European Data Protection Digest

We have a long weekend—and hopefully some good weather—ahead of us, so right now our minds are probably focused more on Easter eggs and chocolate bunnies (in my case also my mother’s lasagna on Sunday) than on data protection developments. Nevertheless, this spring is bound to be a busy one for privacy pros—not that we actually had a dull moment in the past year or so.

At the IAPP, we are working hard to help our members stay on top of things: Our upcoming European Data Protection Intensive will be a great way to kick-start the second quarter of the year. As usual, rendezvous in London for an intense programme, great networking—including our special Privacy Social reception at the Guildhall—and CIPP and CIPM certification training and testing. Preconference workshops are not bad either.

But since he who hesitates is lost, work is already underway also for IAPP Europe’s flagship event, the Data Protection Congress, which will be in Brussels again this year, on 19 and 20 November to be precise. The call for proposals for the Congress is open, and submissions will be accepted until 9 May, so do send us your ideas or feel free to forward the call for proposals link to someone who might be interested.

In the meantime, though, Happy Easter!

Rita Di Antonio
Managing Director
IAPP Europe

Top European Privacy and Data Protection News

PRIVACY—EU

Assistant EDPS Discusses Key Issues (December 23, 2010)

Diritto&Internet has published an interview with European Data Protection Assistant Supervisor Giovanni Buttarelli. When it comes to draft German legislation to regulate employers' collection of online information about job applicants, Buttarelli explained, "Up to now we have worked with very general criteria of transparency and accuracy, with the obligation to inform and with the evaluation of the principle of incompatibility and purpose, but these criteria are no longer sufficient because practices may be widely varied today." Buttarelli also offers insight on an array of other current privacy issues, including geolocation, social networking, company accountability and privacy by design.
Full Story

DATA PROTECTION—EU & U.S.

Envoy: Agreement Moving Ahead (December 23, 2010)

U.S. Ambassador William Kennard disagrees with European Commissioner Viviane Reding's comments that the U.S. is not committed to a data protection agreement, European Voice reports. The EU and the U.S. agreed earlier this year to negotiate a framework regulating the exchange of personal data. Following a meeting in Washington, DC, earlier this month, Reding said the U.S. "did not seem ready to advance on data protection," stating she expects to know who the U.S. chief negotiator will be before the end of the month to "seriously start the talks." Kennard said the U.S. needs to better understand what EU negotiators want in the agreement to decide who should represent the U.S.
Full Story

PRIVACY LAW—EU

Parliament to European Commission: Protect Privacy (December 23, 2010)

OUT-LAW News reports on the European Parliament's call for stricter online advertising rules giving Web users more control of their privacy. The European Parliament has adopted a resolution asking the European Commission to introduce rules requiring Internet companies to disclose behavioral advertising and give users the right to opt out, expressing "serious reservations about the use of sophisticated technologies in advertising systems to track users' activity." Parliament is calling on the commission to "update, clarify and strengthen its guidelines on the implementation of the Unfair Commercial Practices Directive," the resolution states, and create a labeling system based on the European Privacy Seal "certifying a site's compliance with data protection laws."
Full Story

PRIVACY LAW—ITALY

Garante Issues Multiple Orders (December 23, 2010)

Italy's Data Protection Authority (Garante) has issued an array of orders related to privacy issues ranging from sharing information on disabled persons online to companies' use of geolocation services to track employees. In one case, the Garante has issued a €40,000 fine for the publication of information on 4,500 disabled individuals on an institutional Web site. Other rulings issued by the Garante are related to parental access of minor children's health records, the use of geolocation services to track employees without their notice or consent and the requirements for registering data in the Banking Information System (SIC).
Full Story

DATA LOSS—UK

Patient Data Compromised (December 23, 2010)

Calderdale and Huddersfield hospital foundation trust has written to 1,500 patients after the theft of a computer containing their personal details, the Guardian reports. The trust has also notified local police about the theft and reports it has increased its security precautions. "At the end of November it was found that part of an electromyography (EMG) machine, a computer which drives it, had been taken from a locked office in the neurophysiology department at Calderdale Royal Hospital," a hospital spokesperson said, noting such patient information as names and dates of birth was included on the password-protected computer.
Full Story

SURVEILLANCE—UK

Schools Expand CCTV Use (December 23, 2010)

TES Connect reports that schools are expanding their use of CCTV beyond student monitoring and are also using the technology to check in on teacher performance and watch such spaces as lavatories and changing rooms. A report by the Information Commissioner's Office has found that video surveillance has moved beyond security, noting, "it is apparent that some schools have not understood their new regulatory responsibilities...These issues are only likely to intensify with new uses for cameras in education, such as the remote-operated Webcams on laptops provided for pupils' home use in the U.S." Deputy Information Commissioner David Smith said "constant filming and sound recording is unlikely to be acceptable unless there is a pressing need."
Full Story

ONLINE PRIVACY

Study Finds Apps Are Watching, MMA Calls for Guidelines (December 23, 2010)

Your smartphone may be intelligent--knowing all about your contacts, locations and other information--but it is not good about keeping that knowledge to itself. That's according to a report in The Wall Street Journal that found about half of smartphone apps studied share users' personal information "widely and regularly." The investigation determined that apps share such information as unique IDs, phone location and even gender or other personal details without users' knowledge or consent, the report states. The Mobile Marketing Association is now calling for guidelines to better protect users from "intrusive tracking technologies." (Registration may be required to access this story.)
Full Story

DATA LOSS

Business Cloud Service Breached (December 23, 2010)

Computerworld reports a breach of address book data belonging to customers of Microsoft's Business Productivity Online Suite (BPOS) Standard occurred in the company's data centers in North America, Europe and Asia. The company has stated that the issue was resolved within two hours of being discovered, noting that "a very small number" of illegitimate downloads occurred and it is "working with those few customers to remove the files." A configuration issue made it possible for other customers in the service to download "Offline Address Book information...in a very specific circumstance," Director of BPOS Communication Clint Patterson said.
Full Story

ONLINE PRIVACY

EFF Co-Founder on Privacy in the Internet Age (December 22, 2010)

On the heels of recent privacy efforts by the U.S. Federal Trade Commission, Commerce Department and technology companies from across the globe, the BBC has published a dialogue with Electronic Frontier Foundation (EFF) Co-founder John Perry Barlow on changes to privacy in this online age and the battle between what governments and organizations know about individuals. Perry Barlow also weighs in with thoughts on how several global corporations do business with regard to privacy and transparency. Individual privacy is eroding, he suggests, adding that it is not "safe to have a world where the individual has no privacy and the institutions go on being private."
Full Story

PERSONAL PRIVACY

Study: Education Lacking on Smart Meters (December 21, 2010)

When it comes to smart meters, consumers are not being adequately informed about their capabilities and the way they will affect privacy. That's according to a new Ponemon study, "Perceptions about Privacy on the Smart Grid," which polled 509 U.S.-based adults and found that 54 percent of those surveyed did not receive information about or know they had a smart meter until after installation. Smart meters will measure home energy usage, in some cases down to the appliance level. The privacy concerns consumers noted were misuse of personal information by the government (53 percent) and failure to protect personal information.
Full Story

ONLINE PRIVACY

Internet Identities Have Nowhere To Hide (December 21, 2010)

In a report for The New York Times, Jenna Wortham retells a personal experience where a stranger tracked her online using her various Internet profiles to ask the question, "As digital identities become increasingly persistent across the Web, is it still possible to reinvent oneself online?" As one expert points out in the report, "As we casually go about our business, we are leaking all kinds of data that someone can piece back together." The report looks at entrepreneurs trying to build "some layers of anonymity back into the Web" and suggests the possibility that "the demands of a digital lifestyle have set a larger cultural transition into motion." (Registration may be required to access this story.)
Full Story

ONLINE PRIVACY

Navigating Permission Requirements Across Borders (December 20, 2010)

"Privacy and data protection have been major talking points throughout 2010," The Next Web reports in a review of data protection issues of the past year and the ongoing struggles of aligning privacy and permission with regulations that vary from state to state, nation to nation and continent to continent. The report looks at differences in privacy regulation from the U.S. to the EU and beyond. For social networks and online companies, one of the key challenges is "there is no global privacy law," and even with privacy policies "already longer than the U.S. Constitution," the report questions, can such sites "cater to the hundreds of different laws across the lands?"
Full Story

PERSONAL PRIVACY—GERMANY

Olympic Committee: Whereabouts Rule is Fair (December 17, 2010)

The general director of Germany's Olympic Committee has dismissed concerns from privacy groups that the national anti-doping agency's whereabouts rule violates athletes' privacy, TimesLive reports. The rule requires that athletes inform the German Anti-Doping Agency (NADA) of their locations so that they may be available for random tests. One privacy advocate questioned the legality of the requirement and described it as an "intolerable invasion of their privacy." But Olympic Committee General Director Michael Vesper said, "The athletes submit themselves voluntarily to the system in order to exercise their sport under fair conditions."
Full Story

GEO PRIVACY—UK

Police Requests for Oyster Card Data Up (December 17, 2010)

Chairman of the London Green Party, Noel Lynch, is calling for privacy safeguards in response to figures showing that the Met Police requested 6,074 records from Transport for London (TfL) through October of this year, reports BBC News. This number is up from 5,619 in 2009, and many of the requests are for data from Oyster smartcards. A TfL spokesperson said, "requests for information on the Oyster system are subject to strict rules and procedures. Each request must relate to a specific police investigation." But Lynch argues, "while this information may have a role to play as an investigative tool...it is vital that there are rigorous safeguards to protect people's privacy."
Full Story

SOCIAL NETWORKING

Facial Recognition Coming to Facebook (December 16, 2010)

Facebook in the coming weeks will release a "tag suggestion" feature that uses facial recognition software to let users automatically identify friends in photos, The Sydney Morning Herald reports. The feature will be rolled out to U.S. users first. In describing the new offering on the company's blog, Facebook engineer Justin Mitchell said, "If for any reason you don't want your name to be suggested, you will be able to disable suggested tags in your privacy settings."
Full Story

DATA THEFT

Feds Find Common Link in McDonald’s Data Theft (December 16, 2010)

More details have emerged in the theft of McDonald's customer data. The Register reports that U.S. Federal Bureau of Investigation (FBI) agents are looking into similar events that may have originated with a marketing services provider based in Atlanta, GA. FBI special agent Stephen Emmett said, "The breach is with Silverpop (Systems), an e-mail service provider that has over 105 customers." Emmett added that the breach "appears to be emanating from an overseas location."
Full Story

PRIVACY LAW—U.S.

Commerce Report Calls for Privacy Office, Federal Breach Notification Standard (December 16, 2010)
The Commerce Department released its online privacy green paper today, National Journal reports. The report calls for the creation of a Commerce Department privacy office and recommends a federal data breach notification law that would preempt state laws. "A comprehensive national approach to commercial data breach would provide clarity to individuals regarding the protection of their information throughout the United States, streamline industry compliance and allow businesses to develop a strong, nationwide data management strategy," the report states. The paper also recommends the development of Fair Information Practice Principles. The department is soliciting comments on the paper.

BEHAVIORAL TARGETING—EU

Parliament Approves Resolution (December 16, 2010)

The European Parliament on Wednesday approved a resolution calling for increased attention to targeted advertising on the Internet, The Sofia Echo reports. The resolution calls for consumers to receive clear and comprehensive information about how their data are collected and used, the report states, adding that the data should be used "only by explicit agreement by the consumer." The resolution also calls for special protections for children and the creation of an advertising literacy program. "We must reflect upon some very simple values: respect for privacy, protection of the most vulnerable, because we know very well that children are among the most vulnerable to 'behavioral advertising,'" the resolution states.
Full Story

PRIVACY LAW—EU

EC Asks UK About Fingerprinting (December 15, 2010)

The European Commission, acting on the concerns of the Article 29 Working Party, wants to know more about Britain's collection of schoolchildren's fingerprints, The Telegraph reports. More than 3,000 schools in the UK are using fingerprint technology to deduct students' lunch payments and loan books, for example. In a letter to British authorities, the commission wrote, "We should be obliged if you could provide us with additional information both regarding the processing of the biometric data of minors in schools, with particular reference to the proportionality and necessity in the light of the legitimate aims sought to be achieved, and the issue concerning the availability of judicial redress."
Full Story

DATA THEFT—IRELAND

More Details on GAA Breach (December 14, 2010)

More details have emerged about the Gaelic Athletic Association (GAA) data exposure involving the personal information of more than 500,000 members. The Journal reports that a former employee of a company that ran the GAA database was arrested in connection with the stolen data but was released without charges. The thief sent copies of the GAA's member database to Ireland's data protection commissioner and the UK Information Commissioner's Office (ICO). The ICO said in a statement that it is "working closely with the Police Service of Northern Ireland and the Data Protection Commission in the Republic of Ireland" to learn more.
Full Story

PRIVACY LAW—EU

Hustinx Emphasizes Accountability (December 14, 2010)

Europolitics reports on plans to hold European institutions accountable for respecting the obligations of data protection laws. On Monday, European Data Protection Supervisor (EDPS) Peter Hustinx adopted a policy paper that sets a framework where the EDPS "monitors, measures and ensures data protection compliance in the EU administration." To date, the EDPS has taken a non-punitive approach. The new framework is designed to encourage proactive compliance by cracking down on those who flout the law.
Full Story

PRIVACY LAW—GERMANY

German Court OKs Use of Tax Informant CD Data (December 10, 2010)

Germany's Federal Constitutional Court (Bundesverfassungsgericht) has ruled that despite questions about the legality of the purchase from an informant of compact discs with personal and financial data of German citizens, the data can be used to support investigatory searches without violating privacy law. (In re Constitutional Complaint, BVerfG, No. 2 BvR 2101/09, 11/9/10). A German couple under investigation for tax fraud filed the lawsuit, arguing that the search of their apartment in September 2008 was unlawful because it was based on data on a compact disc bought by German tax authorities from an informant. The court ruled that the use of the data did not touch on the absolute core area of private life because it only concerned the couple's business contacts with financial institutions. German tax officials have purchased several compact discs from informants (206 PRA, 10/27/10). (Article in German.)
Full Story

DATA PROTECTION—FRANCE

CNIL Releases Guidance on Smart Meters (December 10, 2010)

The Commission nationale de l'informatique et des libertés (CNIL) has released its recommendations for the deployment of electric smart meters. The guidance intends to "limit the impact of these innovative devices on privacy and freedoms," according to a CNIL press release. The recommendations address security measures and the monitoring of individuals' energy consumption habits, among other topics. "CNIL recommends adjusting the level of details of the data collected according to different uses," the guidance states. "Indeed, if detailed information is sometimes necessary to manage the network management, a daily record is sufficient to charge a standard subscription."
Full Story

PRIVACY LAW—UK

ICO Clarifies Legality of Photography (December 10, 2010)

With the holiday season in full swing, the Information Commissioner's Office (ICO) is reminding parents and schools that the Data Protection Act does not prohibit family and friends from taking photographs at school events. "It is disappointing to hear that the myth that such photos are forbidden by the Data Protection Act still prevails in some schools," the ICO said in a press release. "The act does apply when photographs of children are taken for official use by a school or college," the press release states. The ICO has released guidance for parents and schools to "dispel confusion" and "explain parents' rights under the act."
Full Story

PRIVACY—GERMANY

Virtual Data Protection Office Anniversary Honored (December 10, 2010)

The Independent Center for Data Protection in Schleswig-Holstein is marking the tenth anniversary of the existence of the Virtual Data Protection Office, a German language Web site that provides practical and expert information free of charge on the subject of  data protection. With some 3,000 articles, an RSS feed and links, the Virtual Office is intended to be the starting point for access to laws, current news and commentary on a wide variety of topics related to data protection. Project partners from organizations in Germany, Canada, Switzerland, Poland and Liechtenstein worked together to create the Virtual Office. (Site in German.)       
Full Story

PRIVACY LAW—EU & U.S.

From DC: Reding Discusses Protecting Privacy (December 9, 2010)

In an interview with The Washington Post, EU Justice Commissioner Viviane Reding discusses guarding personal information. When asked why the EU favors legislation over voluntary action by companies, Reding said, "Protection of individuals is not the question of voluntary action. For us, it is written in our charter of fundamental rights that everyone has the right to the protection of their data." The move by some companies toward do-not-track mechanisms "is the right direction, and what is important is that industry has understood it can't ignore privacy concerns," she said. (Registration may be required to access this story.)
Full Story

PRIVACY LAW—EU

EU Considers Shortening Data Retention Periods (December 7, 2010)
As European Data Protection Supervisor Peter Hustinx calls for a clear demonstration of the necessity for the Data Retention Directive, EurActiv reports the European Commission may look to shorter data retention periods. "The evaluation we are currently waiting for is the moment of truth for the Data Retention Directive," Hustinx said last week. "Evidence is required that it constitutes a necessary and proportionate measure. Without such proof, the directive should be withdrawn or replaced by a less privacy-invasive instrument which meets the requirements of necessity and proportionality." EU Internal Affairs Commissioner Cecilia Malmström has said, "We may need to agree on more harmonized, and possibly shorter, retention periods."

ONLINE PRIVACY

Study: Popular Sites “Sniffing” Web Histories (December 7, 2010)

While a recent lawsuit accuses an adult Web site of computer fraud for allegedly "history sniffing" its users' Web activity, researchers at the University of California, San Diego, are spotlighting the use of "history sniffing" to track user activity online, eWeek reports. In an analysis of 50,000 popular Web sites, the researchers found that 485 "are capable of inferring browser history data, 63 of which are transferring that data to their network. In addition, 46 sites were actively participating in history sniffing," the report states. One of the report's authors suggests that "the bigger surprise was that there is an entire industry that has grown around this practice--behavioral analytics."
Full Story

FINANCIAL PRIVACY—EU & U.S.

U.S. Bank Monitors a Concern for EU (December 6, 2010)

The New York Times explores the concerns among U.S. allies in Europe over monitoring of international banking transactions for potential terrorist activity. The report looks at the history of the program from its roots in the September 11, 2001, terrorist attacks to its halt by EU members back in February and the European Parliament's vote in July to restart the program after concessions that promised greater European oversight. While U.S. officials have valued the monitoring program "because it allowed them to trace the transactions of suspected terrorist financiers while including 'robust' privacy protections," many in Europe continued to favor more "stringent privacy protections," the report states. (Registration may be required to access this story.)
Full Story

PRIVACY—EUROPE

All Eyes on Technology, Privacy Frontiers (December 6, 2010)

The FINANCIAL reports on last month's IAPP Europe Data Protection Congress in Paris drawing experts in the field "as new technologies lead us to reconsider existing privacy concepts and boundaries," highlighting international industry and regulatory experts who took part in the event. From cloud computing to global standards to privacy by design, an array of experts weighed in on key privacy issues, the report states. Looking forward, "It is important to properly combine law, policy and technology in order to properly understand and implement privacy within today's global ecosystem of business," ICC E-business and IT Telecoms Commission Vice Chair Joseph Alhadeff noted during the event. 
Full Story

ONLINE PRIVACY

Data Miners To Tell Customers What They Know (December 3, 2010)

A group of online tracking companies is building a service set to launch in January that will let consumers see what they know about them, The Wall Street Journal reports. The Open Data Partnership "is the first of its kind in the fast-growing business of tracking Internet users and selling personal details about their lives," the report states, and "will allow consumers to edit the interests, demographics and other profile information collected about them" or choose not to be tracked at all. "The government has told us that we have to do better as an industry to be more transparent and give consumers more control," said a spokesman for the initiative. "This is a huge step in that direction." (Registration may be required to access this story.)
Full Story

TRAVELERS’ PRIVACY—EU & U.S.

U.S. Officials Question EU Data Restrictions (December 3, 2010)

The Wall Street Journal reports on a statement by U.S. aviation security officials raising concerns about EU restrictions on the sharing of passenger data among security agencies. The restrictions reflect heightened sensitivity to passenger privacy concerns, David Heyman of the Department of Homeland Security and Vicki Reeder of the Transportation Security Administration told the Senate Transportation Committee on Thursday, suggesting such restrictions deny "one of the most powerful tools we have for identifying risks to our aviation system...Among our remaining challenges is the false notion that privacy and data protection standards in the United States and the European Union are irreconcilable." (Registration may be required to access this story.)
Full Story

PRIVACY LAW—UK

Home Office Adds Seats to the Table in RIPA Meeting (December 3, 2010)

After privacy and data protection advocates voiced concern about being left out of Regulation of Investigatory Powers Act consultations, the Home Office announced that it will meet with advocacy groups to discuss the proposed law, reports ZDNet UK. Six groups, including the Open Rights Group, wrote a letter to Security Minister Baroness Pauline Neville-Jones requesting a meeting. Currently, between eight and 10 bodies will attend the meeting, but Jim Killock of the Open Rights Group believes more may be added. "Just the act of participating and being able to be one side of the argument moves the centre of gravity of these discussions," Killock said.
Full Story

HEALTHCARE PRIVACY—IRELAND

New Guidelines Published by Watchdog (December 3, 2010)

The state health safety watchdog HIQA has published new guidelines for the healthcare industry on how best to protect the personal information of patients. Irishhealth.com reports that the guidelines show how privacy impact assessments (PIA) can be used to help service providers ensure they are protecting privacy rights and strengthen their own governance of health information. The guidelines include insight on carrying out a PIA and factors to be considered at each stage of the process, according to the report.
Full Story

PRIVACY LAW—GERMANY

Gov’t Split on Data Retention Plans (December 3, 2010)

A push for data retention--spurred by current terror warnings--has Interior Minister Thomas de Maizière requesting a new law allowing for the retention of telecommunications and Internet data for six months. However, Justice Minister Sabine Leutheusser-Schnarrenberger is speaking out against such legislation, proposing instead a law allowing data retention in specific cases as a "compromise proposal." A 2008 law allowing for such storage of data on telephone calls, text messages and e-mail traffic was thrown out by Germany's high court because it "went too far," Spiegel reports; however, the new terror alert "has revived the debate."
Full Story

DATA LOSS—UK

Study: Breaches Continue, But Change Is Underfoot (December 3, 2010)

The recently released annual UK Enterprise Encryption Trends study from Symantec shows that while 71 percent of UK organisations experienced at least one data breach last year, they are taking steps to better protect data, reports V3.co.uk. Fifty-three percent of respondents said they have encryption technology, and 47 percent are in the process of implementing it. And while a third of organisations say they don't have an encryption strategy, this figure is down from 40 percent last year, according to the report. The news comes on the heels of the first fines handed out by the information commissioner for contraventions of the Data Protection Act.
Full Story

DATA LOSS—UK

Consumers: Data Breach? Disclose It (December 3, 2010)

A recent survey has found that 80 percent of UK consumers support compulsory public data loss disclosures by organisations, IDG News reports. Of the 5,000 consumers polled via the Internet, 70 percent responded in favor of more prescriptive regulations, with 62 percent supporting hefty fines for data breaches and 31 percent suggesting executives should be subject to criminal proceedings. Ross Brewer of LogRhythm, which sponsored the survey, said respondents support "wide-ranging reform of data protection laws, including the implementation of mandatory data breach notifications." The survey also found that "when people hear about the loss of confidential information, they will actively avoid the organisations involved," the report states.
Full Story

ONLINE PRIVACY—U.S.

U.S. FTC Releases Privacy Report (December 3, 2010)

The U.S. Federal Trade Commission has released its long-anticipated staff report on consumer privacy, The New Zealand Herald reports. The report, "Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers," released Wednesday, includes preliminary recommendations. It calls for increased transparency and simplified consumer choice and endorses the creation of a do-not-track mechanism that would let consumers opt out of targeted advertising and data collection. FTC Chairman Jon Leibowitz said the report makes recommendations for best practices and is "not a template for enforcement." Early reaction to the report runs the gamut--from praise to rejection to additional questions, according to a Wall Street Journal report. The FTC will accept comments on the report through January 31, 2011.
Full Story

PRIVACY LAW—EU & U.S.

Concerns Abound Over Data Storage, Processing (December 2, 2010)

"Sensitive data concerning European citizens and companies is not safe in the U.S., legal experts warn." That's according to a Computerworld report questioning the storage and processing of data from Europe in the U.S. According to the report, many U.S. companies are "wrongfully claiming they are certified to store and process data from Europe," prompting Sophie in 't Veld of the European Parliament to call for the European Commission to rectify the situation. The report looks at the EU-U.S. Safe Harbor principles, suggesting, "the safety of this harbor is not absolute...The rules and policies of Safe Harbor are as soft as butter and there's no oversight."
Full Story

PRIVACY LAW—GERMANY

Interior Minister Reveals Draft Internet Law (December 2, 2010)

On Wednesday, German Interior Minister Thomas de Maizière revealed a draft law to tighten rules on Internet privacy that combines self-regulation with new rules making it illegal to gather certain kinds of information, reports Deutsche Welle. De Maizière said that while he's not interested in limiting the opportunities available on the Internet, he considers it "a particularly serious invasion of privacy rights" when sites "publish data that has been aggregated with commercial interests in mind" and which "yield a comprehensive personality of travel profile," states the report. Data protection commissioners criticized the draft law, saying it does not go far enough--especially regarding self-regulation.
Full Story