Page 1 of 3 123 LastLast
Results 1 to 15 of 38

Thread: The spam is coming...and worse (data thread)

  1. #1
    Join Date
    Nov 2010
    Location
    in the national interest
    Posts
    17,683

    Thumbs down The spam is coming...and worse (data thread)

    In an extraordinary result for corporate lobbying, direct marketing would by default be considered a legitimate data process
    http://www.guardian.co.uk/technology...n-eu-anonymous

    As I write this, the European Parliament is involved in a world-beatingly gnarly wrangle over the new General Data Protection Regulation. At stake are the future rules for online privacy, data mining, big data, targeted advertising, data-driven social science, governmental spying (by proxy), and a thousand other activities.

    The lobbyists are out in force. The activists I know who go to Brussels say they've never seen the like: it's a veritable feeding frenzy of lobbying. Hundreds of amendments and proposals are on the table – some good, some bad, and just making sense of them is a full-time job.

    As complicated as the proposals are, there's one rule of thumb that should be borne in mind whenever any data-protection proposals are on the table: any time someone speaks of relaxing the rules on sharing data that has been "anonymised" (had identifying information removed) or "pseudonymised" (had identifiers replaced with pseudonyms), you should assume until proven otherwise that he or she is talking rubbish
    http://www.privacysurgeon.org/blog/i...ivacy-reforms/
    The powerful Council of the European Union last week released its proposals to amend the draft data protection regulation. The proposals are almost precisely in line with those suggested by industry lobbyists over the past few months.

    The Council, which consists of Ministers of EU countries, represents the influential government element of the reform process, and its sway cannot be overstated. The proposals, developed under the business-friendly Irish presidency, have dangerously wounded prospects that the new regulation will strengthen European privacy.

    In short, the Council’s proposals will put the onus on industry to police itself, except in limited circumstances. The role of the Commission will be all but eliminated, national regulators will have less discretion to take action and – crucially – the rights of data subjects will be reduced.
    the implications


    From a prescriptive framework to a risk based approach. This means that instead of being required to follow a set of harmonised procedures and safeguards to protect information, data controllers can decide for themselves what constitutes a risk, and merely show that they have taken some steps to mitigate that risk. This will include the development of self regulating codes of conduct.


    Consent downgraded from explicit to unambiguous. The requirement to obtain consent has been all but eliminated, with data controllers no longer required to establish evidence that consent was received, and - in some cases – consent may be replaced by notice.

    Nuclear option defused, The provisions in the current regulation that allow the Commission to create delegated and implemented acts to enable the regulation would be all but entirely removed, making the reforms almost rudderless and without any system of amendment or protection at the Commission level.

    Data breach notification. The proposals extend the notification period for data breaches from 24 to 72 hours, and only those that might result in “serious” harm must be reported to the data protection authority.

    Direct marketing excluded.
    In an extraordinary result for corporate lobbying, direct marketing would by default be considered a legitimate data process and would therefore – by default – be lawful.

    Exemption for social networking. All social networking and online activities conducted by individuals will be exempt from the regulation, meaning that a vast regulatory black hole will open up across online information flows.
    Ireland's Justice Minister

    http://www.justice.ie/en/JELR/Pages/PR13000214

    "Many legal and regulatory issues which impact on businesses and consumers fall within the scope of the Justice and Home Affairs Council. We, as Justice Ministers, must continue to do all we can to support businesses struggling to survive in the difficult economic conditions we currently face. It is for this reason that I will seek the support of my colleagues to significantly advance important measures on data protection, insolvency and debt recovery."


    Simon McGarr

    Quote suggests government succumbed to a most spectacular example of regulatory capture by lobbyist with consequences for every EU citizen
    EU Commissioner

    http://ec.europa.eu/commission_2010-...0130606_en.htm

    "If Europe wants to respond to today's challenges, then we need to be ambitious. Despite the data protection sprint we have seen under the Irish presidency, we have not yet reached the finish line. The ball is now in two courts. The ball is in Member States' court to continue progress in the Council, and the ball is the European Parliament's court, to reach its own position on the proposals. They will need to move up a gear if they want this reform to happen sooner rather than later. The clock is ticking for international competitiveness."
    Daragh O'Brien

    Looking at Sean Sherlock's tweets and the text of Council of Minister's amendements to EU Data Protection it's clear: we're going Economy not Society
    and McGarr again

    I can’t imagine why the Minister would bring forward proposals to gut data protections for EU citizens

    Hopefully TJ McIntye will have more shortly

  2. #2
    Join Date
    Nov 2010
    Location
    in the national interest
    Posts
    17,683

    Default Re: The spam is comming...and worse

    Good man Sean Kelly, among the top ten





    Pretty nifty site this.

    A team of German journalists and developers concerned about data protection legislation have launched an online platform to expose the copy-pasting of lobbyists’ position papers into EU legislation.

    It’s called LobbyPlag and it aims to denounce deregulating influences (such as Ebay’s or the European Banking Federation’s) on EU Committee members’ amendments to the draft of General Data Protection Regulation (GDPR). This law, planned to take effect in 2016, is intended to replace previous obsolete directives and unify data protection within the EU.
    http://lobbyplag.eu/map

  3. #3
    Join Date
    Feb 2010
    Posts
    5,333

    Default Re: The spam is coming...and worse

    Wow. It is going to take me some time to absorb all in this OP. Well done on your research and graphics. Just give us time to read.

  4. #4
    Join Date
    Nov 2010
    Location
    in the national interest
    Posts
    17,683

    Default Re: The spam is coming...and worse

    The whole data area is mind boggling enough but the gist is more - unregulated and unauthorised by you - access to your information and online habits.


    Someone put it recently that remember how that thing with no regulation and banks turned out?

    Well that with personal information.


    It's like the cards you get in Supermarkets to collect points. This is building a profile of you as a customer though logging your purchases. You will have given other info like age and gender when filling out the form. Do we know who collects, stores and uses that information? Is it your local shop or is it a company selling the service to retailers. What rules does that company work under and what is done with your information.


    'Big Data' is another industry - and it is an industry - that Ireland is trying to attract.

    They are coming for the tax but also all the blind eye and the craven attitude & under resourcing here has massive implications for users across the EU.

  5. #5
    Join Date
    Nov 2010
    Location
    in the national interest
    Posts
    17,683

    Default Re: The spam is coming...and worse

    IRELAND’S EU PRESIDENCY has led diplomats from other EU member states to sleep in tents, in order to maximise the time available to reach agreements on new rules for data protection, according to one of the EU’s top office-holders.

    European Commission vice-president Viviane Reding, the Brussels official responsible for justice, said today that delegations from some EU states had taken to staying in tents at working groups, as they tried to get a deal over the line.
    http://www.thejournal.ie/eu-diplomat...urce=shortlink

  6. #6
    Join Date
    Nov 2010
    Location
    in the national interest
    Posts
    17,683

    Default Re: The spam is coming...and worse

    On a side note

    Appalled by mass surveillance scandals? So are we. We’re doing something about it – and you can too.

    In 2006 we started a case challenging Irish and European laws that require your mobile phone company and ISP to monitor your location, your calls, your texts and your emails and to store that information for up to two years. That case has now made it to the European Court of Justice and will be heard on July 9th. If we are successful, it will strike down these laws for all of Europe and will declare illegal this type of mass surveillance of the entire population.
    http://www.digitalrights.ie/

    ...and from Simon McGarr

    Currently, European Law mandates Govts to store a record of where everyone has been, who they were with & who they call for up to 2 years

    The sturdy Yeopersons of Digital Rights Ireland felt this was an unacceptable breach of Human Rights.

    So they took a case in the High Court. And, for the first time ever, the High Court granted their claim actio popularis status.

    That means they were officially recognised as taking the case on behalf of everyone, not just themselves.

    The High Court referred the core questions of whether this EU Law could be compatible with the EU Treaties & Charter of Fundemental Rights

    That case is now listed for hearing in July before the ECJ- who will be sitting in Grand Chamber.

    The ECJ in Grand Chamber, incidentally, is Europe’s highest court.

    If the ECJ finds the EU data collection regime incompatible with EU basic law, it will be struck down for half a billion EU citizens.

  7. #7
    Join Date
    Mar 2010
    Posts
    2,977

    Default Re: The spam is coming...and worse

    That could really change things for the telcos and the governments. It is amazing that it got this far.

    Regards...jmcc

  8. #8
    Join Date
    Nov 2010
    Location
    in the national interest
    Posts
    17,683

    Default Re: The spam is coming...and worse

    Letter to the Irish Times on their churning

    More background here


    Dear Mr O’Sullivan

    Over the past few days a number of stories have appeared in the Irish Times purporting to highlight important Data Protection issues. In all cases the reporting has been at best incomplete, with no validation of claims made or any attempt to present counterpoints or other relevant facts, and at worst a simple retreading of a press release without any apparent fact checking or questioning of the information being spoonfed to the correspondent.

    On the 22nd June the Irish Times ran a story headlined “Ambulances unable to use GPS tracking” which drew a connection between alleged Data Protection restrictions and the death of a child. http://www.irishtimes.com/news/ambul...king-1.1438980. The statement of data protection law contained in this article was incorrect. A number of sections of the Data Protection Acts specifically allow for processing of and disclosure of personal data, particularly where there is a risk to the safety, life, or health of an individual.

    A cursory Google search or request for comment to either the Office of the Data Protection Commissioner or a specialist in Data Protection law and practice such as myself could have clarified this. Specifically disclosure of/processing of GPS data would be permitted under Section 8(d) and Section 8(f) of the Data Protection Acts in the case of an emergency services requirement.

    As someone with experience in the telecommunications sector and Data Protection issues, there are other more fundamental problems with real-time GPS tracking and, unfortunately, life is not like an episode of CSI where there is perfect information available in perfect real-time with perfect accuracy. This could and should have been reflected in the article. The real barrier to accurate dispatch of ambulances is the failure of successive governments to roll out a post-code system or equivalent address identification system that would allow for more granular and accurate location of addresses. An Post’s Geodirectory (which is the defacto standard for address validation) is designed for postal delivery not ambulance dispatch. Post codes were to be implemented in 2008.

    On the 24th June the Irish Times ran a story headlined “EU Regulation could restrict genealogical research” http://www.irishtimes.com/news/eu-re...arch-1.1440075, which reported that the revised EU General Regulation on Data Protection could restrict access to parish records and other genealogical data such as registers of births, marriages, and deaths.

    Again – this is utter bunkum. The EU Data Protection Regulation is unlikely to apply to deceased persons (as is the case with the current Irish Data Protection legislation which excludes the deceased, but is not the case in some other EU countries). Furthermore the Right to Be Forgotten has been defined in a circumspect manner as to exclude Public Registers such as parish records or Registries of Births, Marriages, or Deaths. Yes, Data Protection rules will and do apply to genealogists working with data relating to living people, but only insofar as the data cannot be used for other purposes and other obligations to keep data safe and secure.

    While I acknowledge that the EU Data Protection Regulation is as yet not finalised I would submit that that makes it even more important that responsible reporting on the actual or potential future trends in EU Data Protection law and the rights of citizens should be balanced and facts and assertions checked and validated.

    Today (25th June) the Irish Times business section ran a story heralding that the ASAI would be introducing rules requiring organisations using online advertising behaviour tracking to provide notice of this from September. http://www.irishtimes.com/business/s...-ads-1.1440129 This appears at first glance to be a good news story about self-regulation in the Internet Advertising industry, with the Interactive Advertising Bureau holding a consumer awareness campaign from today.

    However the ASAI’s rules merely reflect what the law of the land ACTUALLY IS AS OF JULY 2011. Under SI336 organisations making use of cookies or similar on-line tracking are required to disclose this fact and secure explicit consent, particularly where that tracking will take place across multiple websites. Unlike the ASAI’s non-statutory enforcement powers, SI336 is enforced by the Data Protection Commissioner’s Office with breaches warranting penalties of up to €5000 on summary conviction or €250,000 on indictment.

    Again – a simple fact check on this story would have highlighted the existence of this legislation and raised questions about why the ASAI is suddenly taking an interest in cookies. It would, of course, have highlighted that the Irish Times was one of a number of organisations contacted by the Data Protection Commissioner last year with regard to compliance with SI336 http://www.dataprotection.ie/viewdoc...twwebsites.htm

    So is the real story here not why the ASAI, with limited enforcement powers, feels it is important to step in to the policy and enforcement role of the Office of the Data Protection Commissioner, rather than simply ensuring its members comply with what is required under a law that is 2 years old? Is the DPC grinding to a halt? Is the Advertising Industry attempting to put lipstick on the pig that is self-regulation? Why is the ASAI seeking to confuse people about who to complain to about breaches of Cookies Regulations (them or the DPC or both)? Why?

    There is a worrying pattern in these stories. The first two decry the Data Protection legislation (current and future) as being dangerous to children and damaging to the genealogy trade (a Fr Ted-like “Down with this sort of thing” positioning). The third sets up an industry “self-regulation” straw man and heralds it as progress (when it is decidedly not, serving only to further confuse consumers about their rights).

    If I was a cynical person I would find it hard not to draw the conclusion that the Irish Times, the “paper of record” has been stooged by organisations who are resistant to the defence of and validation of fundamental rights to privacy as enshrined in the Data Protection Acts and EU Treaties, and in the embryonic Data Protection Regulation. That these stories emerge hot on the heels of the pendulum swing towards privacy concerns that the NSA/Prism revelations have triggered is, I must assume, a co-incidence. It cannot be the case that the Irish Times blindly publishes press releases without conducting cursory fact checking on the stories contained therein?

    Three stories over three days is insufficient data to plot a definitive trend, but the emphasis is disconcerting. Is it the Irish Times’ editorial position that Data Protection legislation and the protection of fundamental rights is a bad thing and that industry self-regulation that operates in ignorance of legislation is the appropriate model for the future? It surely cannot be that press releases are regurgitated as balanced fact and news by the Irish Times without fact checking and verification? If I was to predict a “Data Protection killed my Puppy” type headline for tomorrow’s edition or another later this week would I be proved correct?

    Attached is an updated copy of an op-ed piece on Data Protection reform I submitted in collaboration with Fergal Crehan BL earlier this month (06/06/2013). It remains unpublished. If it helps, I’ll dress it up as a Press release and send it to the news desk instead.

    Yours

    Daragh O Brien
    This in the context where lobbyists are spoon feeding MEPs of course.

  9. #9
    Join Date
    Mar 2010
    Posts
    2,977

    Default Re: The spam is coming...and worse

    It cannot be the case that the Irish Times blindly publishes press releases without conducting cursory fact checking on the stories contained therein?
    The Irish Times has a long history of churnalism. It is especially so when it comes to technology and the business of technology. It has been allowing technologically clueless people to wibble on about technology and the business of technology for over a decade. One of the first articles it ran on its "technology" section on its newly launched portal was an article on how to spam.

    Regards...jmcc

  10. #10
    Join Date
    Nov 2010
    Location
    in the national interest
    Posts
    17,683

    Default Re: The spam is coming...and worse

    More from Darragh O'Brien

    However, when the economy recovers it will probably be impossible to push the pendulum back towards respecting the rights we have forgone in the interests of economic expedience. We will have a recovered economy but a diminished society.

    This is what is happening with the EU Data Protection Regulation. Earlier this month the Irish Government, in one of the last acts of their EU Presidency, trumpeted their ‘victory’ in the first four chapters of the Regulation, getting a quasi kind of agreement to introduce a level of protections that has been watered down to near homeopathic levels. Whatever good is in some of the proposals the Irish Government is horribly undermined and hollowed out by the move to a purely “risk based” model of regulation (similar to that which has worked so well in Financial Services) amongst other things.

    I’ve written about that in detail here with Fergal Crehan.

    Principles diluted do not retain the memory of the principle. Homeopathic regulation doesn’t work. The parts of the Regulation that might have served to retain focus and concentration were the sections around enforcement and penalties.

    Today we learn via a leaked document that these sections have likewise been diluted to homeopathic levels by the Irish EU Presidency (again, annoyingly in tandem with some good and positive changes)

    • The specific levels of fines to be levied have been omitted from the document (Dr. Chris Pounder on the Hawktalk blog suggests this may be due to there being no agreement, my view is that if it has been taken out whatever is put back in will be a lot less attention focussing than the 2% of global turnover levels previously proposed)
    • A range of mitigating factors and considerations have been introduced which must be considered by a Data Protection Authority before levying a penalty of any amount. 13 different factors to be considered. One for every tooth a Regulator might have had. One more line of defence to be argued over before enforcement can commence.



    So, errant Data Controllers may now be in a position where they can self-assess their risks based on their own perception of the risk and impacts of their actions (just like people of a certain generation used to self-assess whether they were sober enough to drive), but just in case they get it horribly wrong the hoops a Regulator will have to jump through before being able to levy any form of meaningful penalty have grown in number and vagueness.

    This the text book definition of light touch regulation. History has shown repeatedly, and at great cost, that this simply does not work.

    On a tangent but regarding what I was saying yesterday in the Rivada thread.

    Recommend everyone take twenty minutes to listen to this from NearFM's Contemporary Capitalism series. Rachel O'Dwyer on the digital commons and emerging questions around it. Not actually as highfalutin as it sounds but just how old ways are battle in new spaces. Very interesting & important. We genuinely cannot afford to sleep on stuff like this.


    https://soundcloud.com/nearfm/contem...italism-part-4

  11. #11
    Join Date
    Nov 2010
    Location
    in the national interest
    Posts
    17,683

    Default Re: The spam is coming...and worse (data thread)

    "The reason American tech firms like Ireland isn’t just the low taxes"... http://qz.com/124133/the-reason-amer...the-low-taxes/


    ....it's a doormat regulator, yay!

    In a blog post announcing the news, Airbnb CEO Brian Chesky explained that “Dublin has hospitality in its DNA… The city has a reputation for being one of the most hospitable and friendliest places in the world.” Ah, to be sure! But more to the point, Ireland’s corporate tax rates, at 12.5%, are the lowest in Europe. By contrast, corporations pay 23% in Britain, 29.6% in Germany and 33.3% in France. The European Union’s single market is structured so that a company with headquarters in one country is subject to its rules while conducting business across the continent.
    +
    The real reason is regulation

    But there is another reason American tech firms flock to Ireland: light-touch regulation. Since the same rules that govern taxes also apply to regulation, companies can seek adjudication under laxer Irish standards even when the complainant is from another country in Europe. The Irish Data Protection Commissioner has a habit of issuing findings in favor of American tech firms—notably in two audits (pdf) of Facebook triggered by a campaign by Max Schrems, an Austrian law student. Most recently it found nothing wrong with the transfer of data by Apple and Facebook from Europe to the United States, despite worries that law-enforcement agencies might more easily get their hands on the data there.


    Ireland’s antics have not gone unnoticed. In July, Angela Merkel indirectly called out Ireland (paywall) for its weak laws, arguing that Europe needs uniform—and strict—data-protection rules rather than letting companies adhere to the laws of wherever they happen to be headquartered. Viviane Reding, a high-ranking European Commissioner whose most ambitious policy so far has been new privacy regulation that would do just what Merkel wants, also chimed in her agreement.


    Yet Ireland remains unperturbed. In an interview with the Financial Times (paywall) the day after Merkel’s statement, Ireland’s data-protection commissioner said he agreed with the notion of a “one-stop shop” for pan-European regulation—so long as that shop is in Dublin.

  12. #12
    Join Date
    Nov 2010
    Location
    in the national interest
    Posts
    17,683

    Default Re: The spam is coming...and worse

    Nice quote from Ireland’s data protection commissioner in the FT

    http://www.ft.com/cms/s/0/50fb3088-e...#ixzz2fAayNVGy


    Mr Hawkes rejected the idea that Irish data protection law was weaker than in other EU states, suggesting this view reflected a different cultural approach to regulation rather than a difference in substance.

    “If you take the example of the police in Ireland and the UK, our police are not armed and there is a tradition of speaking to people and being very approachable but always backed up by strong laws where necessary.”

    “We as a regulator speak to companies. We make clear what is expected from them and we also make clear if they do not do what we expect of them we will use our full suite of enforcement powers to require them to do so.”

  13. #13
    Join Date
    Feb 2010
    Location
    Rockall
    Posts
    78,864

    Default Re: The spam is coming...and worse (data thread)

    Light touch.
    “ We cannot withdraw our cards from the game. Were we as silent and mute as stones, our very passivity would be an act. ”
    — Jean-Paul Sartre

  14. #14
    Join Date
    Nov 2010
    Location
    in the national interest
    Posts
    17,683

    Default Re: The spam is coming...and worse (data thread)

    Quote Originally Posted by C. Flower View Post
    Light touch.
    Holding hands

  15. #15
    Join Date
    Nov 2010
    Location
    in the national interest
    Posts
    17,683

    Default Re: The spam is coming...and worse

    Quote Originally Posted by Dr. FIVE View Post


    It's like the cards you get in Supermarkets to collect points. This is building a profile of you as a customer though logging your purchases. You will have given other info like age and gender when filling out the form. Do we know who collects, stores and uses that information? Is it your local shop or is it a company selling the service to retailers. What rules does that company work under and what is done with your information.
    Don't say I didn't warn ye

    http://www.rte.ie/news/2013/1111/486...u-data-breach/

Page 1 of 3 123 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Share us
Follow Us