European Data Protection Digest

We have a long weekend—and hopefully some good weather—ahead of us, so right now our minds are probably focused more on Easter eggs and chocolate bunnies (in my case also my mother’s lasagna on Sunday) than on data protection developments. Nevertheless, this spring is bound to be a busy one for privacy pros—not that we actually had a dull moment in the past year or so.

At the IAPP, we are working hard to help our members stay on top of things: Our upcoming European Data Protection Intensive will be a great way to kick-start the second quarter of the year. As usual, rendezvous in London for an intense programme, great networking—including our special Privacy Social reception at the Guildhall—and CIPP and CIPM certification training and testing. Preconference workshops are not bad either.

But since he who hesitates is lost, work is already underway also for IAPP Europe’s flagship event, the Data Protection Congress, which will be in Brussels again this year, on 19 and 20 November to be precise. The call for proposals for the Congress is open, and submissions will be accepted until 9 May, so do send us your ideas or feel free to forward the call for proposals link to someone who might be interested.

In the meantime, though, Happy Easter!

Rita Di Antonio
Managing Director
IAPP Europe

Top European Privacy and Data Protection News


EU Ministers Want New U.S. Bank Data-Sharing Deal (February 26, 2010)

EU interior ministers have announced they support negotiating a new agreement with the U.S. on bank data transfers, the EU Observer reports. "We want something for Europe as a whole, an agreement that includes restrictions and allays concerns of the European Parliament," Spanish Interior Minister Alfredo Rubalcaba said at a press conference held Thursday. MEPs voted against the interim SWIFT agreement with the U.S. by a margin of 378 to 196 on February 11, stating the deal violated data protection law. While the U.S. has indicated it could opt for bilateral deals with specific European nations, the Council of Ministers sees such a move as offering fewer data protection guarantees than an EU agreement, the report states.
Full Story


Data Stolen on an Estimated 100,000 Credit Cards (February 26, 2010)

As many as 100,000 credit cards may have been compromised by what is being called one of the largest data breaches in Finland, the Helsinki Times reports. The theft involves the breach of a Helsinki store's computer system, and the stolen data has reportedly been used in other parts of the world. Henry Kylänlahti, the fraud and dispute manager at card payment company Luottokunta, which discovered the breach in January, has said the stolen information will not result in costs to true cardholders, the report states. According to Kylänlahti, store owners are responsible for security in such matters, and in this case, the shopkeeper's information security methods did not meet the standards.
Full Story


MEP Discusses Rejection of Data Deal (February 26, 2010)

Public Service discusses the European Parliament's recent rejection of a financial data-sharing agreement with senior MEP Timothy Kirkhope. Kirkhope heads the British Conservatives and also serves on parliament's Civil Liberties Committee. He says the rejection of the Terrorist Finance Tracking Programme (TFTP), which would have enabled the continued transfer of European citizens' banking data to U.S. officials for counter-terrorism purposes, was less about data protection concerns and more about "the manner in which the Council of Ministers sought to circumvent" the European Parliament, and an "unfortunate air of anti-Americanism." Kirkhope says, "I believe that we have to be realistic in order to counter threats of terror..."
Full Story


ICO: Personal Data Not Properly Valued (February 26, 2010)

People remain one of the biggest challenges to information security. That's according to Deputy Information Commissioner David Smith, who spoke at last week's Human Factors in Information Security Conference in London. Smith said a lack of awareness, training and communication, and a failure to enact protective policies are among the greatest hurdles to information security today, ComputerWeekly reports. Smith added that personal data is not properly valued, which leads to improper management structures and the need for governance. Smith also predicted that data breach notification requirements would be extended across all sectors within three years.
Full Story


Art. 29 WP Wants Reduced Terms for Street View (February 26, 2010)

European data protection officials are urging Google to shorten the period of time it stores images for its Street View online mapping feature, Reuters reports. In a letter to Google Global Privacy Counsel Peter Fleischer, the Article 29 Working Party urges the company reduce the period of time it retains images taken for the application. Street View offers panoramic views of cities and towns and continues to be controversial in parts of Europe, where regulators are concerned about the privacy of those inadvertently captured in photos. Currently, the company retains images for a period of one year. "The Working Party believes that a maximum retention of six months for the unblurred copies of the images would strike the right balance between the protection of privacy and the ability to eliminate false positives," the letter states.
Full Story


Polls Shows British Wary of Gov’t Retention (February 26, 2010)

A recent State of the Nation 2010 poll found that Britons are wary of centralized databases and government monitoring of communications, among other activities. The poll interviewed more than 2,000 adults, 63 percent of whom expressed worry about the government storing data on them, the Christian Science Monitor reports. Fifty-five percent of respondents said they thought it was "bad or very bad" to store medical data on a centralised computer system. The same number said government proposals to monitor and store communications data was a very bad idea. "People are worried by the power of the state," said the director of a democracy campaign. "They want more say in the decisions that affect them, their families and their communities."
Full Story


Company Shares Account Details on More Than 15K (February 26, 2010)

The Information Commissioner's Office (ICO) has found that Redstone Mortgages violated the Data Protection Act by inadvertently e-mailing personal data from 15,333 mortgage accounts to a member of the public. The information, which had not been encrypted and was not protected by a password, had been meant for a consultant, but was sent instead to an individual with a similar e-mail address. In the ICO's announcement of the breach, Sally-Anne Poole states, "It is essential that the right procedure is followed and care is taken when sending out e-mails of this nature. If personal information falls into the wrong hands, individuals could experience considerable distress." The company has agreed that all future reports being e-mailed externally will be password protected.
Full Story


Reaction Rages on Google Convictions (February 25, 2010)

"Stunning," "chilling," and "shear madness" are some of the words being used to describe yesterday's conviction of three Google executives in an Italian court. In nearly 1,000 media stories on the decision so far, politicians, advocates, academia and numerous others have reacted to news that the company's global privacy counsel and two other executives were found guilty of privacy violations for the posting of a disparaging video to the company's video platform site. U.S. Senator John Kerry (D-MA) expressed deep disappointment, saying, "To hold Google employees criminally responsible for the actions of its users is unjust." The American ambassador to Italy said, "We disagree that Internet service providers are responsible prior to the posting for the content uploaded by users." Those convicted will appeal the decision.
Full Story


DPA to Investigate Allegations (February 24, 2010)

The federal privacy commissioner is reportedly planning an investigation into allegations that Deutsche Telekom shared another carrier's customer data, reports TMCnet. CEO Rene Obermann is accused of divulging the data of 16 million T-Mobile Germany customers to the mobile phone retailer The Phone House, according to the report.  
Full Story


Researchers Highlight Risks of Volunteering DNA (February 24, 2010)

Current methods for sharing genetic data for research purposes pose privacy risks to those who have volunteered their DNA, Ars Technica reports. For example, researchers have designed tools making it possible to determine whether or not individuals were present in any given Genome-Wide Association Study (GWAS), as well as exposing whether they belong to a population affected by a particular genetic disorder or if DNA from close family members has been used in the same experiment. With the risk of privacy breaches "likely to increase with the ever-expanding volume of genetic data available," the report stresses that researchers have an obligation to protect the privacy of volunteers in DNA studies.
Full Story


Consumer Affairs Minister Wants Tightened Law (February 24, 2010)

Google plans to launch the German version of its Street View mapping feature by the end of the year, but the German government says more work needs to be done to ensure the privacy of those captured in the online photos, reports Deutsche Welle. Consumer Affairs Minister Ilse Aigner said, "I do not share the company's assessment that all personal data concerns have been resolved." Her staff is consulting with justice ministry officials about tightening legislation, the report states. Street View offers panoramic images of cities and towns. A Google spokesperson said, "We've been discussing privacy issues all over Europe, but here in Germany the intensity of the questions is really impressive."
Full Story


EDPS Releases Opinion on ACTA (February 22, 2010)

European Data Protection Supervisor Peter Hustinx has criticized those involved in an international anti-counterfeiting trade agreement for secretly negotiating a deal that would potentially violate data protection requirements, reports PCWorld. In a statement released  today, Hustinx said, "Intellectual property is important to society and must be protected [but] it should not be placed above individuals' fundamental rights to privacy and data protection." According to a leaked portion of the draft agreement, negotiators plan for ISPs to monitor network content in an effort to crack down on piracy. Hustinx suggests "less intrusive solutions" and calls on the EU to "implement appropriate safeguards to all data transfers made in the context of ACTA."
Full Story


Schaar: Social Network Comes under German Law (February 22, 2010)

Facebook has opened shop in Hamburg, which means it can face prosecution in Germany for privacy violations, Germany's data protection commissioner said on Saturday. The Local reports that Commissioner Peter Schaar told Deutschlandradio that Germans now have legal protection from the unwanted use of their personal data. However, Schaar stressed that Facebook users are responsible for what they post. He advises them to read the site's terms and conditions.
Full Story


Predictably Predictable (February 22, 2010)

Northeastern University researchers used the cell phone billing data of 50,000 Europeans to determine people's predictability. National Public Radio reports on the work of Professor Laszio Barabasi, who says the researchers did not have subscribers' names, phone numbers or characteristics, other than the location data their phones sent to towers. The study found that people are extremely predictable. It is one example of an emerging field of social science research that relies on data from major carriers. The results of such projects are expected to aid public policy. A U.S. House subcommittee will hold a joint hearing on the use of location data for commercial purposes on Wednesday.
Full Story


Parliament Approves Amended Act (February 19, 2010)

Bulgaria's Parliament approved the second reading of amendments to the Electronic Communications Act after concessions were made to quell privacy concerns, reports the Sofia Echo. Under the amended act, police will be able to access citizens' communications data related to computer crimes and crimes that carry a minimum jail sentence of five years, the report states. The amended act also specifies data retention and destruction terms. Privacy advocates have criticized the bill, describing it as a "backdoor" for the Interior Ministry to access personal communications data. Under the amendments, a parliamentary committee will oversee data access procedures, and the Commission for Personal Data Protection will submit an annual report to Parliament and the European Commission.
Full Story


New Bank Data Sharing Talks Underway (February 19, 2010)

In the wake of the European Parliament's decision on February 11 to strike down the SWIFT bank data transfer agreement, officials from the European Commission and the U.S. are now meeting in Washington, DC to begin discussing a long-term agreement, the European Voice reports. While U.S. officials contend that sharing the data will assist in the fight against terrorism, the temporary agreement had raised concerns from Members of Parliament and privacy advocates alike. MEPs ultimately voted 378 to 196 against the SWIFT deal, stating it violated "the basic principles of data-protection law." Cecilia Malmström, the European commissioner for home affairs, says that for a long-term data-sharing agreement to move forward, "very ambitious safeguards for privacy and data protection" must be included.
Full Story


Customer Data Stolen from Defunct Travel Company (February 19, 2010)

Gardaí are investigating the theft of a memory stick containing information on an estimated 90,000 customers of Budget Travel, a company that went into liquidation last year, the Irish Times reports. Simon Coyle, the company's liquidator, confirmed that "tens of thousands" of customer details--including names and e-mail addresses--were stored on the portable memory device, which was taken during a theft from the company's Dublin headquarters, the report states. Deputy Data Protection Commissioner Gary Davis, who confirmed the theft was reported shortly after it occurred on February 1, has said there does not appear to be a risk of identity theft related to the incident because there were no financial account details on the device.
Full Story


Internet Filtering, DNA and CCTV Law Moves Forward (February 19, 2010)

French lawmakers have voted to approve a draft law related to filtering Internet traffic, extending access to the national DNA database and increasing the use of CCTV cameras, CIO reports. The "Bill on direction and planning for the performance of domestic security," which will now move forward to a second and final reading, includes filtering provisions aimed at stopping the spread of child pornography. The bill has been described as a "mishmash of unrelated measures" as it also includes provisions for extending police access to France's DNA database, criminalizing online identity theft and allowing police to tap Internet connections and phone lines during investigations.
Full Story


Equality and Human Rights Commission Says Scanners May Be Illegal (February 19, 2010)

The Equality and Human Rights Commission has written to Transport Secretary Lord Adonis warning that the use of airport body scanners in the UK could be illegal, BBC News reports. The commission contends that graphic images of passengers could have serious privacy implications for specific groups, including children as well as the disabled and transgendered, while also breaking discrimination law. A Department for Transport spokesperson has said that passengers selected for screening would not be chosen because of any personal characteristics, noting, "We are currently carrying out a full equalities impact assessment on the code of practice, which will be published shortly when we begin a public consultation on these issues."
Full Story


Privacy Concerns Prompt Buzz Revamp (February 19, 2010)

Facing criticism about user privacy, Google is reworking its Buzz social networking service, The Times reports, including a function to turn off specific features. "People thought that we were publishing their e-mail addresses and private information, which was not true," says Google Chief Executive Eric Schmidt. "It was our fault that we did not communicate that fact very well, but...nobody's personal information was disclosed." Meanwhile, a U.S. law firm has filed a class-action suit alleging Buzz violates privacy rights. Canadian and U.S. authorities have raised concerns about privacy in the days since Buzz was first launched, and the UK Information Commissioner's Office (ICO) has confirmed it will investigate any complaints.
Full Story


Bulgarian Companies Solicit Excessive Personal Data, Commission Says (February 19, 2010)

Bulgarian companies continue to collect more personal data than absolutely necessary, the Sofia Echo reports. Venete Shopova, the chairperson of the Bulgarian Commission for Personal Data Protection (CPDP) points to violations of the Bulgarian law prohibiting the photocopying or scanning of ID documents as an example. "We have had a long battle over this, but it still continues." Shopova says the electronic card system for public transport is another example of excessive data collection. The system asks all passengers to fill out a health-related data form, regardless of whether or not they have physical handicap needs.
Full Story


VsZP Apologises for Breach, Faces Fines (February 19, 2010)

The Personal Data Protection Office is inspecting the information systems of state-run health insurer Vseobecna Zdravotna Poistovna (VsZP) after the company posted the personal identification numbers of 8,500 clients on its Web site, reports the TASR news service. If the inspection reveals that VsZP violated the Data Protection Act, it could face fines up to 330,000 euro, according to a data protection office spokesperson. A VsZP spokesperson described the incident as "an unfortunate mistake."
Full Story


Mobile Location-Based Services Spark Privacy Concerns (February 19, 2010)

Frost & Sullivan's recent study "Context and Communities: The Evolution of the Mobile Location-based Services in Europe" has brought to light challenges for mobile marketing, including concerns about privacy protection, DMA reports. After reading the report, one expert noted that for consumers to adopt them, mobile location-based services must be "transparent from the point of view of pricing, data privacy and security." European Data Protection Supervisor Peter Hustinx points out that when it comes to data privacy and security, it is the duty of those involved in processing and using information to safeguard it.
Full Story


Lights on, Nobody Home (February 19, 2010)

The creators of a new Web site called say they are not trying to encourage burglary, rather, they want to raise awareness about locational privacy, reports InformationWeek. The site aggregates social media data to create a clearinghouse of who's home and who's not home. "The danger is publicly telling people where you are," site co-founder Frank Groeneveld wrote on his blog. "This is because it leaves one place you're definitely not...home."
Full Story


E-Health Privacy Concerns Abound (February 17, 2010)

Privacy concerns are a key factor slowing the deployment of e-health across Europe, the EU Observer reports. Most recently, Germany decided to postpone enacting its national e-health smart card due to concerns of security and confidentiality. European Network and Information Security Agency (ENISA) risk management expert Barbara Daskala says that taking time to implement e-health has benefits when it comes to addressing privacy and data protection concerns. "E-health services have a lot to offer of important benefits for citizens and society in general, there is no doubt about that," Daskala notes. "However, it is still a controversial area in the sense that it may also pose many important risks that need to be addressed, preferably before its massive deployment."
Full Story


Orange Says “Case Closed” on Breach (February 17, 2010)

Customers of a telecommunications provider are unhappy with the company's response to their complaints about a data breach, ComputerWeekly reports. Orange has acknowledged the incident, which inadvertently exposed more than 1,100 UK subscribers' e-mail addresses. The company also notified the Information Commissioner's Office about the breach. In response to complaints, an Orange executive sent e-mails to customers stating that a full investigation had been completed and that "we consider that this matter does not constitute a breach in the network terms by Orange, as such, no further action is deemed necessary and your case has now been closed." Orange also refused one customer's request to be released from his contract, saying it was unjustified.  
Full Story


Police Investigating Street View Image (February 16, 2010)

Finnish police are investigating whether Google's Street View mapping feature has breached privacy legislation, reports Agence France-Presse. Street View launched in Finland last week, offering panoramic images of cities and towns. A Raahe police sergeant confirmed that the department initiated a criminal investigation on Thursday at the request of a resident who was captured in one of the photographs taken for the feature while seated in the garden of a private residence last summer. It is the first investigation of its kind in Finland, according to the report. Police will determine whether Google violated unauthorized surveillance and privacy laws.
Full Story


Yahoo Teams with Nectar on Opt-In Program (February 16, 2010)

Yahoo and Nectar have teamed up on a behavioural targeting program that will link customers' offline and online shopping data, reports OUT-LAW.COM. The Customer Connect program will link the two companies' databases to help advertisers determine which adverts to display to particular users. "For the first time UK advertisers will have a simple way to track offline sales from online advertising campaigns," Yahoo managing director Mark Rabe told the Financial Times. Users must opt in to the program to begin receiving the targeted ads. According to reports, 20,000 have signed up.
Full Story


ICO Draft Code Says New Powers Will Not Result in Automatic Fines (February 16, 2010)

The Information Commissioner's Office (ICO) has announced that while it does not plan to use its new power to levy fines for data protection law breaches if the incidents are discovered during one of its audits, organisations could face fines of up to £500,000 if breaches are not resolved in a timely manner, OUT-LAW.COM reports. "My audit team is developing a risk-based approach to help us focus on those organisations...where complaints are significant and where business intelligence highlights the risk of failure," says Information Commissioner Christopher Graham, explaining that in some cases, audits will be compulsory rather than voluntary. The ICO is currently accepting input on its draft Code of Practice.  
Full Story


Police Investigating Tax System Breach (February 16, 2010)

Police are investigating a breach of Latvia's State Revenue Service (VID), according to an Earthtimes report. VID said yesterday that its electronic security systems may have been breached, possibly exposing seven million confidential documents from its tax declaration system. It is believed to be the largest data breach in Latvia's history. A group of hackers claims that a senior tax official is responsible for exposing the system's vulnerability.
Full Story


New Anti-Spam Guidelines Clarify Enforcement (February 12, 2010)
The Dutch regulatory authority for telecommunication and postal markets (OPTA) has published new policy guidelines for enforcement of anti-spam regulations, according to a Norton Rose report.


Tax Dodgers Surrendering after Germany’s Decision to Buy Stolen Bank Data (February 12, 2010)
In the wake of Germany's decision to purchase stolen Swiss bank account data, tax authorities and lawyers are reporting being contacted by Germans with an estimated €200 billion in undeclared funds seeking to avoid criminal prosecution, Reuters reports.


ICO Finds Labour Party Calls Breached Privacy Law (February 12, 2010)
The Information Commissioner's Office (ICO) has determined that the Labour Party's 500,000 unsolicited phone calls during last year's elections were against the law, The Guardian reports.


Company Inadvertently Shares Hundreds of E-mail Addresses (February 12, 2010)
A telecommunications provider inadvertently released the e-mail addresses of 300 UK subscribers, The Register reports.


Half Million Would Have Access to Database (February 12, 2010)
Privacy advocates are concerned about proposals to establish a new agency that would manage member states' data. The concerns follow the recent revelation that hundreds of thousands of terminals across the EU would have access to private data on the Schengen Information System (SIS), The Guardian reports.


Chairman: ISA Staff Will Protect Data (February 12, 2010)
The chairman of the Independent Safeguarding Authority (ISA) has assured that the personal data of British citizens will be well protected by the ISA, reports The Register.


Parliament Rejects SWIFT Data Accord (February 12, 2010)
The European Parliament has rejected an agreement to share bank transfer data with the U.S., reports European Voice. In a 378-196 vote in Strasbourg yesterday, MEPs said no to the deal, which would have allowed U.S. Treasury officials to continue accessing data from the Society for Worldwide Interbank Financial Transactions (SWIFT) for counter-terrorism purposes.


Parliamentary Committee Takes on Cloud Computing (February 12, 2010)
The All-Party Parliamentary Committee discussed the data protection issues associated with cloud computing in Smith Square this week, reports


Code of Practice Released in Response to Body Scanners (February 12, 2010)
The British Department of Transport has published temporary guidelines to safeguard travelers' privacy. The guidelines come in response to two UK airports' February implementation of body scanners, the Hunton and Williams Privacy and Information Security Law Blog reports.


EC Seeks Public Opinion on EU-U.S. Data Sharing in Law Enforcement (February 12, 2010)
The European Commission (EC) launched a public consultation January 28 concerning a possible future agreement between the European Union and United States on personal data protection and data sharing for law enforcement purposes.


Social Networks Urged to do More to Protect Kids (February 12, 2010)
The European Commission (EC) recently analysed the policies of 22 social networking sites to determine how protected minors are online, reports.


Anti-Piracy Group Sues ISP (February 12, 2010)
The outcome of a trial that began in Italy this week could have ramifications on the privacy of Internet users. The San Francisco Chronicle reports that a major anti-piracy organization is suing Telecom Italia for failing to prevent customers from illegally downloading copyright material.


DPA Launches Inspection Plan for Early 2010 (February 12, 2010)
Direct telemarketers, financial institutions and healthcare organizations will receive the most attention from the Italian Data Protection Authority (IDPA, or Garante) based on its inspections schedule through July of this year.


Seek Legal Counsel before Moving to Cloud, Department Says (February 12, 2010)
The Department of Finance has sent an e-mail to government departments and public-sector bodies warning them to seek legal advice before purchasing cloud computing services, the Irish Times reports.


Police Plan to Use Stop-and-Search Powers for 2012 Olympics (February 12, 2010)
Police are proposing to use an anti-terror provision during the 2012 London Olympics that has been deemed unlawful by the European Court of Human Rights, The Times reports.


Seek Legal Counsel before Moving to Cloud, Department Says (February 12, 2010)
The Department of Finance has sent an e-mail to government departments and public-sector bodies warning them to seek legal advice before purchasing cloud computing services, the Irish Times reports.


EC Updates Model Clauses (February 9, 2010)
European companies will have to use new standard clauses in contracts controlling overseas data transfers as a result of a decision adopted by the European Commission (EC) last week, OUT-LAW.COM reports.


Official Wants Clearer Privacy Lines on Street View (February 9, 2010)
German Consumer Minister Ilse Aigner wants more privacy safeguards for Google's Street View, calling it a "million-fold violation of the private sphere," The Local reports.


“Everybody Can Be Tracked, Everybody Will Be Tracked” (February 8, 2010)
The San Francisco Chronicle reports on marketers' growing use of technologies to discern more about customers and prospective customers. Cameras within grocery store monitors, radio frequency identification (RFID) on shopping carts and billboards that target ads using publicly available data, among other methods, have arrived.


MEPs Reject Deal to Share Bank Data with U.S. (February 5, 2010)
Parliament's Civil Liberties Committee has rejected a deal, which came into force temporarily on Monday, that allowed bank data from the Society for Worldwide Interbank Financial Transactions (SWIFT) to be shared with the U.S., the Times Online reports.


Despite Concerns, Germany Will Buy Stolen Bank Data (February 5, 2010)
Despite privacy concerns voiced by many officials including the data protection commissioner, Finance Minister Wolfgang Schaüble has announced the government will purchase the financial data on some 1,500 individuals with Swiss bank accounts, TIME reports.


Court of Justice Tells Sweden to Comply (February 5, 2010)
The European Court of Justice has told Sweden it must implement the European Union's Data Retention Directive, but Justice Minister Beatrice Ask has said the government will not take action on the issue prior to this autumn's general election, The Local reports.


Dunnes Stores Appeals DPC Biometrics Order (February 5, 2010)
In the first legal action of its kind, Dunnes Stores has lodged a circuit court appeal of the Data Protection Commissioner (DPC) enforcement order requiring the company to provide its staff with an opt-out for the hand-scanning devices it uses to monitor attendance, Times Online reports.


EDPS Adopts Opinion on Aviation Investigations (February 5, 2010)
European Data Protection Supervisor Peter Hustinx adopted an opinion related to the data protection aspects of civil aviation accident investigations yesterday. The European Commission has proposed updated rules for such investigations.


Mayor Will Challenge Privacy Decision (February 5, 2010)
The mayor of a large Nicosia suburb says he will challenge the personal data commissioner's decision to prohibit the city from photographing vehicles that are illegally parked, reports Cyprus-Mail.


Scotland Official Wants Ban on Memory Sticks (February 5, 2010)
After recent data breach incidents involving National Health Service (NHS) Lothian and city council memory sticks, one official wants to see a ban on the devices, the Scotsman reports.


Federal Network Agency Fines Companies €500,000 (February 5, 2010)
The German Federal Network Agency has fined companies a total of €500,000, marking the first time it has imposed sanctions for breaching the prohibition on unauthorized telephone advertising and the caller ID requirement for marketing calls, Hunton & Williams' Privacy and Information Security Law Blog reports.


Home Office’s New Unit Looks to Expand Internet Surveillance (February 5, 2010)
The Home Office's new Communications Capabilities Directorate (CCD) will oversee increased Internet surveillance and implement the £2bn Interception Modernisation Programme (IMP), The Register reports.


Spanish DPA Launches Privacy Compliance Web Tool (February 5, 2010)
The Spanish Data Protection Agency (AEPD) has launched a program to help companies and individuals determine their compliance with the nation's Organic Data Protection Act.


Prevalence of Automatic Numberplate Recognition Raises ICO Concerns (February 5, 2010)
Police in England and Wales have confirmed they are feeding as many as 14 million reads per day from more than 10,000 ANPR-enabled cameras to a national database, a report published in The Register states.


Phishers Target Carbon Market (February 5, 2010)
A phishing attack on the international carbon market temporarily halted emissions trading in a number of EU countries this week. The BBC reports that an estimated 250,000 permits worth more than €3 million were stolen.


New Tribunal Publishes Guidance on ICO Appeals (February 5, 2010)
The First-tier Tribunal has published guidelines on how to appeal Data Protection and Freedom of Information Act notices, reports.


ATL to Improve Info Security after Breach (February 5, 2010)
The ICO has found the Association of Teachers and Lecturers (ATL) in breach of the Data Protection Act after a laptop and memory stick containing personal information on more than 6,000 union members were reported missing.


Privacy Questions Continue as Airport Scanner Implementations Move Forward (February 5, 2010)
With advanced imaging technology (AIT) scanners now in operation at the UK's Heathrow and Manchester airports, European privacy advocates continue to raise concerns.


Building Society Data Breach Affects 3,115 Customers (February 5, 2010)
The UK's fourth largest building society has apologised to its customers in the wake a January data breach involving thousands of its accountholders, the Financial Times reports.


IAB to Roll out Icon (February 4, 2010)
OUT-LAW.COMa reports that Britain's online advertising trade body, the Interactive Advertising Bureau (IAB), will roll out a global icon intended to alert Internet users to the presence of targeted ads.


The Horizon for Google in Europe (February 2, 2010)
The New York Times reports that Google's recent troubles with China may prove to be less problematic than those the company will face in Europe.


Rewrite of 1995 Law Will Focus on Privacy in the Digital Age (February 1, 2010)
Incoming EU Justice Commissioner Viviane Reding has announced plans to strengthen the 1995 Data Protection Directive to include requirements that new technologies and processes include privacy by design, reports. "I have had many opportunities to see the impressive power of innovation of information society and the creation of exciting and promising new products and services. Unfortunately, privacy and the protection of personal data were not always a key ingredient at the early development stage of these products and services," Reding said, calling for that to change. Privacy concerns related to new technology range from street-level mapping to social networking to the use of Internet searches by potential employers to gather information on job candidates.
Full Story


EPIC Names International and U.S. 2010 Privacy Champions (February 1, 2010)
EPIC has announced it will present the 2010 International Privacy Champion Award to the Honorable Michael Kirby for his role in the development of the OECD Privacy Guidelines of 1980, which have provided the basis for national laws, international agreements and privacy frameworks around the world. "The international privacy community owes Justice Kirby a huge debt for his critical role working with leading experts from North America, Europe and Asia to develop the guidelines," said Canadian Privacy Commissioner Jennifer Stoddart. EPIC's 2010 U.S. Privacy Champion Award went to Beth Givens, founder and director of the Privacy Rights Clearinghouse in San Diego, California.
Full Story