Archive for the ‘Privacy’ Category

« Older Entries

Google’s privacy invasions lead to yet another fine – when will the buck stop?

Tuesday, April 23rd, 2013

Yesterday the Data Protection Agency in Hamburg, leading the charge for all German privacy enforcers, fined Google €145,000 just short of the maximum fine of €150,000 for illegally capturing and storing personal data.  Google collected often sensitive personal information through its so-called Google-cars which drove around the streets of Europe and elsewhere to take pictures for its StreetView service.  The head of the Hamburg agency Dr. Johannes Caspar, who at the time was the first to make the practice public, called the case “one of the most serious cases of violation of data protection regulations that have come to light so far.”  In doing so he echoed similar comments made by the Dutch privacy enforcers on the same case.

Google can now add this latest fine to the increasing number they have faced after a series of privacy breaches. The real trouble is that the fines seem to have no effect on the company’s behaviour, because with over 90% of the European market share Google knows that without competition web users and therefore advertisers (Google’s real customers) will continue using their services. For Google the fines they have received are merely the cost of doing business and worth it to maintain their monopoly grip.

But Google still doesn’t seem to get it.  Perhaps most concerning in this regard is the explanation Google continues to put forward, echoed by Eric Schmidt to the BBC only yesterday, that this was the result of the “actions of a single individual” and the matter was dealt with immediately. An FCC report in April 2012 already made it clear that the harvesting of data was neither an accident nor the work of a single member of staff, rather the privacy concerns flagged to project supervisors were simple shrugged off or, worse, willingly ignored. Furthermore, it was only when German authorities approached Google about the collection of data that the company admitted what had taken place and sought to take (limited) action.

Both Caspar and the Dutch agency also rejected Google’s claims.  ”The fact that this happened over such a long period of time and to the wide extent established by us allows only one conclusion: that the company’s internal control mechanisms failed seriously,” said Johannes Caspar.

ICOMP has already pointed out that Google’s practices have not changed since Dr. Caspar first brought these serious violations into the open.  Together with five other European privacy enforcement agencies Dr. Caspar’s office is investigating yet another serious violation by Google.  We recall that the French privacy enforcers of the CNIL led an investigation that found that Google’s existing privacy policy violates EU privacy rules.  The CNIL has announced that enforcement actions will be taken by the six before the Summer.

In his statement today Dr. Caspar admitted that the level of fines in Germany is “totally inadequate for the punishment of such serious breaches of data protection.” But privacy enforcers can and should do more to protect the privacy of Europe’s citizens than simply impose such meaningless fines.  Existing law gives them the power to tell Google to stop collecting and using personal data as long as its practices are not in line with EU rules.  EU citizens deserve that meaningful steps are taken to protect their privacy.  It is high time that enforcers use all the tools that are available to them to stop this repeat violator from continuing to invade their privacy only to satisfy its insatiable hunger for advertising dollars.

Tags: , , , , , , ,
Posted in Privacy | Comments Off

Google fails to comply with EU privacy laws. Authorities in six member states decide to take sanctions. Others need to follow.

Wednesday, April 3rd, 2013

Today the French Data Protection Authority (CNIL) announced that at least six European Data Protection Authorities (DPAs) will take the investigation into Google’s privacy policy to the next level and are drafting sanctions.

Following an investigation led by the CNIL, the so-called Article 29 Working Party found that Google violated EU privacy law and requested on 26 October 2012 that Google change its privacy policy Google refused to do so even after it met with a taskforce composed of the DPAs of France, Germany, Italy, the Netherlands, Spain, and the United-Kingdom.

As a result, the six members of this taskforce have today launched actions based on their respective national legislation that should lead to the imposition of fines and force Google to bring about specific changes.

ICOMP regrets that it has taken such drastic action from the six DPAs in question to bring Google into line and calls upon Google to rapidly change its policy and respect the legitimate privacy concerns of its users.  ICOMP expects the remaining DPAs in Europe to follow suit. After all, the purpose of the Article 29 Working Party’s unprecedented investigation was to avoid divergent responses from the 27 DPAs plus their 4 partners (Croatia, Norway, Iceland and Liechtenstein). Enforcement action by only six of these authorities when the EU Directive which has been breached applies in every European jurisdiction, represents precisely this kind of divergence.

Despite the Article 29 Working Party’s conciliatory attitude (asking for a delay in the privacy policy’s initial implementation and eschewing its injunctive powers), Google has deliberately frustrated the investigation at every turn. In June 2012 (2 months after the policy’s implementation), the CNIL wrote to Google expressing regret that responses to earlier questionnaires concerning Google’s privacy policies were “often incomplete or approximate”. Then in February of this year, the French authority said it still had not received “any precise and effective” responses from Google.

From this conduct, European authorities should glean two things:-

1.       That only regulatory intervention will remedy Google’s transgressions – its market dominance means it can and indeed will put its own interests above those of the consumer; and

2.       Only rigorous enforcement will ensure compliance – Google has shown its unwillingness to cooperate with good will.

A recent study by privacy campaign group Big Brother Watch reveals that almost three quarters (71%) of Britons believe data protection authorities were right to investigate Google’s privacy policies and 66% believe that national regulators such as the Information Commissioner’s Office in the UK should be doing more to force Google to comply with existing European directives on privacy. Consumers care about their online privacy and need regulators to defend it. What is needed now is imaginative thinking to come up with such sanctions, including issuing an incentive to Google to stop collecting and using personal data until it complies with the rules.

Tags: , , , , , ,
Posted in Privacy | Comments Off

Against the Goliaths of the online marketplace the law must stand behind David, says Reding

Wednesday, March 20th, 2013

Yesterday the European Commission’s Vice President Viviane Reding addressed the EU Consumer Summit on the issue of enforcement.

Ms Reding reaffirmed the vital importance of consumer defences, particularly in times of economic crisis, saying that consumer spending accounts for 56 per cent of the EU’s GDP but that its full potential could only be tapped once consumers were given the confidence to shop across EU borders. This confidence, said Reding, has to stem from consumer rules which “protect David when he is negotiating with Goliath.”

The Vice President went on to say that “strong rules become weak when they can be disregarded with impunity” and that therefore, the Commission needs to take a more prominent role in monitoring and coordinating enforcement of these rules, in particular by:

  • Making use of the Unfair Commercial Practices Directive to improve consumer welfare;
  • Simplifying internal procedures and strengthening deterrents within Member States; and
  • Ensuring information supplied to consumers about legal rights and warranties is accurate.

One area specifically mentioned by Reding as a market where consumer vulnerability continues to be exploited is the online sphere – a problem about which ICOMP has spoken extensively.

The behaviour of today’s digital “Goliaths” is all too often inimical to the interests of consumers. Taking, for example, the issue of privacy, consumers are often given little or no indication of the policies which apply when they use online services and have scant recourse when they feel their concerns have been ignored. As the number of ongoing multijurisdictional privacy investigations will attest – certain dominant online service providers clearly recognise no existing deterrent to their infringement of consumer privacy rights.

Ms Reding makes an important point when she says that it is up to the Commission to enforce the rights of the consumer and that this needs to extend beyond the high street. ICOMP Director Auke Haagsma said “Ms Reding is right that the Commission cannot sit on the side-lines when rules are disregarded.  We welcome her determination to ensure that these protections are  extended to the digital marketplace.”

Tags: , , , ,
Posted in Healthy Marketplaces, Intellectual Property, Legal Actions, Online Marketplace, Privacy, Search, Security | Comments Off

Caught again!

Tuesday, March 12th, 2013

Another day, another Google privacy breach.

This time no less than 30 US states have taken aim at Google for surreptitiously collecting sensitive personal data sent over their WiFi networks.  According to a press release from Attorney General Jepsen of Texas, they have not only fined Google, but they have also ordered Google to “engage in a comprehensive employee education program about the privacy or confidentiality of user data; to sponsor a nationwide public service campaign to help educate consumers about securing their wireless networks and protecting personal information; and to continue to secure, and eventually destroy, the data collected and stored by its Street View vehicles nationwide between 2008 and March 2010.”

“While the $7 million is significant, the importance of this agreement goes beyond financial terms. Consumers have a reasonable expectation of privacy. This agreement recognizes those rights and ensures that Google will not use similar tactics in the future to collect personal information without permission from unsuspecting consumers,” Jepsen said.

The fact that it requires repeated action by privacy regulators before a company will respect the privacy of its users is unacceptable. When one considers the unprecedented access this company has to our sensitive personal data, it also becomes dangerous. This case is simply the latest of numerous other privacy violations by Google, including the Buzz debacle, the well-documented “Spy-Fi” data grab in which Google was found to have breached privacy legislation in 9 countries before the US, and, of course, the new privacy policy under which Google shares user data across all platforms.

ICOMP’s Auke Haagsma said “ The statement by the State AGs is further evidence of Google’s complete and utter disrespect for people’s privacy. Internet users around the world deserve that their personal data are being treated with care, not simply used to prop up Google’s advertising business from which it derives some 96% of its income.”

Tags: , , , ,
Posted in Legal Actions, Online Marketplace, Privacy, Security | Comments Off

CNIL Continues Investigation – UPDATE

Thursday, February 28th, 2013

On 16th February 2013, France’s National Commission for Computing and Civil Liberties, (CNIL) announced that in response to Google’s Privacy Policy, it would be forming a working group “in order to coordinate their repressive action which should take place before summer”. The probe itself focused on the degree to which the Privacy Policy directly impacts the personal privacy of its users.

This latest announcement indicates that not only has the Data Protection Authority found that the concerns it was investigating are valid, but the advertising giant has also proven to be non-cooperative throughout. The CNIL’s statement noted that Google had not provided “any precise and effective” responses in answer to an EU-wide investigation and that this was a deciding factor in the continuation of the investigation. This has in fact been the disposition of Google throughout the process.

Going back as far as May 2012 just 8 weeks after concerns were initially voiced, the French Data Protection Authority (the CNIL) wrote to Google expressing its regret that responses to earlier questionnaires concerning Google’s privacy policies were “often incomplete or approximate”.

A further indication of Google’s disassociation and even disregard for Europe’s DPAs has been its ever present statement in response to media enquiries, which has not changed at all since the start of the investigation, even though the circumstances have evolved. The statement itself in fact seems to be completely at odds with that of the CNIL, with Google expounding on-going engagement and coordination whilst the regulators saying the complete reverse.

ICOMP Director Auke Haagsma said, “As ICOMP’s director with responsibility for our Privacy Working Group I have been meeting with a number of lawyers, regulators, media and other concerned parties around Europe to discuss how to get the right balance on privacy. One thing stands out from all these conversations: people want to be able to trust that companies to whom they give sensitive personal information use that information very carefully and in full respect of their privacy. Google’s attitude towards the CNIL specifically and European Privacy rules generally seem to fly completely in the face of this reasonable expectation.

Just two days after it refused to even respond to the CNIL and provide clear explanations to the users of its products on what personal data it collects and what it will use this for, Google’s Global Privacy Counsel called Europe’s privacy rules “whacky” and  “hopelessly vague”.  His view is very simple: if Europe wants “fast innovation” which is “the only hope to maintain high rich-world living standards for our aging Western societies” it has to allow Google to act as it pleases, if it wants to protect the privacy of its citizens Google will offer them “slower, less-cutting-edge services”. 

ICOMP will continue to conduct conversations with members, interested parties and media across Europe about digital privacy. The Initiative would like to see Google take this investigation seriously by cooperating with the CNIL, working on behalf of Europe’s citizens to protect their privacy and personal data.

UPDATE, 27 February 2013:

The CNIL has today expanded on an earlier announcement that it would be undertaking coordinated “repressive action” against Google “before the summer” by announcing that the company would be called to appear before a group of EU data privacy watchdogs “in the coming weeks” to answer for its failure to bring its privacy policies into line with European legislation despite being given ample time and opportunity to do so. ICOMP welcomes this decisive step to protect consumer privacy from the pernicious conduct of one dominant player in the online market. 

 

Regards,

The ICOMP Secretariat

Tags: , ,
Posted in Healthy Marketplaces, Online Advertising, Online Marketplace, Privacy, Search, Security | Comments Off

Consumers back privacy law action against Google

Monday, February 25th, 2013

Almost three quarters (71%) of Britons believe that data protection authorities were right to investigate Google’s privacy policies according to a new study by privacy campaign group Big Brother Watch. 66% of respondents went further than this, saying that national regulators such as the Information Commissioner’s Office in the UK should be doing more to force Google to comply with existing European directives on privacy. More generally, the poll indicates that 68% of respondents are concerned about online privacy with nearly a quarter “very concerned.”

The survey, which polled 2,050 British adults online, comes following a response deadline in the investigation by French watchdog the CNIL into Google’s decision to pool user data from all its services, including YouTube and Gmail. CNIL announced last week that Google had failed to provide “any precise and effective answers” as to how it will bring its policy into line with EU law.

In a much-noted response to this news, a Google spokesman last week replied: “Our privacy policy respects European law and allows us to create simpler, more effective services. We have engaged fully with the CNIL throughout this process, and we’ll continue to do so going forward.”

Big Brother Watch director Nick Pickles said: ‘The message from consumers is clear – regulators were right to investigate Google’s new privacy policy and now they need to do more to force the company to comply with the law. Online privacy is an important issue for a significant number of people and not enough is being done to address these fears.’

ICOMP has repeatedly emphasised the need for online services that give users the necessary trust by offering services that respect people’s privacy.  For Google to say that our privacy must be the cost of innovation is cynical and misleading. True innovation is fostered by a healthy and competitive online marketplace that takes user’s needs seriously, not by one that invades their privacy for monetary gains by a single monopolistic company. Google has consistently ignored this. Now is the time for the EU’s data protection authorities to take things in hand.

Tags: , , , , , , , , ,
Posted in Online Marketplace, Privacy, Search, Security | Comments Off

Privacy Matters: CNIL Continues Investigation

Tuesday, February 19th, 2013

On 16th February 2013, France’s National Commission for Computing and Civil Liberties, (CNIL) announced that in response to Google’s Privacy Policy, it would be forming a working group “in order to coordinate their repressive action which should take place before summer”. The probe itself focused on the degree to which the Privacy Policy directly impacts the personal privacy of its users.

This latest announcement indicates that not only has the Data Protection Authority found that the concerns it was investigating are valid, but the advertising giant has also proven to be non-cooperative throughout. The CNIL’s statement noted that Google had not provided “any precise and effective” responses in answer to an EU-wide investigation and that this was a deciding factor in the continuation of the investigation. This has in fact been the disposition of Google throughout the process.

Going back as far as May 2012 just 8 weeks after concerns were initially voiced, the French Data Protection Authority (the CNIL) wrote to Google expressing its regret that responses to earlier questionnaires concerning Google’s privacy policies were “often incomplete or approximate”.

A further indication of Google’s disassociation and even disregard for Europe’s DPAs has been its ever present statement in response to media enquiries, which has not changed at all since the start of the investigation, even though the circumstances have evolved. The statement itself in fact seems to be completely at odds with that of the CNIL, with Google expounding on-going engagement and coordination whilst the regulators saying the complete reverse.

ICOMP Director Auke Haagsma said, “As ICOMP’s director with responsibility for our Privacy Working Group I have been meeting with a number of lawyers, regulators, media and other concerned parties around Europe to discuss how to get the right balance on privacy. One thing stands out from all these conversations: people want to be able to trust that companies to whom they give sensitive personal information use that information very carefully and in full respect of their privacy. Google’s attitude towards the CNIL specifically and European Privacy rules generally seem to fly completely in the face of this reasonable expectation.

Just two days after it refused to even respond to the CNIL and provide clear explanations to the users of its products on what personal data it collects and what it will use this for, Google’s Global Privacy Counsel called Europe’s privacy rules “whacky” and  “hopelessly vague”.  His view is very simple: if Europe wants “fast innovation” which is “the only hope to maintain high rich-world living standards for our aging Western societies” it has to allow Google to act as it pleases, if it wants to protect the privacy of its citizens Google will offer them “slower, less-cutting-edge services”. 

ICOMP will continue to conduct conversations with members, interested parties and media across Europe about digital privacy. The Initiative would like to see Google take this investigation seriously by cooperating with the CNIL, working on behalf of Europe’s citizens to protect their privacy and personal data.

 

Regards,

The ICOMP Secretariat

Tags: , , ,
Posted in Legal Actions, Online Marketplace, Privacy | Comments Off

2013: the year of data privacy

Tuesday, January 29th, 2013

They do say that information is power and, as we mark International Data Privacy Day 2013, never has this time-honoured adage been more relevant.

The twentieth century saw ideological wars fought over who should control the means of production – the factories, machines and tools used to produce wealth. Those battle-lines still exist (albeit between different parties) but today nobody is arguing over Soviet tractors or pig iron. This is the “information age”.

In our increasingly digitised world, data is the most valuable natural resource. It is the sustenance of social interaction, the currency of commercial enterprise and the capital of business. Corporates, consumers and governments alike emanate and devour data. Yet far too few of us – from barista hammering away on his laptop to the most hulking of multi-national corporations – fully appreciate the need to be aware of the personal and private data others have entrusted to us and remain vigilant and proactive about protecting it.

As such, it is no surprise that so many people are heralding 2013 as the year when data privacy tops the regulatory agenda.

This year will see EU member states revamping their legislation to protect citizens from the unfair and unlawful processing of their personal data. This legislation will naturally be eagerly anticipated by consumer groups but will also have a sizeable impact on online service providers. Facebook’s recently launched Graph Search tool, for instance, is one example of where difficulties may arise, after critics argued that it could be used to unearth sensitive data on the social network’s 1 billion users.

Later this month, the time allotted to Google to bring its privacy policy into line with EC law will also run out. European privacy regulators, led by French watchdog the CNIL, have presented the search giant with recommendations as to how its privacy practices (changed unilaterally in March 2012) need to be modified and consumers await to see whether these steps will be taken. The case of Google also raises the interlinked issue of competition since if one single service is totally dominant, there is currently little to prevent it telling consumers “my way or the high way.” As Big Brother Watch Director Nick Pickles asks: how can [consumer] consent to share data with one particular service be taken as free and informed consent?”

Only time will tell which way these particular cookies (pun most assuredly intended) crumble but one thing which can be said with certainty is that the issue of data privacy and protection has never been more relevant to how we live our lives.

ICOMP believes that being a good digital citizen means being a good steward of data and hopes International Data Privacy Day 2013 will underline how important it is that every digital citizen (from consumer to corporate) to be fully informed about the online decisions they make and about the consequences of these decisions for their data.

Tags: , , , , , , , , ,
Posted in Privacy | Comments Off

Mike Weatherley MP on the Launch of Rock The House and the Importance of the UK Music Industry

Tuesday, March 22nd, 2011

The music sector is an important and growing part of the UK economy, representing a £3.9bn industry and acting as a significant source of foreign exports and domestic employment.

I believe that the future of the industry lies in the hands of the up and coming artists and the live music venues that support them. Artists and venues, however, are finding it increasingly hard to break through in a sector where many consumers think it is their right to access content for free. This is likely to be further exacerbated by the Government’s “Intellectual Property and growth” review which will have an impact on the ability of the music industry to be rewarded for the content they create.

Without recognition that music constitutes the creative and intellectual property rights of artists, the future contribution the sector makes to the economy will be in jeopardy. This is particularly bad news for anything outside of mainstream genres and will serve only to stifle the diversity of the British music scene.

With this in mind, I recently launched Rock the House, the first ever parliamentary competition to find the best live band and live music venue in the UK. Designed to capture the imagination of the public and legislators, it aims to promote the intellectual property rights of unsigned and up and coming musicians as well as highlight the importance of live music venues to local communities.

I’ve been astounded at how well Rock the House has been received by other MPs and the public. Many MPs have shown their support for the live music sector through blogging about how they are organising the next stages of the competition locally and in my Hove & Portslade constituency we will be having a ‘Battle of the Bands’ competition in April. It’s also fantastic to have on board Chris Ingham, Group Publisher of Future Publishing, musicians and music professionals, alongside John Robertson MP (Chair of the APPG on Music).

Yet much more needs to be done to support the music industry if the UK is to preserve and protect this sector from intellectual property rights abuses. My hope is that the competition will help to drive awareness of the rights of musicians and encourage the Government to think twice about its potentially hugely damaging proposals that will restrict the ability of musicians and others in the creative industry from receiving the benefits they are entitled to from the content they generate.

For more details or to enter the competition please see www.rockthehouse.me.uk or contact me at
Mike.Weatherley.mp@parliament.uk by the 31st March.

Mike Weatherley MP
Hove and Portslade

Posted in Privacy | Comments Off

French Privacy Watchdog Bites

Monday, March 21st, 2011

On 21 March 2011, the French Data Protection Authority (La Commission Nationale de l’Informatique et des Libertés – CNIL) announced that it had imposed a record fine of €100,000 on Google for legal infringements relating to Google Maps, Street View and Latitude.

The background was the collection of personal data by Google from unsecured Wi-Fi networks, widely known as Spi-Fi. The French Data Protection Authority considered that these activities were in breach of French data protection rules and put Google on notice in May 2010 to correct its behaviour. It was the failure to respond to this notice that led to the imposition of the fine.

The Authority stated that the purpose of Google’s infringing activities was to develop a high performance database for its GPS services and by those means to develop a dominant position in the market for GPS services.

The French Data Protection Authority also described how following various inconsistent statements of Google as to what data had been collected and why, it told Google to stop the infringing activities and to hand over a complete copy of the captured data. The Authority found that Google had registered not only SSID and MAC addresses for Wi-Fi access points but also lots of personal information including passwords, emails, as well as information relating to the health and sexual orientation of individuals.

In its decision, the Authority remarked that although Google has undertaken to put an end to the Spi-Fi activities of “Google Cars”, it has not undertaken not to use all the information illegally collected. The Authority also noted that Google has now found a different means to collect the data it needs for its GPS services: smartphones and other mobile devices.

The calculation of the fine took into account Google’s refusal to accept the applicability of French law, the seriousness of the infringements and the commercial nature of the benefits derived by Google from its illegal activities. This last point may be particularly significant given that Google has denied ever actually using the data.

A copy of the Authority’s press release (in French) can be found here

Other Data Protection Authorities in Europe continue to investigate and further findings that serious breaches of the law took place are highly likely. A number of criminal investigations are also underway in Europe.

David Wood
ICOMP Legal Counsel

Posted in Legal Actions, Privacy | Comments Off

« Older Entries