusions:
http://www.enisa.europa.eu/media/news-items/council-cyber-crime

EDPS Opinion on the proposal for a Directive of the European Parliament and
of the Council on combating the sexual abuse, sexual exploitation of
children and child pornography, repealing Framework Decision 2004/68/JHA
(10.05.2010)
http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consultation/Opinions/2010/10-05-10_Child_Abuse_EN.pdf

US, EU against Internet child porn (10.04.2010)
http://www.asiaone.com/News/Latest+News/Health/Story/A1Story20100410-209548.html

(Contribution by Joe McNamee - EDRi)

============================================================
13. Recommended Action
============================================================

Consultation: Green Paper on "Unlocking the potential of cultural and
creative industries".

The objective of this consultation is to gather views on various issues
impacting the cultural and creative industries in Europe, from business
environment to the need to open up a common European space for culture, from
capacity building to skills development and promotion of European creators
on the world stage. The responses to the consultation will inform the
Commission and help it ensure that EU programmes and policies involving
cultural and creative industries are "fit for purpose".
http://ec.europa.eu/culture/our-policy-development/doc2577_en.htm

============================================================
14. Recommended Reading
============================================================

Proportionality overrides Unlimited Surveillance
By Katja de Vries and Rocco Bellanova & Paul De Hert (18.05.2010)
http://www.ceps.eu/book/proportionality-overrides-unlimited-surveillance

Fundamental Rights Agency: Data Protection in the European Union: the role
of National Data Protection Authorities (Strengthening the fundamental
rights architecture in the EU II) (07/05/2010 - May 2010)
http://fra.europa.eu/fraWebsite/research/publications/publications_per_year/pub_data_protection_en.htm

Developing Countries Blast WHO Report On IP, Demand Credible Approach
(18.05.2010)
http://www.ip-watch.org/weblog/2010/05/18/developing-countries-blast-who-report-on-ip-demand-credible-approach/

Council of Europe - Draft meeting report from the 28-29.01.2010 consultation
meeting on the protection of rights of broadcasting organisations
http://www.coe.int/t/dghl/standardsetting/media/MC-S-NR/MC-S-NR%282010%29Misc1%20Draft%20meeting%20report.asp#TopOfPage

WIPO Broadcasting Study: Study on the socioeconomic dimension of the
unauthorized use of signals - Part II: Unauthorized access to broadcast
content - cause and effects: a global overview (10.05.2010)
http://www.wipo.int/edocs/mdocs/copyright/en/sccr_20/sccr_20_2_rev.pdf

EFF: Web Browsers Leave 'Fingerprints' Behind as You Surf the Net
(17.05.2010)
http://www.eff.org/press/archives/2010/05/13

============================================================
15. Agenda
============================================================

22-24 May 2010 - Cologne, Germany
SIGINT 2010 - a conference for hackers, Internet residents and
activists, organized by Chaos Computer Club
http://events.ccc.de/sigint/2010/wiki/CFP

26-28 May 2010, Amsterdam, Netherlands
World Congress on Information Technology
http://www.wcit2010.com/

30-31 May 2010, Montreal, Canada
Third International Workshop on Global Internet Governance: An
Interdisciplinary Research Field in Construction
http://giga-net.org/page/2010-international-workshop

8-9 June 2010 - Funchal, Portugal
4th International Workshop on RFID Technology - Concepts, Applications,
Challenges - IWRT 2010
http://www.iceis.org/Workshops/iwrt/iwrt2010-cfp.htm.

25-27 June 2010, Cluj, Romania
Networking Democracy?
New Media Innovations in Participatory Politics
http://www.brisc.info/NetDem/

28-30 June 2010, Torino, Italy
COMMUNIA 2010 Conference: University and Cyberspace
Reshaping Knowledge Institutions for the Networked Age
http://www.universities-and-cyberspace.org

9-11 July 2010, Gdansk, Poland
Wikimedia 2010 - the 6th annual Wikimedia Conference
Call for participation by 20 May 2010
http://wikimania2010.wikimedia.org/wiki/Main_Page

25-31 July 2010, Meissen, Germany
European Summer School on Internet Governance
http://www.euro-ssig.eu

29-31 July 2010, Freiburg, Germany
IADIS - International Conference ICT, Society and Human Beings 2010
http://www.ict-conf.org/

2-6 August 2010, Helsingborg, Sweden
Privacy and Identity Management for Life (PrimeLife/IFIP Summer School 2010)
http://www.cs.kau.se/IFIP-summerschool/

13-17 September 2010, Crete, Greece
Privacy and Security in the Future Internet
3rd Network and Information Security (NIS'10) Summer School
http://www.nis-summer-school.eu

14-16 September 2010, Vilnius, Lithuania
Internet Governance Forum 2010
http://igf2010.lt/

8-9 October 2010, Berlin, Germany
The 3rd Free Culture Research Conference
Call for Papers - Abstract Deadline: 7 June 2010
http://wikis.fu-berlin.de/display/fcrc/Home

28-31 October 2010, Barcelona, Spain
oXcars and Free Culture Forum 2010, the biggest free culture event of all
time

3-5 November 2010, Barcelona, Spain
The Fifth International Conference on Legal, Security and Privacy Issues in
IT Law. Call for papers deadline: 10 September 2010
http://www.lspi.net/

17 November 2010, Gent, Belgium
Big Brother Awards 2010 Belgium
http://www.winuwprivacy.be/kandidaten

============================================================
16. About
============================================================

EDRI-gram is a biweekly newsletter about digital civil rights in Europe.
Currently EDRI has 27 members based or with offices in 17 different
countries in Europe. European Digital Rights takes an active interest in
developments in the EU accession countries and wants to share knowledge and
awareness through the EDRI-grams.

All contributions, suggestions for content, corrections or agenda-tips are
most welcome. Errors are corrected as soon as possible and visibly on the
EDRI website.

Except where otherwise noted, this newsletter is licensed under the
Creative Commons Attribution 3.0 License. See the full text at
http://creativecommons.org/licenses/by/3.0/

Newsletter editor: Bogdan Manolea <[log in to unmask]>

Information about EDRI and its members:
http://www.edri.org/

European Digital Rights needs your help in upholding digital rights in the
EU. If you wish to help us promote digital rights, please consider making a
private donation.
http://www.edri.org/about/sponsoring

- EDRI-gram subscription information

subscribe by e-mail
To: [log in to unmask]
Subject: subscribe

You will receive an automated e-mail asking to confirm your request.
unsubscribe by e-mail
To: [log in to unmask]
Subject: unsubscribe

- EDRI-gram in Macedonian

EDRI-gram is also available partly in Macedonian, with delay. Translations
are provided by Metamorphosis
http://www.metamorphosis.org.mk/edrigram-mk.php

- EDRI-gram in German

EDRI-gram is also available in German, with delay. Translations are provided
Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for
Internet Users
http://www.unwatched.org/

- Newsletter archive

Back issues are available at:
http://www.edri.org/edrigram

- Help
Please ask <[log in to unmask]> if you have any problems with subscribing or
unsubscribing.

************************************************************************************
Distributed through Cyber-Society-Live [CSL]: CSL is a moderated discussion
list made up of people who are interested in the interdisciplinary academic
study of Cyber Society in all its manifestations.To join the list please visit:
http://www.jiscmail.ac.uk/lists/cyber-society-live.html
*************************************************************************************