GOP Reps. Fred Upton (Mich.) and Greg Walden (Ore.) used the Supreme Court’s indecency ruling on Thursday to push for their bill to overhaul how the Federal Communications Commission (FCC) operates.
The notion that governmental access is similar in the European Union and the United States was validated on the political level this week by Megan Richards, EU Commission Acting Deputy Director General for Information Society and Media. Speaking at the Cloud Computing World Forum in London, Ms. Richards asserted that, “theoretically, it shouldn’t matter where data is held as long as our rules apply…the legislation in the US is not so different from the legislation we have in the EU.”
Interestingly, the use of US infrastructure for European Cloud Services is lamented in some European quarters. Critics ultimately question whether data protection measures, especially those restricting governmental access to data, are adequately established in the US. As discussed below, doubts about US legal frameworks are often based on “misconceptions [which] encourage speculation that governmental access to data stored in the cloud is more likely in some places than in others.”
In the meantime, Europe’s goal to support a speedy uptake of Cloud Computing, including the development of Cloud infrastructure in Europe is under way. The Commission’s “European Cloud Strategy,” which is set to be released this summer by DG Information Society and Media (soon to become DG Communications Networks, Content and Technology), aims “to ensure that Europe becomes not just Cloud-friendly, but Cloud–active.” European critics of the US approach assume that the cloud strategy will mean more Cloud infrastructure in Europe.
European Commission Vice-President Neelie Kroes (who is leading the initiative) has however informed stakeholders that Europe’s Cloud Strategy is “not about building a European super-Cloud,” and that “Cloud business models…should be determined by efficiency considerations in the market.” “Market Based considerations” could justify a continued reliance on US based infrastructure for European Cloud Services, because many major Cloud databases are already established in the US.
FPF’s Christ Wolf, co-director of Hogan Lovells’ Privacy and Information Management practice, and Hogan Lovell’s Paris Office partner, Winston Maxwell, recently released a white paper on governmental access to data in the Cloud. The white paper “debunks faulty assumption that US access is unique” with an expository survey comparing governmental data access laws in ten countries (including some EU member states) as well as governmental authorities’ ability to access data stored in databases outside their jurisdiction through the use of Mutual Legal Assistance Treaties.
It will be interesting to see how an honest analysis of governmental access regimes across jurisdictions could affect the European Cloud Strategy and create the potential for a continued reliance on US based infrastructure for European Cloud services.
The National Telecommunications and Information Administration (NTIA) announced that the first focus of its multistakeholder process will be on transparency in mobile applications. The first meeting is set for July 12, 2012, to be considered for participation, fill out an “expression of intent” form with NTIA.
The announcement came at the US Chamber of Commerce Telecommunications and E-commerce Committee meeting, where NTIA Assistant Secretary for Communications and Information Lawrence Strickling further discussed the multistakeholder process.
Mr. Strickling emphasized his goal of achieving broad participation from industry representatives, civil society, and academics in an effort to establish quality, credibility, and acceptance of the code of conduct established during the multistakeholder process.
With reference to facilitating consensus, Mr. Stickling cited the use of a professional facilitator to help “set a plan” and ensure productivity. Mr. Strickling said that he expected the first meeting to include as many as several hundred people, but that group would likely naturally narrow as the process continued.
Mr. Strickling emphasized two major aims of the multistakeholder process: (1) fleshing out the principles laid out in the White House’s “Consumer Bill of Rights” through codes of conduct and (2) ensuring voluntary adoption of the codes of conduct by companies, which will make them subject to Federal Trade Commission enforcement.
FPF Director and Co-chair Jules Polonestsky said, “Kudos to NTIA for focusing on the mobile app ecosystem, which provides incredible value to consumers, but is also the cause of increasing privacy concerns. As the world has moved from one where carriers controlled what is on your phone to a turbulent environment of hundreds of thousands of small app developers and other data collectors, it is critical that all the players in the mobile ecosystem come together to find the right balance.” Following Mr. Strickling’s remarks at the Chamber, Polonetsky participated on a panel discussing the merits of the multistakeholder process along with Berin Szoka of TechFreedom, Sarah Hudgins of the IAB, and Dan Caprio of Mckenna Long & Aldridge LLP.
FPF Mobile App Resources:
The Commerce Department will convene a broad array of online companies and advocates next month to attempt to reach a consensus on privacy guidelines for mobile apps.
The Future of Privacy Forum (FPF) is seeking submissions of papers focused on privacy issues for their upcoming third edition of “Privacy Papers for Policy Makers.”
Wider adoption of encryption for data in motion will drive law enforcement to increasingly target data at rest, particularly in cloud environments, says an Ohio State University academic.
As more people use encrypted methods to browse the Web, it will become trickier for law enforcement agencies to intercept private communications in real-time, causing them to focus instead on tapping data that is stored in the cloud, according to the draft of an academic paper by a former privacy advisor to the Clinton Administration.
The European Union’s Article 29 Data Protection Working Party (WP 29) released its Opinion 04/2012 on Cookie Consent Exemption today. The opinion is released amidst the implementation of Directive 2009/136/EC (“Cookie Directive”) in most member states and aims to clarify the circumstances in which cookies are exempted from the informed consent requirement.
In its opinion, WP 29 focuses on the two “exemption criteria” established under article 5.3 of the Cookie Directive: if the cookie is, (a) used “for the sole purpose of carrying out the transmission of a communication over an electronic communications network” or (b) “strictly necessary in order for the provider of an information society service explicitly requested by the subscriber or user to provide the service”. The opinion describes a variety of circumstances in which these exemption criteria do not apply; forcing controllers, processors, and third party actors to obtain informed consent before using a cookie.
Three general guidelines are drawn from the WP 29 analysis: (1) exemption under Criterion B must be evaluated “form the point of view of the user, not the service provider”, (2) “if a cookie is used for several purposes, it can only benefit from the exemption to informed consent if each distinct purpose individually benefits from such an exemption”; and (3) “The purpose of the cookie should always be the basis for evaluating if the exemption can be successfully applied rather than a technical feature of the cookie.”
Interestingly, social plug-in content sharing cookies can be considered exempt from the informed consent requirement in limited circumstances. On the other hand, third party advertising cookies, including cookies used for fraud detection purposes, are not considered to be exempt from consent requirements because “neither of these purposes can be considered to be related to a service or functionality of an information society service explicitly requested by the user.”
–Julian Flamant
PRIVACY PAPERS FOR POLICY MAKERS 2012
The Future of Privacy Forum (FPF) invites privacy scholars and authors with an interest in privacy issues to submit papers to be considered for FPF’s third edition of “Privacy Papers for Policy Makers.”
PURPOSE
• To highlight important research and analytical work on a variety of privacy topics for policy makers
• Specifically, to showcase papers that analyze current and emerging privacy issues and either propose achievable short-term solutions, or propose new means of analysis that could lead to solutions.
REVIEW PROCESS
• Academics, privacy advocates and Chief Privacy Officers on FPF’s Advisory Board will review the submitted papers to determine which papers are best suited and most useful for policy makers in Congress, at federal agencies and for distribution to data protection authorities internationally.
• Two papers selected by the chairs of the Privacy Law Scholars Conference will be included in the publication and will receive a cash award from the International Association of Privacy Professionals.
• The Future of Privacy Forum will announce the selected papers at an event with privacy leaders in September and will provide a printed digest to policy makers in the United States and abroad.
SUBMISSION
Paper Submission Deadline: July 20, 2012
Please include: author’s full name, phone number, current postal address and e-mail address.
Send via e-mail to [email protected] with the subject line “Privacy Papers for Policy Makers 2012,” or send by mail to:
Future of Privacy Forum
919 18th Street, NW, Suite 901
Washington, D.C. 20006
The entry can provide a link to a published paper or a draft paper that has a publication date. FPF will work with the authors of the selected papers to develop a summary.
Visit fpf.org/the-privacy-papers to view the 2010 and 2011 editions of Privacy Papers for Policy Makers.
This compilation is not intended to be a publication of original work. Rather we seek to make policymakers aware of papers presented at workshops or published in journals and we provide this compilation of descriptions of these papers in order to call attention to those deemed most significant. Special thanks to our 2012 Policy Papers for Policy Makers Sponsors: AT&T | Microsoft | GMAT
Opower released a whitepaper detailing how it is implementing Privacy by Design into its platform. Click here to view the whitepaper.