Home > Data Protection, Facebook, Google, Privacy, Social Media > The Privacy platform

The Privacy platform

On Wednesday 7th September 2011, the European Parliament, in Brussels hosted the PRIVACY PLATFORM: “The Transatlantic Dimension of Data Protection“.

E-crime Expert attended this meeting where the presentations were given by: Mrs. Francoise Le Bail, European Commission, Mr. Gus Hosein, Privacy International, Mr. Caspar Bowden former Microsoft Chief privacy Officer, Mr. Jan Philipp Albrecht, Member of European Parliament (Greens/EFA), Mr. Richard Allan, Facebook and Honorable Ambassador William E. Kennard, US Mission to the European Union. The Chair of this meeting was MEP Sophie In’t Veld.

The Privacy Platform started with Mr. Hossein’s presentation from where we can highlight the following:

-The US Privacy Act applies just to US citizens.

-Of course in US are limitations regarding privacy for non US citizens but there are looking for redressing the situation

-As he can observe, in US privacy by design is not yet working properly

-In 2007 a new Privacy Body (Privacy Oversight Court) was created in order to better protect privacy

The second presenter was Mr. Bowden who mentioned that he never seen enforcement of the Safe Harbor Agreement so far in relation to the EU Data Protection legislation.

-In US , privacy is granted by the Constitution to their citizens

-As per his acknowledgment, the risks of the Patriot Act have not been assessed since 2008 in regards to non US citizens

-He said that first it should be clarified what data is subject to the Patriot Act

-Some policy circles in US think that private data should be collected just as necessary

-The Passenger Name Record (PNR) Agreement does not give any guarantees regarding privacy as a former US politician noticed

Further, it was Mr. Allan’s intervention where he mentioned that Facebook operates on a global level and that Facebook is not just a sharing place but also it is a global platform which is widely operated in EU as well. The aim of Facebook is to be a socializing network where people socialize and share information, otherwise would be consider an anti-socializing environment.

-Facebook is still experiencing, trying to find their way

-Facebook is part of the Safe Harbor Agreement

-Facebook has its European Headquarter in Ireland and many subsidiaries in Europe such as Germany, etc

-Facebook recognize the Irish Data Protection legislative framework and the Irish Data Protection Supervisory Authority

-Facebook has consultations with the Irish Data Protection Supervisory Authority in order to follow their Data Protection legislative framework

-Facebook is trying to offer the best level of Data Protection for its European users

-To note that Facebook is still establishing in Europe

-Facebook does not want to be like Google and to experience the market but they want to see and follow a clear business framework in Europe, framework which will allow businesses to operate and develop in EU, offering protection to their clients but also to their business

-Facebook recognizes that there are several issues of jurisdiction as well, quite complicated in regards to data portability, cloud computing, etc.

Next on the list was Mrs. Le Bail who said that the Commission mandate is to protect the EU citizens’ personal data

-But the actual system is less clear and less effective so far

-For this reason the current system (Directive 95) is under review and we will see what is going to happen next after this review will come to an end

-She knows about an initiative in the US Congress with regards to privacy protection, seeking for better protection

-The current EU legislative framework tries to be in control of its EU citizens’ data to offer better privacy protection

-She calls for stopping the EU Data Protection legislative fragmentation among the 27 Member States as when the Directive was transposed into the national law there were 27 ways of transposing and interpreting it

-She is seeking for more simplification and consistency

-She mentioned that the revision of this Directive is looking also to offer protection of data when it comes to police and judicial cooperation, as this issue is not yet covered in the current Data Protection legislation

-EU has a real interest to solve the Data protection issue and they are seeking in the US a reliable and serious partner of discussion and collaborator

-Sophie In’t Veld the Chair of this meeting asked Mrs. LeBail what is the jurisdiction of the data stored under EU soil? Does it come under the US Patriot Act?

-Mrs. Le Bail answered that they are not yet engaged in this matter but she thinks that US authorities when it comes to EU companies with US subsidiary, they have to use dialog and legal ways (under the EU Data Protection legislation) of accessing the EU Data rather than using the Patriot Act. This is an undergoing negotiation item between US and EU

-Unfortunately, the current situation allows US to access EU data under the Patriot Act if a EU business has even just a mailbox in US, falling under US legislation.

After this presentation it was the turn of Honorable Mr. Kannard to present his points and opinions which stated that this issue is very complex due to its technical features

-He mentioned also that mutual assistance between US and EU it is already in place on this matter

-The current PNR Agreement is under negotiation which is aiming to replace the 2007 Agreement between US and EU. This new Agreement it is an extremely elaborated one in regards to offering a better Privacy protection

-He explained that the Safe Harbor Agreement refers to the transfer of corporate data between US and EU

-The revision of the EU Data protection Directive takes place in the same time, in parallel with the revision of the US Consumer Data Protection Act and US is watching with interest the progress and news this new EU Data Protection revision brings

-The Commissioner Reding pointed out the great opportunity of collaboration between US and EU in regards to these legislative revisions

– The US Federal Trade Commission issued a state report having several recommendations regarding privacy by design and do not track concept as central point

-New legislation proposed by US Senators which is endorse by the Obama Administration aims to offer very specific consumer privacy rights in the new consumer privacy rights bill. Also, this bill presents very substantial and innovating systems of offering consumer privacy along with a new code of conduct

-In the US Congress other similar very important bills have passed with regards to Children Privacy Protection, geo location similar with the new proposed text of the EU Data Protection Directive

-The US revision has as central points the consumer rights, accountability also trying to consult with their EU partners, to find new ways in order to protect their citizens from the new privacy issues emerging from the new technological developments

-He points out that in both side of the Atlantic, EU and US are going in the same direction with regards to privacy and data protection

-Sophie In’t Veld asked if both US and EU want to make a good privacy standard document

Last but not least it was the presentation of Mr. Albrecht where he said that developments such as globalization and digitalization bring new challenges such as those regarding to privacy. On the Internet is not any sovereign state anymore, sovereignty does not exist anymore on the online world

-Privacy and the Internet show us many challenges for the next years to come. Maybe those challenges could be dealt with thorough common regulation among US and EU, if they both chose to collaborate

-EU wants to collaborate with US and also to encourage the competition in this online environment because just fair competition could bring further technological development. In this regards, US and EU should come out with common regulations  and rules which will foster trust for our consumers and citizens

-Unfortunately, he observed companies, which disregard the Safe Harbor Agreement or the EU Data Protection Directive, especially when those companies are not located on the EU territory

-The transatlantic collaboration should be based on sovereignty and respect of the citizens from both worlds.

Sophie In’t Veld the Chair of this meeting concluded that privacy should be a non-negotiable issue and in this regard neither US nor the EU should negotiate it.

In E-crime Expert‘s  opinion this is a very emotional and politically concluding statement, which coming from a politician it is not unusual. But also, besides these very motivating statements we should also ensure that the lawmakers and politicians completely understand the reality behind the new technological developments and how those actually work in practice. I am mentioning this with reference to the new Directive 2009/136/EC and its implementation among the 27 EU member states (MS) because there are already discussions regarding what consent is and how/when this could be obtained.

For example, in France consent with regards to this new Directive, is when a user did not change his/her browser settings to block cookies. In UK, contrarily, the consent has to be obtained prior to the cookie installation on the user’s browser, and so are many differences in interpretation within the next 25 MS. This applicability of the Directive 2009/136/EC aka “Cookie Directive” is related also to the “Transatlantic dimension of the Data Protection” as the major players on the Internet field such as Google, Facebook, eBay, booking.com, LinkedIn, YouTube, etc are all located in US. They all you use cookies for delivering their services and those cookies can track, transfer and use EU citizens’ data if installed on a browser or machine. The consent issue is crucial for delivering and assuring an adequate protection for their personal data and privacy.

I think the legislation should include, from its conception, a central point in the technical features of what it tries to regulate (i.e. cookies, browser, the Internet). When the legislation is made, the law makers should know how to make the legislation fit the technology because otherwise when the legislation is implemented the enforcement authorities have room for their own interpretations of the law, which leads to poor applicability and higher chances for loopholes.

Any questions can be submitted to:  dan@e-crimeexpert.com

Additional information can be found at: www.e-crimeexppert.com

What do you think about this Data Protection panel? What do you know about your Data Protection rights? Do you know where to make a complain in regards the violation of your personal data?

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: