On 4 December 2013 the EDRi member Dutch digital rights organisation Bits of Freedom launched a website petitioning the Dutch government to take numerous concrete measures to end mass surveillance. It officially presented the policy package to the Minister of Interior Affairs the day before.
On the campaign website, bespied-ons-niet.nl (translated as: 'don't spy on us'), a wide-ranging package of policy measures is set out. These range from diplomatic measures, to stopping plans to provide the Dutch secret services with the authority to intercept internet traffic on a broad scale.
On 26 November 2013, the French National Assembly discussed the draft of the military programming law which could give the authorities the power to collect, without a judge warrant and in real time, telecom users’ data as a result of an amendment introduced by the Senate in first reading.
Presently the internal security code stipulates that the interception of electronic communications can be authorized in exceptional cases of investigations related to the national security and other serious crimes.
The draft proposes to complete the internal security code to explicitly authorize the gathering, from electronic communications providers, but also from hosting companies and Internet editors, any information or documents treated or kept by their electronic communications networ
On 28 November 2013, Google received an ex-parte interim order from an Irish court to block the publication of a photo image of convicted solicitor Thomas Byrne which appears as a search result alongside the profile of Irish Senator Thomas Byrne, a solicitor himself.
Google considers it cannot be held liable for what comes up in its search results, as it only creates a snapshot of content that is elsewhere on the internet and this so-called “caching defence” is covered by the EU’s e-commerce directive law, allowing ISPs to not be held liable for being a mere conduit for information.
However, Google is no longer a mere provider of search results reflecting the content of websites elsewhere on the internet as it currently offers a range of products and services that brin
On 27 November 2013, the European Commission finally published its Communication on the “Safe Harbor” agreement as part of a broader package on EU/US data flows.
Perhaps the most disappointing aspect of the Communication was the statement that the PNR agreement and other data sharing agreements work without substantiating any of those claims. Simply asking the United States if they breached the existing rules and blandly stating, in the absence of any credible evidence, that the agreements on passenger name records (PNR) and financial data tracking (TFTP) “meet the common security interests of the EU and US, whilst providing a high level of protection of personal data” provides no new information and offers no new insights.
In a press release published on 15 November 2013, the European Data Protection Supervisor (EDPS), criticised the Commission proposal for a Regulation laying down measures concerning the European single market for electronic communications. The announced goal of this Regulation is to ease the requirements for communications providers, standardize wholesale products, aiming at harmonising the rights of end-users. In general, Hustinx approves the idea to include net neutrality, but points out that the Regulation provides the permission for abuses by the Internet Service Providers (ISPs) who would be legally allowed to manage and monitor the internet traffic of their users.
On 18 November 2013, Luxembourg’s Data Protection Authority (National Commission for Data Protection - CNPD) decided that Microsoft and Skype subsidiaries in Luxembourg have not broken EU privacy law by sending Europeans’ data to the US, although we all know where this data goes.
As a response to a complain filed by Europe v Facebook activist group, CNPD considered that the data transfer was legal under the Safe Harbor agreement, through which US companies can self-certify they comply with EU-strength privacy standards, even though their country does not. Which means that we have to take their word for that.
“The fact finding operations conducted since July 2013 and the subsequent detailed analysis did not bring to light any element that the two Luxembourg-based compan
The Irish High Court has decided to review the lack of reaction of the Irish Data Protection Commissioner (DPC) in relation to the PRISM scandal.
This decision is a result of DPC’s reaction to student group Europe v Facebook (EvF) which had filed a complaint against Facebook Ireland Ltd, considering that it violated data protection laws by “exporting data” to its US-based parent company. "If a European subsidiary sends user data to the American parent company, this is considered an “export” of personal data. Under EU law, an export of data is only allowed if the European subsidiary can ensure an “adequate level or protection” in the foreign country,” stated EvF.
EvF also alleged that Facebook had cooperated with NSA within PRISM programme.