Posted in May 2013


The Transatlantic Divide Over Data Privacy Rights

The following exchange occurred during a conversation between a representative of a U.S. technology company and a European data protection authority (DPA):

Company representative: Your data protection law is making it impossible for us to offer our technology in Europe!

DPA: It is your technology that has to adapt to our legal system, not the other way around!

The question of whether legal requirements should determine how technology and business models are structured, or whether the law should bend to technological and business imperatives, is at the root of the many of the differences between the EU and U.S. approaches to data privacy. And the differing status of privacy as a constitutional or human right underlies how this question is dealt with in the two systems.

More from Christopher Kuner


The Art of Turning Discarded Chewing Gum Into Your Portrait

By Jedidiah Bracy, CIPP/US, CIPP/E

Think of how much of ourselves we leave behind in public: A piece of chewing gum here. A strand of hair there. For smokers, perhaps a littered cigarette butt.

No big deal, right? Well, maybe the littering…

But what if someone could take your mundane, discarded items—filled with tiny strands of DNA—and turn them into a portrait of you?

More from Jedidiah Bracy


“Going Dark” vs. “Going Secure” New CDT Experts’ Report on CALEA II

By Peter Swire, CIPP/US

According to press reports, the FBI is close to persuading the rest of the Obama administration to support major changes to the Communications Assistance to Law Enforcement Act of 1994 (CALEA).  A major new report of technical experts released this week concludes: “Requiring software vendors to build intercept functionality into their products is unwise and will be ineffective, with the result being serious consequences for the economic well-being and national security of the U.S.”

Until now, CALEA has applied to telephone services and software and has required that they be “wiretap ready,” so that a wiretap court order can be carried out successfully. Under the new proposal, this “wiretap ready” requirement would apply far more broadly, to peer-to-peer VoIP (voice over Internet protocol) systems—the many types of software and services that allow direct, peer-to-peer communication.  Examples range from instant messaging and chat to Skype to Google Hangouts to Xbox Live.

More from Peter Swire


Did We Get The Right Privacy Tort?

As Canadian privacy professionals will know, 2012 saw a significant development in Canadian tort law with respect to privacy. While some lower courts have recognized an “invasion of privacy” tort or said there might be one, higher courts refused to countenance the existence of such a tort until the Ontario Court of Appeal did so in Jones v. Tsige.

More from Michael Power


Will the Right To Be Forgotten Lead to a Society That Was Forgotten?

The “right to be forgotten,” a fundamental part of the proposed reforms to the EU’s data protection legislation, is being watched closely by professionals in the archives world. From a bird’s eye view, this proposal would have an undeniable effect on the preservation of the individual and collective memory of society.

Although the rationale and intent of the proposal is based on increasing concerns over the impact of rapidly advancing and intrusive technologies on the lives of people, the implications for the appraisal, selection and preservation of records containing personal data over time are very real and will need to be carefully considered. This proposal must be reviewed with the understanding that archival records—records of enduring administrative, legal, fiscal, cultural, historical and intrinsic value—represent the essence of a society and provide glimpses into the past and lessons for future generations.

More from Cherri-Ann Beckles

From the Toolbelt

The ABCs of BCRs


Prior to commencing my employment in 2012, my employer decided to enhance their data protection program with the EU-U.S. Safe Harbor certification, but then the European Commission published new privacy reforms. Upon hire, my primary directive was to decide between Safe Harbor and Binding Corporate Rules (BCRs).

More from K Royal


When Someone Goes All Crazy on You and Spams Your Online Profile With Nastiness

By Jedidiah Bracy, CIPP/US, CIPP/E

Last week I discussed the concept of the “digital tattoo” and how our online footprint can have lasting effects—for better or worse. Well, teens and others who were liberal with their use of Snapchat may be scrambling today as news comes out that the app’s 10 seconds-or-less deletion feature may be saving photos directly on the user’s phone. Uh-oh. Here’s what in Utah is reporting:

Orem-based firm Decipher Forensics said it has derived a method to extract the supposedly no-longer-viewable images and pass them on to parents, lawyers and law enforcement.

“The actual app is even saving the picture,” said Richard Hickman, a digital forensics examiner. “They claim that it’s deleted, and it’s not even deleted. It’s actually saved on the phone.”

More from Jedidiah Bracy