First Tweeted Int’l Data Protection and Privacy Commissioners Conference – Jerusalem 2010

The 32nd International Conference of Data Protection and Privacy Commissioners, held on  october 27-29 2010 in Jerusalem, Israel, was the first event of its kind to be tweeted live.

Israel’s data protection authority, ILITA, enabled live streaming of the conference on its web site, so that even twitterers who could not attend the conference in person, were able to tweet about it in real time from all over the world.

The hashtag was #privacygenerations and all the tweets were archived at Twapperkeeper.com.


Here are some statistics :

Total tweets: 578

Total twitterers: 78

Total hashtags tweeted: 15
Total URLs tweeted: 38

Top 10 twitterers

80% (463) of the tweets in this TwapperKeeper archive were made by 25% (20) of the twitterers.

The top 10 (12%) twitterers account for 57% (334) of the tweets.

41% (33) of the twitterers only tweeted once.

@nacpec (73)

@PrivacyCamp (40)

@givoly (35)

@embedprivacy (32)

@cedric_laurant (30)

@EUdiscovery (28)

@JulesPolonetsky (25)

@HealthPrivacy (24)

@Bsegalis (24)

@InfoLawGroup (23)

Top 10 @reply recipients and/or mentions

31% (184) of the tweets in this TwapperKeeper archive were @replies or mentions.

24% (19) of the twitterers who tweeted as part of this TwapperKeeper archive received an @reply and/or mention.

Note: recipients marked ‘*’ did not tweet as part of this TwapperKeeper archive.

@zephoria (32) *

@cedric_laurant (20)

@ILITAgovil_en (17)

@JulesPolonetsky (14)

@abrandtva (13)

@givoly (11)

@EUdiscovery (9)

@oceanpark (8)

@InfoLawGroup (8)

@PrivacyCamp (8)

Top 10 “conversations”

(1) @cedric_laurant <–> @givoly (3)

(3) @IsCool <–> @oceanpark (1)

(2) @givoly <–> @JulesPolonetsky (1)

(1) @givoly <–> @oceanpark (2)

(1) @EUdiscovery <–> @privacyguru (1)

(1) @InfoLawGroup <–> @JulesPolonetsky (1)

(1) @Bsegalis <–> @JulesPolonetsky (1)

(1) @givoly <–> @ProfJonathan (1)

(1) @abrandtva <–> @EUdiscovery (1)

Note: a ‘conversation’ is an exchange of at least one @reply or mention in each direction between any two twitterers who tweeted as part of this TwapperKeeper archive.

For more details and statistics, see here.

Share
by on October 30, 2010  •  Permalink
Posted in Conferences, European Union Data Protection, Online Privacy, Weekly Twitter Updates
Tagged , , , ,
Posted by Monique Altheim on October 30, 2010

https://ediscoverymap.com/2010/10/first-tweeted-intl-data-protection-and-privacy-commissioners-conference-jerusalem-2010/

Privacy and Data Protection: A Super Sad True Love Story

Meet Lenny Abramov:

“ZIP code 10002, New York, New York. Income averaged over five-year-span, $289,420, yuan-pegged, within top 19 percent of U.S. income distribution. Current blood pressure 120 over 70. O-type blood. Thirty-nine years of age, lifespan estimated at eighty three (47 percent lifespan elapsed; 53 percent remaining). Ailments: high cholesterol, depression. Born: 11367 ZIP code, Flushing, New York. Father: Boris Abramov, born Moscow, HolyPetroRussia; Mother: Galya Abramov, born Minsk, Vassal State Belarus. Parental ailments: high cholesterol, depression. Aggregate wealth: $9,353,000 non-yuan-pegged, real estate, 575 Grand Street, Unit E-607, $1,150,000 yuan-pegged. Liablities: mortgage $560,330. Spending power: $1,200,000 per year, non-yuan-pegged. Consumer profile: heterosexual, nonathletic, nonautomotive, nonreligious, non-Bipartisan. Sexual preferences: low-functioning Asian/Korean and White/Irish American with Low Net Worth family background; child abuse indicator: on; low self-esteem indicator: on. Last purchases: bound, printed, nonstreaming Media artifact, 35 norther Euros; bound, printed, nonstreaming Media artifact, $126 yuan-pegged; bound, printed, non-streaming Media artifact, 37 northern euros.”

This is Lenny’s profile that the people who inhabit Gary Shteyngart‘s latest novel “Super Sad True Love Story” can freely view on their äppärät.

The novel is set in a near future New York, where everyone walks around with an äppärät around his/her neck, constantly streaming. The streets are lined with Credit Poles, that instantly register and exhibit each passerby’s credit rating from his/her äppärät and giant banners that proclaim: “America celebrates its spenders”. Huge conglomerates named ColgatePalmoliveYum!BrandViacomCredit and AlliedWasteCVSCitigroupCredit call the shots.

At work, there are huge billboards, where each employee’s  health data and mood status are displayed and adjusted daily.

People (with the notable exception of the protagonist, Lenny Abramov) don’t read books anymore, but just scan texts for info.

This world is divided into two categories: The HNWIs (high net worth individuals) and the LNWIs (low net worth individuals). Many LNWIs have lost their homes, their jobs, their health insurance and are camping out in tent cities in Central Park. They don’t even own äppäräts. Riots are about to break out.

Meanwhile, the HNWIs are busy shopping on their äppäräts on sites like AssLuxury. They communicate through a social network site called GlobalTeens. They obsessively  GlobalTrace each other’s locations. Men and women  gauge each other in bars by streaming their Personality, F**kability, Male Hotness and Sustainability ratings on their äppäräts. Detailed sexual preferences are instantly revealed.

And of course, the Governement, via the “American Restauration Authority”, keeps a close eye on all its citizens via those very same äppäräts. It sends regular global messages via the äppäräts, always ending with:”By reading this message, you are denying its existence and implying consent.”

At the center of this darkly satirical novel, a genuine and moving love story unfolds between Lenny and the much younger, e-culturally hip Eunice Park.

While reading Super Sad True Love Story, I was struck by how accurately Shteyngart has depicted most of the current issues concerning loss of privacy: Government Surveillance, Profiling, Geotracking, Global tracking, Legalese Nonsensical Disclaimers, Hyper-Sexualization,  Sub-Literacy are exposed with great wit.  Financial and private health information are not protected and are publicly showcased to favor the young, the healthy, the wealthy and the polyanna-happy.

This novel  is a frightening and powerful description of what will happen to us as a society if we don’t take drastic action NOW to halt the increasing erosion of our privacy by the public and private sector alike.

I love my privacy and would not want it to end the way a super sad true love story always does.

Share
by on October 25, 2010  •  Permalink
Posted in Internet of Things, Mobile Privacy, Online Privacy
Tagged , , , , ,
Posted by Monique Altheim on October 25, 2010

https://ediscoverymap.com/2010/10/privacy-and-data-protectiona-super-sad-true-love-story/

Federal Court in NY Says EU Documents Containing Personal Information are Off Limits in Class Action Litigation

This post was written by Kevin Xu and John L. Hines, Jr.

U.S. courts often disregard foreign data privacy laws in the context of discovery. Litigants sometimes find themselves compelled to produce under U.S. law what they are forbidden to produce under the privacy laws of another country. However, a recent U.S. court decision indicates increasing sensitivity to the privacy expectations of persons abroad.

On August 27, 2010, in connection with In re Payment Card Interchange Fee and Merchant Discount Antitrust Litigation, the court ruled that some data collected and processed in the EU would have been unlawful to transfer to the United States under the EU Privacy Directive, and thus, should not be subject to production in U.S. litigation.

Judge John Gleeson of the U.S. District Court for the Eastern District of New York deferred to the European Commission’s request to shield documents related to its antitrust investigation of the interchange fee practices of Visa and MasterCard from the discovery request of plaintiffs. The plaintiffs had asked the court to compel production of the documents, claiming they were relevant to the litigation at hand, while the European Commission sought to keep the documents confidential under its Privacy Directive. The court held that even though the materials requested by the plaintiffs are plainly relevant to the litigation, federal courts should avoid any unnecessary circumventions of the practice of international comity.

Read More

Share
by on September 15, 2010  •  Permalink
Posted in Online Privacy
Tagged , , , , , , , , , ,
Posted by Monique Altheim on September 15, 2010

https://ediscoverymap.com/2010/09/federal-court-in-ny-says-eu-documents-containing-personal-information-are-off-limits-in-class-action-litigation/

Behavioral Advertising is for Compumers

I saw the movie “Inception” by Christopher Nolan last night. It is not a movie I would usually pick, since I am not particularly fond of science fiction. But my daughter insisted: “You MUST see this movie. You won’t regret it.” I caved in and indeed enjoyed watching that movie. In the movie, technology has advanced to the point where certain highly skilled people are able to enter the human mind through dream invasion and plant seeds for new ideas. The story is sophisticated and emotionally engaging, the actors give excellent performances, and the ending is, well, unexpected.

Marketers using the behavioral advertising technique would have never recommended that movie to me.

Behavioral Advertising is a technique used by internet marketers to target consumers, based exclusively on their past online behavior: Past choices, past preferences, past browsing and search history. Companies will tell you what to purchase, based on your past online behavior.

Amazon’s and Netflix’s recommendations are based on the customer’s past purchases. I recently bought a Garmin nüvi 255W 4.3 inch Portable GPS Navigator on Amazon. Within the hour, I received an email from Amazon, suggesting I might also be interested in the Garmin nüvi 37907 4.3 inch Portable GPS Navigator . Sure, Amazon, thanks! I was just thinking of starting a Garmin nüvi GPS Navigator collection…

Facebook also recommends friends based on people who already are your friends. LinkedIn recommends “People You May Know”, based on your previous connections.

Proponents of behavioral advertising claim that the loss of privacy experienced by  consumers as a result of the creation of individual profiles for the purpose of behavioral targeting is offset by the benefit consumers gain from getting  advertisements that are custom tailored to their peferences and interests.

I beg to differ.

No machine on earth would have recommended I see “Inception”, because none of my past choices pointed in that direction.

But, I am not a “compumer“. I am not a “computer-consumer”. I am a human being, capable of imagination and dreams, programmed for evolution and change.

I am afraid that if we let machines make all our consumption suggestions, we will become frozen in our status quo, defined and limited by our past inputs, in other words, we might welll turn into computers, or “compumers” ourselves.

We will keep watching the same type of movies we have watched in the past, we will keep reading the same type of books we have read in the past, we will keep eating the same type of food we have eaten in the past, we will keep friending the same type of friends we have friended in the past, and we will keep connecting with the same type of professionals we have connected with in the past.

We will be locked into a  class, as determined by data mining companies and online data aggregators.

What will become of that quintessential American idea of being able to “re-invent” ourselves, when our past becomes less than satisfactory? What will become of the desire to expand  horizons, of the allure of unchartered territories, of the drive for social mobility, of the basic human need for change and progress?

But then, maybe one day technology will have progressed to the point where marketers themselves will be able to plant the seeds for all of the above mentioned ideas into our brains through “Inception”!

Update: 11/03/2010

Well, “Inception” in real life has apparently started already! see: http://www.technewsdaily.com/product-placements-on-social-media-sites-will-hack-into-your-memory-1549/

Share
by on July 22, 2010  •  Permalink
Posted in Online Privacy
Tagged , , , ,
Posted by Monique Altheim on July 22, 2010

https://ediscoverymap.com/2010/07/behavioral-advertising-is-for-compumers/

EU Article 29 Working Party Decrees Strict Opt-In Standards for Behavioral Advertising Data Collection

by Bret Cohen

On June 24, the Article 29 Working Party established by the 1995 European Directive on Data Protection published an opinion declaring that online advertisers who want to target ads by tracking consumers’ surfing habits must obtain the consumers’ affirmative opt-in consent to such data collection.At the same time, the Working Party lauded certain privacy-enhancing practices incorporated into behavioral advertising today and it encouraged industry to develop technologies to comply with the framework and “to exchange views” with the Working Party on the use of such technologies.

Behavioral Advertising is Regulated in the EU by Two Primary Sources

The Working Party explained that behavioral advertising ecosystem is regulated in the EU by two primary sources. The first is Article 5(3) of EU Directive 2002/58 (the ePrivacy Directive) that requires that organizations wishing to store or access information on an individual’s computer to obtain the consent of the individual before doing so. The e-Privacy Directive is to be implemented in the national laws of EU member states law by June 2011.

The Opinion explained that since behavioral advertising relies on the placement of cookies (small data files) on individuals’ computers to aid in the tracking of their web browsing habits, the ePrivacy Directive applies. In addition, the Opinion went on to specify that if the behavioral advertising involves the collection of any personally identifiable information (PII), including an individual’s IP address (which is recognized as PII in the EU), then the EU Directive 95/46/EC (the Data Protection Directive) also applies.

Opt-In Consent Requirement and Opt-Out Deficiencies Explained

The major theme of the opinion is that under the ePrivacy Directive, meaningful, informed consent must be obtained by an individual before any information is collected and used for behavioral advertising purposes. The opinion went a long way in discussing what the Working Party considers to be meaningful consent in the behavioral advertising context.

Currently, consumers can “opt out” of behavior tracking through control panels offered by certain online advertising services or by relying on default web browser settings through which Internet users automatically accept all cookies that websites request to place on their computers. Users are therefore automatically “enrolled” in behavioral advertising, and can only stop the practice (if they know it is occurring) by blocking or deleting cookies.

The Working Party rejected this “opt-out” approach, concluding that it does not sufficiently allow individuals the ability to exercise choice on whether to share their information with behavioral advertisers. Instead, it stated that notice to individuals should explicitly reference the ad network that will place the cookie and describe how the information will be used once it is collected. Then, the individual should be given the opportunity to “opt in” to the sharing of their information for behavioral advertising purposes.

Once a user opts in, separate consent would not need to be obtained every time the user visited a website participating in the ad network, but separate consent would need to be periodically obtained (the opinion did not specify a time period) and the user would need to be afforded the opportunity to easily revoke consent.

Read more

Share
by on June 30, 2010  •  Permalink
Posted in European Union Data Protection, Online Privacy
Tagged , , , , , , , , ,
Posted by Monique Altheim on June 30, 2010

https://ediscoverymap.com/2010/06/eu-article-29-working-party-decrees-strict-opt-in-standards-for-behavioral-advertising-data-collection/

The Fifth Sail

“It is quite clear,” replied Don Quixote, “that you are not experienced in this matter of adventures. They are giants, and if you are afraid, go away and say your prayers, whilst I advance and engage them in fierce and unequal battle.”

-DON QUIXOTE de LA MANCHA

Share
by on June 22, 2010  •  Permalink
Posted in Online Privacy
Tagged , , , , , , , ,
Posted by Monique Altheim on June 22, 2010

https://ediscoverymap.com/2010/06/the-fifth-sail/

Of the Valorous Don Quixote’s Success in the Dreadful and Never Before Imagined Adventure of the Windmills

“It is quite clear,” replied Don Quixote, “that you are not experienced in this matter of adventures. They are giants, and if you are afraid, go away and say your prayers, whilst I advance and engage them in fierce and unequal battle.”

-DON QUIXOTE de LA MANCHA

Share
by on May 28, 2010  •  Permalink
Posted in Online Privacy
Tagged , , , , , , , , , , , ,
Posted by Monique Altheim on May 28, 2010

https://ediscoverymap.com/2010/05/of-the-valorous-don-quixotes-success-in-the-dreadful-and-never-before-imagined-adventure-of-the-windmills/

Ediscovery, Cloud Computing and EU Data Protection: Cloud Nationalities Do Matter

Share
by on May 25, 2010  •  Permalink
Posted in Cloud, EDiscovery, Online Privacy
Tagged , , , , , , , , , , , , ,
Posted by Monique Altheim on May 25, 2010

https://ediscoverymap.com/2010/05/ediscovery-cloud-computing-and-eu-data-protection-cloud-nationalities-do-matter/

Privacy Week in Jerusalem, hosted by ILITA: A Preview

ILITA, The Israeli Law, Information and Technology Authority, will host a Privacy Week on October 25-29, 2010 in Jerusalem, Israel.

Article 29 Working Party recently published an an opinion finding that Israeli data protection law largely provides an “adequate level of data protection” under the European Union Data Protection Directive 95/46.

Thus Israel will be joining the small and select club of countries to which personal data from the 27 EU member states and three EEA member countries ( Norway, Liechtenstein and Iceland ) can flow without any safeguard being necessary.

( The other countries deemed “adequate” are : Switzerland, Canada, Argentina, Guernsey, Jersey, Isle of Man and the Faroe Islands.)

This International Conference will consist of two parts:

1.October 25-26: OECD Conference on “Privacy, Technology and Global Data Flows

and

2.October 27-29: The 32nd Annual International Conference of Data Protection and Privacy Commissioners on: ” Privacy: Generations.”

At the recent IAPP Global Privacy Summit in Washington, D.C., one of the more interesting sessions offered a preview to the 32nd Annual International Conference of Data and Privacy Commissioners‘ main themes.

The panel consisted of  Jules Polonetsky, Director of the Future of Privacy Forum, Yoram Hacohen, the Head of ILITA and Dr. Omer Tene, a Law Professor and an Israeli Legal Consultant on Law and Technology.

The theme of the conference will be:

A New Generation of Privacy :

1. A New Generation of Technologies

2. A New Generation of Users

3. A New Generation of Governance

1.The top issues for A New Generation of Technologies will be:

.Privacy by Design,

.E-Health and Genetics

.Profiling and Behavioral Targeting, RFID and the Smart Grid

.Privacy v. Intellectual Property

2.The top issues for a New Generation of Users will be:

.The past: Where did we come from?

.The present: Where are we now? What are the inter-generational shifts in privacy perceptions?

.The Future; Where are we headed?

3.The top issues for a New Generation of Governance will be:

.The relationship of Privacy and Antitrust Law

.Consumer Protection

.Erosion of Consent and the Right to Oblivion

.Government access to private sector data and Conflict of Law

Jules Polonetsky noted that this is the first time that the agenda of the conference has been revealed so openly, and also that for the first time, the conference will be featured on Twitter and Facebook.

ILITA on Twitter: ILITAgovil_en

ILITA on Facebook:Facebook Fan Page

The Privacy Conference’s Website:privacyconference2010.org

The participants at this session were invited to suggest further hot topics for inclusion in the conference. Some of the suggestions were:

.The role of the CPO in the US v the EU

.The differences in approach in the public v the private sector

.Data Security

.The human flesh search phenomenon in China

.The inclusion of Generation Y and their point of view on Privacy issues.

If you have any suggestions, you are welcome to email them to: steeringcom@privacyconference2010.com

Updates:

Program and Registration for Data Commissioner’s Conference now online

http://www.privacyconference2010.org/outline.asp

Irish block EU plan to allow data transfer to Israel http://www.irishtimes.com/newspaper/world/2010/0708/1224274266971.html

“The draft Commission Decision on the adequate protection of personal data in the State of Israel has been adopted on 25 October in the comitology procedure (so called Article 31 Committee),” said the spokeswoman. “The European Parliament has one month of scrutiny. Its opinion is however not binding for the Commission.” http://www.theregister.co.uk/2010/10/29/israel_gets_data_protection_laws_approved/

Share
by on May 6, 2010  •  Permalink
Posted in Conferences, Online Privacy
Tagged , , , , , , , , , , , , , , , ,
Posted by Monique Altheim on May 6, 2010

https://ediscoverymap.com/2010/05/privacy-week-in-jerusalemhosted-by-ilita-a-preview/

Cloud Security and Privacy: A Legal Compliance and Risk-Management Guide, Part 1 and 2

In this two-part series, legal expert Robert McHale, author of Data Security and Identity Theft: New Privacy Regulations That Affect Your Business, provides a comprehensive overview of the legal security and privacy risks associated with cloud computing.

Part 1 discusses the principal federal and state laws regulating cloud activities.

Part 2 provides a practical due diligence checklist companies should consult before entering into a cloud service agreement.

While storage of user data on remote servers is hardly a recent phenomenon, the current explosion of cloud computing warrants a closer look at the associated privacy and security implications.

Cloud computing carries with it its own unique risks regarding the privacy, confidentiality, and security of business information, which companies must fully assess before migrating to the cloud. Armed with an appropriate legal compliance and risk-management strategy—and strong, fully-negotiated contractual protections—companies should be able to safely transfer their data and applications to the cloud.

Part I of this article discusses the principal federal and state laws regulating cloud activities, and the legal security and privacy risks associated with cloud computing.

U.S. Laws and Regulations Governing Data Security and Privacy

The United States has numerous federal and state data security and privacy laws with implications for cloud computing. Unfortunately, there is not a single, comprehensive legal framework in which the rights, liabilities, and obligations of cloud providers and cloud users are regulated or defined. Instead, U.S.-based cloud users and providers must rely upon a veritable hodgepodge of (oftentimes) sector-specific laws to evaluate their legal risks and obligations, and the contractual terms between them.

The most notable data security and privacy laws are examined here.

Read More

The European Union Data Protection Directive

The location of information stored in the cloud can have a profound impact upon the level of privacy and confidentiality protections afforded the information in question, and upon the privacy obligations of the cloud provider.

For instance, the European Union’s Data Protection Directive, which regulates the processing of personal data within the EU as a means to safeguard individual citizens’ privacy, is of particular significance.

Under the EU Data Protection Directive, personal data may be transferred to third countries (non-EU member states) only if that country provides an “adequate” level of protection. Most notably, the United States is not on the list of countries that meet the EU’s “adequacy” standard for privacy protection. Accordingly, an organization that does its processing in the cloud may be violating EU law if the data goes to a server outside of the EU to prohibited countries, such as the United States.

In order to provide a means for U.S. companies to comply with the Directive (and thereby ensure continued trans-Atlantic transactions), the U.S. Department of Commerce, in consultation with the European Commission, developed a “Safe Harbor Program” designed to protect accidental information disclosure or loss.

Read More

Cloud Security and Privacy: A Legal Compliance and Risk-

Management Guide, Part 2

Due Diligence and Cloud Service Agreements

An organization’s contractual agreement with a cloud service provider is perhaps the most critical component in evaluating cloud computing risks, and therefore should be carefully examined before being entering into a cloud relationship.

Cloud Service Agreements (CSAs) should clearly describe the services provided, guarantees, warranties, limitations, liabilities, and the responsibilities and rights of each party.

Proper due diligence requires inquiry into the following categories of concern: data security, performance, limitations of service, data migration, government and third-party litigation access, handling of trade secrets/confidential information, and exit plan, all of which are discussed in detail below.

Data Security

To properly manage the operation risk associated with cloud services, the cloud provider’s level of data security should be carefully examined. At a minimum, the following should be ascertained:

  • Is the cloud provider contractually obligated to protect the customer’s data at the same level as the customer’s own internal policies?
  • Who has access to customer data, and what are their backgrounds?
  • Where is the provider’s data center physically located, and what safeguards exist to prevent data centers from unauthorized access (for example, 24/7 security personnel)?
  • Does the provider promise to maintain user data in a specific jurisdiction and/or to avoid certain jurisdictions?
  • What are the provider’s migration policies regarding moving data back internally or to alternate providers? (Companies need to make sure that no data is lost or falls into the wrong hands.)
  • Does the provider conduct regular backup and recovery tests?
  • Do the provider’s security policies comply with all applicable regulatory rules?
  • Is the provider willing to undergo on-demand or periodic audits and security certifications?
  • Is the provider required to investigate illegal or inappropriate activity?
  • Is the provider required to disclose any new vulnerabilities that may affect the confidentiality of customer data, or the integrity and availability of their services?
  • In the event of lost or compromised data, can the data be backed up, and can it be easily reconstituted from the backups?
  • What are the provider’s policies on data handling/management and access control? Do adequate controls exist to prevent impermissible copying or removal of customer data by the provider, or by unauthorized employees of the company?
  • What happens to data when it is deleted?
  • What happens to cloud hardware (for example, trailers of servers) when the hardware is replaced?

Read more

Share
by on May 4, 2010  •  Permalink
Posted in Cloud, Online Privacy
Tagged , , , , , , , , , , , , , , ,
Posted by Monique Altheim on May 4, 2010

https://ediscoverymap.com/2010/05/cloud-security-and-privacy-a-legal-compliance-and-risk-management-guide-part-1/

« Older Posts
Newer Posts »