Wow, I love this news that UK’scoalition government will be keeping their promises to “reverse and restrain many of the surveillance systems that have marked its citizens out as the most watched in the world,” THINQ.co.uk reports. Plans include scrapping the National Identity Register and ID card, as well as biometric passports, and expanding the Freedom of Information Act. Other coalition commitments include removing innocent people’s records from the DNA database, regulating the use of CCTV and halting the prior government’s plan to retain national records of e-mail and communications data.

This will include a proposal to “outlaw” the finger-printing of children at school “without parental permission”. It will be interesting to see how they pan out in the statistics department for Privacy International “Most surveyed countries report” in a couple of years 🙂

Picked up from Jack’s tweets….

According to the filings in Blake J Robbins v Lower Merion School District (PA) et al, the laptops issued to high-school students in the well-heeled Philly suburb have webcams that can be covertly activated by the schools’ administrators, who have used this facility to spy on students and even their families. The issue came to light when the Robbins’s child was disciplined for “improper behavior in his home” and the Vice Principal used a photo taken by the webcam as evidence. The suit is a class action, brought on behalf of all students issued with these machines.

This is scandel.. read more at boingboing.

The (quiet) introduction of a National Police Reference System in Australia has raised concerns on the impact on privacy.  The database (run by CRIMTRAC has millions of records – including DNA and fingerprints) and is able to be accessed by all Australian law enforcement officers.  There are up to 80,000 accesses to the data per day.

For more detail, please see http://www.smh.com.au/national/privacy-fears-growing-as-police-tighten-national-grip-20100117-mecr.html.

is the title of a new article in the December 2009 issue of Wired Magazine. For one month, Evan Ratliff shed his digital identity and tried to disappear. Wired offered $5000 to the first person who could locate him, say the password “fluke” and take his picture within the one month contest period. The premise of the contest was simple: “how hard is it to vanish in the digital age? The article chronicles his adventures on the run, and the phenomena it created on Twitter. Using the hashtag #vanish, contest participants were “tweeting” up to 600 tweets a day as they shared clues and personal information about Evan Ratliff (such as his middle name, a common question of private investigators).

I recommended you pick up the print edition of the article while still available, as it is better than the online version. Otherwise, check out the online version here.

According to Mark Zuckerberg, the 25-year-old chief executive and founder of Facebook, “People have really gotten comfortable not only sharing more information and different kinds, but more openly and with more people”. For him, “That social norm is just something that has evolved over time”.

Complete article here (The Guardian): Privacy no longer a social norm, says Facebook founder

Data Privacy Day 2010 is occurring on January 28th. Data Privacy Day is an annual international celebration to raise awareness and generate discussion about information privacy. In 2009, both the U.S. Senate and House of Representatives recognized January 28th as National Data Privacy Day.

Over the past few years, privacy professionals, corporations, government officials and representatives, academics, and students in the United States, Canada, and 27 European countries have participated in a wide variety of privacy-focused events and educational initiatives in honor of Data Privacy Day. They have conducted discussions, examined materials and explored technologies in an effort to bring information privacy into our daily thoughts, conversations and actions.

“Despite all the benefits of new and innovative technologies, there are doubts and worries that persist about just how much personal information — our digital identity — is collected, stored, used, and shared to power these convenient and pervasive services.”

Richard Purcell, executive director of The Privacy Projects (www.theprivacyprojects.org), organizing sponsor of Data Privacy Day.

Data Privacy Day has also provided an opportunity to promote teen education and awareness about privacy challenges when using mobile devices, social networking sites and other online services.

Everyone is welcome to participate by sponsoring events, contributing writings and other educational resources, joining activities, and taking actions designed to raise privacy awareness.

More information can be found on the event website at: dataprivacyday2010.org.

A recently passed amendment to the EU Privacy Directive will require Internet users’ consent before cookies can be placed on their computers. This is part of a revised ePrivacy Directive that is close to enactment, that includes improvements on security breach, cookies and enforcement. The new provisions will bring vital improvements in the protection of the privacy and personal data of all Europeans active in the online environment. The improvements relate to security breaches, spyware, cookies, spam, and enforcement of rules. The revised ePrivacy Directive must be implemented by the Member States within 18 months.

The changes introduced include:

    For the first time in the EU, a framework for mandatory notification of personal data breaches . Any communications provider or Internetservice provider (ISP) involved in individuals’ personal data being compromised must inform them if the breach is likely to adversely affect them. Examples of such circumstances would include those where the loss could result in identity theft, fraud, humiliation or damage to reputation. The notification will include recommended measures to avoid or reduce the risks. The data breach notification framework builds on the enhanced provisions on security measures to be implemented by operators, and should stem the increasing flood of data breaches;
    Reinforced protection against interception of users’ communications through the use of – for example – spyware and cookies stored on a user’s computer or other device. Under the new Directive users should be offered better information and easier ways to control whether they want cookies stored in their terminal equipment;
    The possibility for any person negatively affected by spam , including ISPs, to bring effective legal proceedings against spammers;
    Substantially strengthened enforcement powers for national data protection authorities. They will for example be able to order breaches of the law to stop immediately and will have improved means of cross-border cooperation.

What this means is that the current laws that the data subject has increased protection online. If their personal data has been exposed, they must be notified. As such they must be informed if personal information on them is being collected, and they should have the option to opt-out (or more preferably opt-in). This is not possible with the way cookies are used today where they are just downloaded onto the users’ PCs without warning. All security to warn the user of tracking cookies are provided by the web-browser. This will now have to be included in the cookie itself.. I think. Any experts out there that know how this could work in practice, please jump in here and comment 🙂

I also read some references to how the use of RFID for the collection of personal information falls in the scope of this amendment.

And finally enforceability is key. Hence each member state must have the appropriate legilsation implemented to make this amendment effective and enforceable.