In re-launching the inquiry into carriers’ data privacy and security practices, the FCC argues that not informing customers about the software or its data practices may have violated the carriers’ responsibility pursuant to Section 222 of the Communications Act of 1934 to protect customer data “that is made available to a carrier solely by virtue of the carrier-customer relationship.” The law allows such data to be used only in “limited circumstances,” a term which is not defined in Section 222. It appears that one of the goals of the renewed inquiry is for the FCC to define the scope of the “limited circumstances.”
- FCC probes how carriers handle subscribers’ private data (fiercewireless.com)
- Net neutrality (economist.com)
- ICO Reopens Google Street View Data Slurping Inquiry (techweekeurope.co.uk)
by Patrick Meier, iRevolution, February 12, 2012
The good people at the Sudan Sentinel Project (SSP), housed at my former “alma matter,” the Harvard Humanitarian Initiative (HHI), have recently written this curious piece on crisis mapping and the need for an “ethical compass” in this new field. They made absolutely sure that I’d read the piece by directly messaging me via the @CrisisMappers twitter feed. Not to worry, good people, I read your masterpiece. Interestingly enough, it was published the day after my blog post reviewing IOM’s data protection standards. …
For full text of the article, visit Stranger than Fiction: A Few Words About An Ethical Compass for Crisis Mapping | iRevolution.
- Stranger than Fiction: A Few Words About An Ethical Compass for Crisis Mapping (irevolution.net)
- On Crowdsourcing, Crisis Mapping and Data Protection Standards (lissnup.wordpress.com)
- Information Forensics: Five Case Studies on How to Verify Crowdsourced Information from Social Media (irevolution.net)
by Christina Hultsch, Technology Law Source, July 25, 2011
Any US company that receives data about individuals living in the European Union must be familiar with the basic principles of consent and data protection within the EU to avoid costly mistakes that are easily made in obtaining consent, should the validity of such consent be challenged by the EU data protection agencies. While certain exemptions may apply that allow receipt of data into the US without consent, companies need to analyze their receipt of such data in light of the new consent opinion discussed below. … Contrary to law in the US, in the EU, obtaining the consent of the individual (the “data subject”) has always played a key role in the European Union’s data protection efforts. The Article 29 Data Protection Working Party, an independent European advisory body on data protection and privacy, issued an opinion in July, 2011 addressing the consent principles currently in place as well as providing insight into a possible and likely expansion of consent requirements
For full text of the article visit Basic Principles of European Union Consent and Data Protection : Technology Law Source.
- European Commission Vows to Simplify Data Protection (pcworld.com)
Posted by Boris Segalis, May 19, 2011
Summary: On May 16, 2011, EU’s Article 29 Working Party (WP29) adopted an opinion setting out privacy compliance guidance for mobile geolocation services. WP29 is comprised of representatives from the EU member states’ data protection authorities (DPAs), the European Data Protection Supervisor and the European Commission. … Not surprisingly, WP29 has concluded that geolocation data is “personal data” subject to the protections of the European data protection framework, including the EU Data Protection Directive 95/46/EC. The Working Party also determined that the collection, use and other processing of geolocation data through mobile devices generally requires explicit, informed consent of the individual. …
For highlights of the opinion, view the Information Law Group Blog entry:
For full text of the opinion, click on Opinion 13/2011 on Geolocation Services on smart mobile devices [PDF].
- Phone, slab location data ‘is personal’ – EU watchdogs (go.theregister.com)
- E.U. Panel to Propose Tighter Data Protection (nytimes.com)
- Location Data Is Personal and Private Confirms EU Watchdog (pcworld.com)
- EU Data Retention Law Blasted on Privacy Issues (pcworld.com)
- Non-EU Websites Must Operate Under EU Privacy Laws (blogs.wsj.com)
Panel debates ways to update surveillance to new technologies
By Juliana Gruenwald, National Journal, NextGov 02/17/2011
The FBI came to Congress Thursday to outline the problems law enforcement officials are increasingly facing in executing court ordered wiretaps, but did not offer a proposed solution for lawmakers to consider. During a hearing before the House Judiciary Crime, Terrorism and Homeland Security Subcommittee, even critics acknowledged law enforcement faces a problem but there was much debate over what should be done to address it. Under the 1994 Communications Assistance for Law Enforcement Act, telecommunications companies are required to develop and deploy solutions to enable court-ordered wiretaps. …
Full article available via Panel debates ways to update surveillance to new technologies – Nextgov.
- Panel Debates Ways To Update Surveillance To New Technologies (techdailydose.nationaljournal.com)
- Newly Released Documents Detail FBI’s Plan to Expand Federal Surveillance Laws (eff.org)
- Action needed to assure new technology can be wiretapped, FBI says (cnn.com)
- FBI: Web-based Services Hurting Wiretapping Efforts (pcworld.com)
- Debate Over Internet Backdoors Heats Up in Congress and in Court (eff.org)
- FBI, DOJ and DEA Stall Release of Records on Bid to Expand Surveillance Laws (eff.org)
- FBI Pushes for Surveillance Backdoors in Web 2.0 Tools (wired.com)
Consumer Privacy, Energy Use Data, and Trust
Posted January 31, 2011 by Christine Hertzog
Consumer privacy concerns are an important focus of many Smart Grid conversations. Everyone agrees that consumers need to be educated about the entirely new types of energy use data that can be created with Smart Grid technologies. While we must ensure that consumers are aware of their rights and responsibilities regarding energy use data, there is less conversation ongoing about educating utilities and vendors to deploy programs to ensure data privacy, and there are no conversations ongoing about who owns the value of that energy use data. …
For full text of the article via Consumer Privacy, Energy Use Data, and Trust | The Energy Collective.
- Utilities work to prevent privacy backlash over smart grid (theglobeandmail.com)
- Privacy Professor on Smart Grid Privacy Standards (geodatapolicy.wordpress.com)
- Joint Comments on Proposed Smart Grid Privacy Policies and Procedures (geodatapolicy.wordpress.com)
- Why Smart People Are Suspicious of Smart Meters (blogs.forbes.com)
Bruce Schneier, security guru and author of Beyond Fear: Thinking Sensibly About Security in an Uncertain World, calls for U.S. comprehensive data privacy law in his article, “Our Data, Our Selves” (Wired Magazine, May 15, 2008). Nellwal, another data security expert and whistle blower, concurs in the “The Whislter Ear” blog; “[n]ational legislation,” Nellwal comments, “is slow in coming, the court systems are refusing to punish negligent companies that lose consumer data, and the agencies who regulate data protection and trafficking do little if anything to protect us.” See also Schneier’s blog: http://www.schneier.com/blog/
Unfortunately, as a nation, we seem to be complacent about out privacy. When asked, we express the desire to protect our privacy; but in action, we share our information freely for coupons at the grocery store. As individuals, we don’t take the time to question whether we are required by law to provide our information, to evaluate how this information will be used and aggregated, and to consider who will have access to it. When I talk to friends and colleagues about the issue, they frequently presume that our privacy rights are protected under the law and by the courts. After reading court opinions, however, they are shocked. The law has not kept up with technological change, and the courts frequently assume that technological change – “progress” – is always good. Further, the courts do not thoroughly consider cultural, gender, generational or personal differences in what is considered a “reasonable expectation of privacy,” which is often the relevant legal standard by which the courts base their opinions.
As data professionals, we collect more information than we need because we can. Then, we get function creep (e.g., see yesterday’s posting on license plate tracking)! We have lots of data at our fingertips, so we inevitably use it for purposes other than that for which it was originally collected. We need to recognize that the policies we establish to handle data are as important in protecting our information as the technical controls we implement (e.g., Anderson, R., Security Engineering: A Guide to Building Dependable Distributed Systems).
We may have competing values and interests, such privacy, the public’s right to know, free speech, value of public information, demand for convenient access, ease of Internet publication, tools for data mining, integration, and analysis, ability to profile and locate individuals, and the need for emergency management (Holland, W., Tension- Individual Privacy in the Age of the Internet and Insecurity, Fair & Equitable, February 2007, p. 12; see also Regan, P., Legislating Privacy); but, as a society, we need to do a better job of balancing these interests. We must recognize that privacy is a necessary ingredient of autonomy and freedom.
Location / Spatial Privacy
Over the next decade, information collected through RFID and micro/nano-sensor technologies will be analyzed and displayed using geospatial technologies and served up over the Internet (e.g., distributed sensing through Sensor Web), impacting our privacy in new ways.
For a great sociological and legal discussion of privacy as it relates to geospatial information and technology, refer to Michael R Curry’s “Chapter 7: The Digital Individual in a Visible World” in his book Digital Places: Living with Geographic Information Technologies; for a historical perspective, check out Mark Monmonier’s Spying with Maps: Surveillance Technologies and the Future of Privacy. Also see Kevin Pomfret’s discussions on spatial privacy on his blog Spatial Law.
For more on data privacy, also see the following books:
Agre, P., and Rotenber, M., Technology and Privacy: The New Landscape
Albrecht, K. and McIntyre, L., Spychips: How Major Corporations and Government Plan To Track Your Every Purchase and Watch You Every Move
Branscomb, A., Who Owns Information: From Privacy to Public Access
Garfinkel, S., Database Nation: The Death of Privacy in the 21st Century
Holtzman, D., Privacy Lost: How Technology is Endangering Your Privacy
O’Harrow, R., No Place to Hide
Regan, P., Legislating Privacy: Technology, Social Values, and Public Policy
Rule, J., Privacy in Peril
Solove, D., Rotenberg, M., and P. Schwartz, Privacy, Information, and Technology
Solove, D., The Digital Person: Technology and Privacy in the Information Age