The European Commission has proposed the creation of a new European Health Emergency Preparedness and Response Authority, HERA. WPF provided comments regarding the proposal, urging the Commission to ensure from the outset that HERA will fulfill its mission with a focus on data interoperability and will include specific data governance ...
WPF provided feedback on the European Data Protection Board's Recommendations 01/2020 on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data. In responding to the Recommendations, we found several areas which, if improved, would enhance the stated goals of the EDPB for ...
WPF has conducted original research on India's Aadhaar, a national biometric ID system, including field research in India during 2010-2014. WPF has published the original research in a peer-reviewed journal, Nature-Springer, and in Harvard-based Journal of Technology Science. The research found that systemic challenges to data protection and privacy exist in the Aadhaar system, challenges which do have potential remedies. Key lessons can be learned for both the US and the EU as biometric systems grow in popularity.
This substance of this analysis is about the new EU-US Privacy Shield, with contextual background and an analysis of how this new proposal compares to the old EU-US Safe Harbor agreement. The analysis includes a discussion of winners and losers in Privacy Shield, and discusses its potential future.
The US and the European Commission have released details about the proposed Privacy Shield program, formerly known as the "EU-US Safe Harbor Framework." A key takeaway on US side is that the program will still rely on self-certification, although with improved verification and monitoring mechanisms. For its part, the US ...
Update for February 29, 2016: The US and the European Commission have released new details about the proposed Privacy Shield program. We have published a new post about this release here . Briefly, the US Department of Commerce has released a 132-page package containing the program principles, letters from the ...
The closely watched Safe Harbor talks to craft new privacy rules for transatlantic data flows between the US and the EU have resulted in some preliminary signals today, although a final outcome is still pending. Commissioner Jourova, speaking before the Committee on Civil Liberties, Justice, and Home Affairs, said that ...
After four years of negotiations, the EU Commission, Parliament, and Council have reached a final agreement on the General Data Protection Regulation (GDPR). The GDPR is an omnibus data protection law which sets arguably the most extensive data protection laws globally, along with strong enforcement authority. The new law contains ...
The European Court of Justice has recently decided an important case involving privacy and search engines. The decision may have enormously broad implications for privacy, for search engines, and for the Internet as a whole. This brief analysis provides context and highlights of the court's decision, with a discussion of the implications, which are far-ranging.
May 20 Update: see our full analysis of the ruling here . In a ruling with far-reaching implications for online privacy, the European Court of Justice has ruled that online search companies are subject to the European Data Protection Directive, (Directive 95/46/EC) . Search engine companies that are based in ...
This section reviews several other privacy self-regulatory activities that share some characteristics with the industry self-regulatory programs discussed above, but these activities differ in various ways. The most noticeable differences are the role of the government in the programs. The Department of Commerce is involved in the Safe Harbor Framework, and the Federal Trade Commission is involved in the Children’s Online Privacy Protection Act.
TACD -- The Trans Atlantic Consumer Dialogue (TACD), which WPF is a member of, has sent a letter regarding Internet privacy to a Congressional subcommittee explaining that European privacy controls are not burdensome, but rather of key importance. The TACD is a forum of more than 80 US and European consumer groups and represents several hundred million consumers in North America and the United States.
Comments on EASA --The World Privacy Forum submitted comments today on the European Advertising Standards Alliance's Best Practice Recommendation on Online Behavioural Advertising. Our comments focus upon three key areas: First, the EASA recommendation fails to recognize the protection of consumer privacy in Online Behavioral Advertising (OBA) as a key policy goal. Second, the recommendation's protections are narrow, creating illusory protections for user privacy, whether or not they opt out of OBA. Finally, we critique the oversight and compliance mechanisms, which are not likely to foster consumer confidence nor police the industry. Drawing upon the WPF's 2007 report, The NAI: Failing at Consumer Protection and at Self-Regulation, the comments argue that EASA's approach suffers from the same weaknesses as self-regulatory approaches deployed in the United States, and that European lawmakers should not replicate the failed American approach. Law students from the Samuelson Law, Technology & Public Policy Clinic helped draft the comments as part of an ongoing project on consumer privacy and OBA.
This report evaluates the US Department of Commerce’s international privacy programs, their efficacy, and their value to business and to consumers. The role of the Commerce Department has become more important in light of the Obama Administration's establishment of a Subcommittee on Privacy and Internet Policy in October 2010. The Subcommittee is chaired jointly by the Department of Commerce and the Department of Justice, and it is intended to promote “individual privacy,” among other things. [1] This report reviews, analyzes, and summarizes major international privacy activities of the Department of Commerce, with a focus on the Safe Harbor Framework established in 2000 with the European Union in response to the requirements of the EU Data Protection Directive. The report also considers briefly the Department’s work on the Asia Pacific Economic Cooperation (APEC) Privacy Framework.
Department of Commerce and Safe Harbor -- New Report The World Privacy Forum published a new report today that evaluates the US Department of Commerce's work on privacy protection for consumers, given its role overseeing such critical programs as the US/EU Safe Harbor data agreement. The report, The US Department of Commerce and International Privacy Activities: Indifference and Neglect, identifies a number of issues of concern regarding the Department's privacy programs, most particularly, the current Safe Harbor framework. The report's analysis find that three separate studies consistently show that many and perhaps most Safe Harbor participants are not in compliance with their obligations under Safe Harbor.
Social networks -- In the wake of Europe's Article 29 Working Party Opinion on Social Network Providers adopted in June, the Federation of German Consumer Organizations (VZBV) has sent out warning letters to five social networking providers in Germany, including Facebook and MySpace. The letters focus on the excessive rights the companies allow themselves in their respective Terms of Use agreements, and on shortcomings in the privacy policies. VZBV is comprised of 41 German consumer associations.
TACD -- The World Privacy Forum participated in the Trans Atlantic Consumer Dialogue meetings in Brussels this June, and is pleased to announce that WPF is now a full member of the TACD. The TACD is a network of 80 EU and U.S. consumer organizations that develop joint consumer policy recommendations for the EU and U.S. in an effort to promote the consumer interest in transatlantic policymaking.
European Privacy Seal -- Ixquick.com is the first search engine to receive formal EU privacy approval. The EuroPriSe (European Privacy Seal) was awarded to Ixquick after a lengthy certification process. Ixquick deletes its users\' IP addresses after 48 hours.
