Yesterday, attended a session convened by the BCS North London branch, called “Data Privacy – How Private is IT?” The presentation was given by two PWC staff members in two parts, the first was a forward looking review at the proposed EU Data Protection Regulation by Kyrisia Sturgeon and the second part a scenario based exploration of good data protection practice led by Pragasen Morgan. To me the coming key changes in the law are that all companies will need to have a qualified data protection officer, and it implements a right to be forgotten, or more accurately a right to be unindexed.
Tag Archives: privacy - Page 2
I have finally been published on my employer’s web site blog. The article, Conflicting Data Requirements: Privacy versus Transparency looks at the countervailing tendencies by governments legislating for citizen privacy and tax transparency. The article concludes with a series of technical challenges to meet the needs of both political initiatives. The article was syndicated on the Tabb Forum, and you can read that here. The article was originally provoked by a Gartner Press Release which suggests that location and the need for specific jurisdictional compliance will reduce as costs and
Better change that then! In April, the Court of Justice of the EU, ruled that its 2004 Data Retention Directive mandating Information System Services Providers to store all their records for 12 months was declared incompatible with the EU’s Fundamental Charter of [Citizen’s] Rights. It and all the national laws implementing the Directive need to be reviewed to see if they remain legal. Last week, the Government announced that it planned to introduce new laws to plug the gap. This is to be called the Data Retention and Investigatory Powers Bill/Act. (DRIP) which they plan to pass in less than ½ a week using emergency provisions and the agreement of the Labour front bench.
At Don’t Spy on Us’ Day of Action, I attended the seminar/panel “Changing the Law to uphold our privacy”. Amongst the speakers were Ross Anderson, Claude Moraes and Mark Stephens. Ross Anderson works at the University of Cambridge, where he is Professor of Security Engineering. He blogs at “Light Blue Touchpaper”. To me the most memorable contribution, was from Anderson, where he shared his views developed while researching and writing his paper, “Privacy versus government surveillance: where network effects meet public choice”.
In an discussion thread in a BCS group on linkedin, I commented on the bind that US companies have in attempting to meet European Privacy Laws and the US requirement to co-operate with their law enforcement authorities. Some raised the issue of extra-territoriality as based on the location of the storage medium, I said,
The US jurisdictional claim is over the ownership of the storage media not its location. The EU’s jurisdictional claim is over ownership of the data. The current state of law means that it is not possible for US companies to obey the European duty of privacy and the US duties of disclosure.
I should add that the US legal system has some difficulty in accepting privacy as an inalienable right as well as accepting that it is universal; they believe the rights to privacy from government intrusion only belongs to its citizens. This is the inexorable logic of the republic.
The European Parliament, last Wednesday voted on a resolution coming from its Civil Liberties committee which determines the European Parliament’s response to the NSA’s democratic over reach. As Glyn Moody points out in his Techdirt article, in order to become binding, it will need to be agreed by the Council of Ministers where their votes are directed by the Governments of the EU member states.
I read Privacy and Big Data by Craig and Ludloff towards the end of 2013. The first chapter is called “The Perfect Storm”. The book lists a number of consumer and corporate computing trends, from Google’s search solution and their clustered file systems, the consumer adoption of cloud storage and the realisation of parallel computing models. There is no question that data is growing at an explosive rate and that new computational models are being developed to use these new volumes of data in timescales appropriate to the human. These new models are of interest to both the new internet companies and to Governments yet because of both social media and the distributed nature of modern computing raise questions of privacy.
Today, Parliament released the “Culture” select committee’s report “Supporting the Creative Industries”. The headline pursued by most media outlets is that Google’s efforts to limit copyright infringement by its ‘users’ is, to quote the committee chairman, John Whittingdale, “derisory”. This is reported by Computing, which extends Whittingdale’s quotes which demand further action from Google which is erroneously singled out as the single largest source of piracy and thus the single largest source of damage to Britain’s creative industries. Peter Bradwell of the ORG, and Paul Bernal of UEA cover the report and its impact, in Peter’s case on the ORG Blog, in an article called, Culture Committee copyright report one-sided and simplistic and in Paul’s case on his blog in an article called, Supporting the creative economy?. The ORG verbal evidence to the committee is available as a video here…, on Parliament TV. Enjoy the show and Peter’s persistant return to statistics and facts
Earlier this week, the Guardian in conjunction with its partner publishers, New York Times and ProPublica ran an article, Revealed: how US and UK spy agencies defeat internet privacy and security. As we’ll see, the title is a bit misleading, but the agencies certainly gave it their best shot. This story builds on the initial Snowden leaks that the NSA has been using computer technology to spy on everyone using the internet in the USA. The story rapidly came to the UK where it became clear that Britain’s GCHQ was tapping the UK/USA telecom links, sharing intelligence with the USA and providing the NSA with a slightly more legal way of spying on US citizens. There is little doubt that the US & UK’s intelligence agencies have outsourced their own domestic spying which is legally restricted to each other.
The next session, called “Naked Citizens! The Data Protection Regulation and why you should care about it”.
The speakers were Anna Fielder from Privacy International, David Smith, the Deputy Information Commissioner and Kasey Chappele, a Lawyer from Vodafone. Fortunately for Kasey, no-one asked about about Vodafone’s Tax Affairs. She went through some of Vodafone’s route to where they are today, and they are quite proud of where they’ve got to. Critically, she argued that while Privacy is seen as a compliance issue, it won’t improve, it’s only when companies start to compete on Privacy that managers will treat Privacy as more than a burden.
A tweeted conversation between Tom Watson MP and Chris Gerhard, in the afterglow, of the Guardian’s running a story that the FBI are looking for warrant-less and secret intrusion into an email provider’s customers.