This article is also available in:
Deutsch: Frankreich: 3 Treffer-Gesetz endgültig angenommen
After long debates, on 12 May 2009 the French deputies adopted with 296 votes against 233 the three strikes law, with very few modifications. The following day the Senate also voted the law with 189 against 14 with socialist senators having decided not to participate in the vote.
During the discussions, most of the amendments introduced by the opposition were rejected. The Internet users deemed of illegally downloaded content will have their connection cut off while continuing to pay for the service (the so called double pain). The amendment by which the users should have not been sanctioned for downloading music that was unavailable on legal platforms was also rejected just like the one extending from 30 days to 2 months the period over which a user could make appeal. The law as is now ignores the presumption of innocence and the allows disclosure of personal information without any control from a court.
Senator Samia Ghali was the one of the few from the socialist group who participated in the vote and expressed her opinion that the project was "inefficient, outdated, too complex, archaic, liberticidal and old-fashioned".
On 19 May, the socialist deputies filed an appeal to the Constitutional Council which will have to give its decision by 19 June. The Constitutional Council already censored the graduate response introduced by the DADVSI law in 2006, considering it was not in agreement with the equality principle of the criminal law for making Internet counterfeiting a special case.
MEP Guy Bono, the author of the amendment against graduated response (amendment 138) in the Telecom Package, said that in case the French Constitutional Council does dot censure the Hadopi law, he will appeal to the European Court of Justice. He considers the Frenchlaw is infringing the amendment already adopted by the European Parliament at the beginning of May. The amendment says that a user's access to the Internet can be cut only by court decision. Bono considers the adoption of the Hadopi law as a "total disrespect to Europe and its citizens three weeks before the European elections".
Bono is also shocked by the statement of European Commissioner Viviane Reding who, in an attempt to gain France's favours before the European elections, said that although Hadopi may face some problems at the national level, she saw no indication of infringements of the European community law and "nothing in amendment 138 that might modify this situation".
La Quadrature du Net believes that the Hadopi law is legally dead because "it opposes to fundamental principles of French and European law, including the respect of a fair trial, principle of proportionality and separation of powers." In the group's opinion, it is also technically dead because "it entirely relies on identifying users through their IP address that can be altered or high-jacked in many ways As a consequence, innocents will inevitably be sanctioned. Circumvention techniques are also already largely available." It is politically dead because "this text is a ball and chain" that will be dragged "along for a long time." And finally the Hadopi law is dead for the media "because government's propaganda didn't stand for long under close scrutiny from citizens over the net" and "60% of the French reject this text according to an IFOP poll (33% only agree to the scheme) and a wide opposition includes independent movie theatres, hundreds of independent labels, science-fiction authors and performing artists."
Hadopi law is adopted according to the Senate (189 votes against 14) (only
in French, 13.05.2009)
Hadopi: the appeal to the Constitutional Council filed on Tuesday (only in
Hadopi law adopted, what now? (only in French, 14.05.2009)
Guy Bono "appalled" by Viviane Reding's remarks (only in French, 13.05.2009)
In campaign, Viviane Reding believes Hadopi does not infringe the European law (only in French, 13.05.2009) http://www.numerama.com/magazine/12896-En-campagne-Viviane-Reding-esti...
Anti-piracy law: "make your computer Hadopi-compatible" (only in French,
Solemn burial for HADOPI in French National Assembly (13.05.2009)
EDRIgram: Three strikes law in France - Second attempt (6.05.2009)
This article is also available in:
Deutsch: Europäisches Parlament schränkt Meldungen von Datenverstößen ein
The modification of the Privacy and Electronic Communication directive voted by the European Parliament (EP) on 6 May 2009, as part of second reading of the telecom package, limits the data breach notification only to the electronic communications service providers.
Initially, in its first reading of the telecom package last year, the European Parliament insisted to expand the data breach notification beyond the initial provision, to online services or even public administration. This idea was supported by privacy experts such as Peter Hustinx, the European Data Protection Supervisor who insisted to apply the system not only to "providers of public electronic communication services in public networks but also to other actors, especially to providers of information society services which process sensitive personal data (e.g. online banks and insurers, on-line providers on health services etc.)."
But in the negotiations with the Council and the European Commission on this point the EP diluted its initial claims. Thus, the adopted text includes a mandatory obligation only for ISPs and telecoms. For the rest of the categories the Commission just takes note of the EP will and says that it will "initiate the appropriate preparatory work, including consultation with stakeholders, with a view to presenting proposals in this area, as appropriate, by the end of 2011. In addition, the Commission will consult with the European Data Protection Supervisor on the potential for the application, with immediate effect, in other sectors of the principles embodied in the data breach notification rules in Directive 2002/58/EC, regardless of the sector or type of data concerned."
The adopted text includes a similar recital that notes the "general interest for users to be notified is clearly not limited to the electronic communications sector and therefore explicit, mandatory notification requirements applicable to all sectors should be introduced at the Community level as a matter of priority."
According to the text of the Directive approved by the EP in the case of a personal data breach, the telecom operator or ISP has the obligation to notify the personal data breach right away to the competent national authority. The text also says that if the data breach "is likely to adversely affect the personal data and privacy of a subscriber or an individual, the provider shall also notify the subscriber or individual of the breach without undue delay."
The EDPS considered the voted text as "a satisfactory approach". He also noted that it is good to see the mandatory notification for personal data breaches in the final text, which is one of the core elements of the Directive. However, he expressed his regrets that "its application is limited to ISPs and network operators. One would hope that the Commission, in consultation with the EDPS, will soon put forward proposals setting up mandatory notification requirements applicable to all sectors, as the Commission has undertaken to do in a declaration annexed to the text adopted by the EP."
The European Parliament rejected on 6 May the telecom package, due to the 3 strikes-related article, that was presented in extenso in the past EDRi-gram issue. Now the package needs to be negotiated again with the other EU institutions, but it is hard to believe that the data breach notification provisions will be modified.
Modification of the E-privacy Directive - adopted text (6.05.2009)
European Parliament abandons plan to extend data breach notification law (13.05.2009)
EDRi-gram: Data breach notification - different opinions in EU bodies ?
EDPS endorses data breach notification provision in ePrivacy Directive
This article is also available in:
Deutsch: EU unterstützt RFID mit ausreichendem Schutz für die Privatsphäre d...
The European Commission issued on 12 May 2009 a recommendation on the use of RFID (radio-frequency identification) after a fifteen-month period of consultations with supplying and using industries, standardisation bodies, consumers' organisations, civil society groups and trade unions.
Having in view the high continuous development of the smart chips industry, the Commission drafted the recommendation to help in ensuring the protection of the citizens' fundamental rights to privacy and data protection as stipulated in the Charter of Fundamental Rights of the European Union proclaimed on 14 December 2007.
The non biding recommendation will ask retailers using RFID tags to store and track products to deactivate them at the point of sale thus avoiding potential privacy and security problems. The wish of the privacy protection groups for opt-in principle is included in the recommendation thus giving customers the possibility to agree to keep their tags active if they wish to. This could be useful to identify a product found to be dangerous and to retrieve it. Tags are to be deactivated should customers fail to opt-in.
The Commission recommends organisations using RFID systems to assess the possible impact on privacy and data protection before using them, to act in order to minimise "any risk of infringing people's rights", to inform people who may be affected that the systems are in use by means of an established logo that can be defined by standardisation organisations and to inform the operators of the RFID systems on their purpose.
According to the recommendation, the national authorities should do their best to increase the awareness of the public and small businesses on the matter and to encourage research and development for more secure and privacy friendly RFID systems.
Retailers are expected to use an established logo indicating the use of a RFID tag on a product, to deactivate and remove such a tag in case of risks to customers' privacy or personal data security and even offer to do so even if there is no such risk.
EDRi's President and member of the EC RFID expert group, Andreas Krisch, qualified the Recommandation as "a first important step towards the right direction", but "for the time being it is important that the privacy impact assessments are carried out properly to determine the risks for individuals personal data. In the retail sector RFIDs should be deactivated at check-out since this is the point where they leave the control of the retail company and they constitute a risk to individuals privacy when being kept active."
He also insisted on the necesary next steps: "The success of this process will depend on the ability of all stakeholders to continue the dialog that was started with the RFID Expert Group. Member states now have an important role to play in implementing the recommendation. They should actively initiate a dialogue between DPAs, companies and civil society."
The recommendation was also welcomed by BEUC, the European consumers' organisation which considers it "an important first step towards finally addressing some of the core consumer concerns linked to RFID".
The opinion of the retailers is however divided. While the European Retail Round Table representing big chains believes the recommendation achieves the necessary balance between the benefits brought by RFID and the provision of the highest standards of privacy and data protection, "allowing the technology to develop while ensuring that those who use the technology will use it responsibly and sensibly", EuroCommerce believes the Commission did not take into consideration " practical consequences. On the contrary, by adding constraints on operators, it will reduce the attractiveness of the new technology for them. This will inevitably be reflected in the costs. If RFID is to develop its full potential, and to contribute to European competitiveness, it must be made easy, cheap and attractive, both to develop and to use."
In two years, Member States are to inform the Commission on the measures they intend to take in order to meet the objectives of the Recommendation and within two-three years, the Commission will report on the Recommendation's implementation including an impact analyisis on citizens as well as companies and public authorities using smart chips.
EU pushes for smart tag revolution (12.05.2009)
Small chips with big potential: New EU recommendations make sure 21st
century bar codes respect privacy (12.05.2009)
Recommendation of the Commission of the European Communities on the
implementation of privacy and data protection principles in applications
supported by radio-frequency identification (12.05.2009)
Google continues to face problems with its Street View service. The Greek data protection agency has banned Street View until it receives "additional information" from Google. The agency wishes to know the duration for which the images are kept on Google's database and what measures the company will take to make people aware of privacy rights.
Google does not appear worried by the action of the Greek authority stating they do not consider it a banning. "We have received a request for further information and we are happy to continue discussing these issues with them. We will discuss with them whether it is appropriate for us to continue driving in the meantime. Although that dialogue is ongoing, we believe that launching in Greece will offer enormous benefits to both Greek users and the people elsewhere who are interested in taking a virtual tour of some of its many tourist attractions."
At the same time, the company wished to reiterate its commitment to take measures to protect citizens' privacy: "Google takes privacy very seriously, and that's why we have put in place a number of features, including the blurring of faces and licence plates, to ensure that Street View will respect local norms when it launches in Greece."
Simon Davies, director of Privacy International considers the Greek action as a very good precedent. "This is fantastic news. The Greek regulators understand the risks of future technology creep. They have watched what has happened in the US and UK very carefully and will be familiar with the arguments on both sides. This highlights the difference between regulators - some will allow the public space to be exploited, others acknowledge that people's privacy needs to be protected. Now we wait for the domino effect, as the Greek decision sets an example that others may follow - we will see what happens next in Central Europe."
In the meantime, Street View has become active in Prague while the service's legality in the Czech Republic is still unclear. Filip Pospísil, a privacy expert with EDRi-member Iuridicum Remedium believes blurring techniques are not sufficient as there are still concerns related to the angles and distances of the pictures.
Street View as well as also other new Internet services is bringing up certain discrepancies between privacy laws and the technological advances. "As is usual, everyday reality and technical progress is ahead of the legislator," said Milana Chamberlain, a partner at law firm Norton Rose. In her opinion, the relevant legislation should be amended to cope with the progress of the technology. "In our view the borderline (between personal freedoms and protection of privacy) is very subjective and depends on when people start to feel offended by the fact that their face appears on the internet without their consent or when they suffer harm because somebody saw them where they did not want to be seen," said Chamberlain.
Facing complaints about privacy invasion with Street View in Japan, Google stated it would re-shoot all Japanese pictures by using lower camera angles so that images from private properties might not appear in pictures. And although Google also said it has blurred car number plates in the pictures as it has done in Europe, Japanese privacy campaigners are still concerned about Street View system shooting images unselectively.
Greece puts brakes on Street View (12.05.2009)
Google's snapshots of Prague raise privacy issues (21.04.2009)
Google re-shoots Japan scenes after privacy complaints (13.05.2009)
UK: Google's Street View does not breach the Data Protection Act (6.05.2009)
This article is also available in:
Deutsch: Glücklicher Sieg für biometrische Pässe in der Schweiz
A referendum that took place in Switzerland on Sunday, 17 May 2009 was in favour of the biometric passports law by a very narrow margin. Thus the official results show that 50.14% of the voters approved the law, with just 5 504 votes separating the two sides.
With one of the closest results in recent Swiss history, the vote on the law was influenced by the low turnout (38%) and by the number of Swiss citizens who voted from abroad for such a project. 14 cantons (including Bern, Geneva or Basel City) voted against the biometric passports. Howevere, the Swiss living abroad were probably seduced by the rhetoric of the Ministry of Justice Eveline Widmer-Schlumpf who insisted that the biometric passports are necessary so that Switzerland may enjoy the EU visa policy and enter US without a visa.
For example in Geneva, 52.9% people voted against the law, but 55.6% of the Geneva residents that were abroad supported the project.
The biometric passport law was voted in March 2008 by the Swiss Parliament. According to the law, the new passport will be equipped with an electronic chip containing a portrait picture and two fingerprints of the holder. One of the most controversial provision was to store fingerprints in a central database.
Some considered that the main reason behind such a fingerprint register is the access for police investigations, but the justice minister dismissed these allegations.
Widmer-Schlumpf pledged in a press conference to take opponents' concerns seriously: "We will do our best to ensure that personal data in the fingerprint register is secure". She also promised that the ID card would not contain biometric identifiers.
Most of the Swiss newspapers interpreted the final result as a sign of scepticism from the population on the new passports and that the final vote was just lucky.
"It is a slap in the face for the political establishment that includes the government and long-established parliamentarians. They have to thank lady luck that they do not belong to the losers," commented the Aargauer Zeitung
A chance majority (only in French, 18.05.2009)
"Lady luck" helps government win vote (18.05.2009)
Federal voting: the biometric passport accepted by a hairbreadth. Eveline
Widmer-Schlumpf relieved (only in French, 17.05.2009)
Passport vote wins majority and puzzles experts (17.05.2009)
Biometric passport scrapes through at ballot box (17.05.2009)
This article is also available in:
Deutsch: Noch eine offene Tür für Softwarepatente in der EU
A new international treaty United Patent Litigation System (UPLS) that may create an centralised trusted patent court is the new open door for software patents in the European Union.
The draft UPLS is inspired from the now defunct European Patent Litigation Agreement (EPLA) and is estimated to creat a new international patent court. As FFII (Foundation for a Free Information Infrastructure) points out, the system will by-pass the national courts. This court system would be shielded against any review by the European Court of Justice (ECJ). Thus, hand-picked patent judges will have the last word on software patents, meaning that will have the ultimate power to interpret patent law.
After the Recommendation of 24 March 2009 of the European Commission to the Council that would provide the Commission with negotiating directives for the conclusion of an agreement creating the UPLS, the Competitiveness Council of EU Ministers of 28-29 May will request a legal opinion to the ECJ about potential conflicts of the UPLS with the EU treaties.
The UPLS will not be a EU institution (the same as for the present European Patent Office - EPO) and thus will exceed the competence of the European Court of Justice that will only "rule on preliminary questions asked by the court structure established in the framework of the Unified Patent Litigation System, (...) on the interpretation of EC law and on the validity and interpretation of acts of the institutions of the Community."
Benjamin Henrion, President of the FFII and leader of its litigation working group, explains: "A central patent court forbidding any petition right for review to the ECJ means the patent court has the last word over software patents. The Agreement is drafted in a way to avoid the ECJ intervention on substantive patent law."
Brian Kahin, senior fellow of the Computer & Communications Industry Association, underlines that the US experience proves that "it is clear that the European Court of Justice needs to be able to oversee the evolution of patent law. Otherwise, there is constant danger that a self-interested patent community will successfully press to expand the scope, volume, and power of the patent system."
The UPLS carries the risk that specialized patent courts will have the last word for important questions such as limits of patentability. This is what typically happens in Germany where the Senate of the Federal Patent Court should refer basic questions to the Supreme Court but do not do this.
European Commission pushes for software patents via a trusted court
Patents: Commission sets out next steps for creation of unified patent
litigation system (24.03.2009)
Recommendation from the Commission to the Council to authorise the
Commission to open negotiations for the adoption of an Agreement creating a
Unified Patent Litigation System (20.03.2009)
"Council seeks to legalise software patents with the Community Patent" says
French expert (11.02.2009)
This article is also available in:
Deutsch: Französisches Gericht trifft klare Entscheidungen bei gehosteten Inha...
Several decisions taken by the French courts lately recognize the principle of non-liablilty of some web 2.0 sites for the content hosted. The new interpretation is putting things back on track, after some earlier strange decisions of the lower courts.
Dailymotion, the French video sharing site, has recently benefited of three decisions in its favour, in each case the site being considered as a mere hosting site and thus not liable for copyright infringement. On 30 April 2009, the site was cleared in the case filed by comedian Roland Magdane and his production company Matex, for illegal video sharing of 31 sketches and unfair competition. The court decided the site was only a hosting site, the respective videos having been posted on personal users' accounts. "Dailymotion offers its users an architecture and the technical means allowing a classification of contents, availability to these contents, without a prior intervention of the company on these contents that are supplied by its users who bear their sole responsibility, independently from the host which is in no way (...) an editor" was the decision of the court.
In April 2008, Dailymotion was also brought to court by production companies Davis Films, Davis Films Productions, Nouvelles Editions de Films on the one side and distributor Metropolitan Filmexport on the other for illegal sharing of movie Le Parfum. The plaintiffs contested the hosting status of the site considering Dailymotion had an active role in the treatment of the contents, the classifications being made on commercial criteria and not on functional or technical ones. Also, the plaintiffs considered that the notification stipulated by LCEN for the warning of a site on allegdly illegal hosted content was not mandatory.
However, the court decided Dailymotion was simply a hosting site as users are those posting contents and choosing the key words. It also ruled that the notification of illegal content was definitely mandatory. Dailymotion was therefore exonerated of any guilt and the plaintiffs are to pay 10 000 euros as legal expenses.
In another case, the site was condemned on 13 July 2007 for counterfeiting by the High Instance Court of Paris for illegally sharing online the movie "Joyeux Noël" and required to pay damages to the producers and the exploitation company. At that time, the judges, although acknowledging DailyMotion as a hosting provider and not a publisher, decided however that the site was liable for copyright infringement, as it was aware of the presence of illegal contents on its site. But on 6 May 2009, the appeal court of Paris confirmed the hosting status of Dailymotion cancelling the previous financial sanctions.
The major online auction site eBay had its share of French trials. Thus, in september 2007 it was taken to court by l'Oreal cosmetic company in France, Belgium, Spain and UK under the accusation of allowing counterfeit goods to be traded and asked for about 3.5 million euro in damages.
In August 2008, eBay was already cleared of accusations in Belgium. In UK a verdict on the matter is expected soon while in Spain the matter has not yet been heard. The French court decided that the auction site is only a hosting site as defined by the French law on implementing the e-commerce directive (LCEN - loi pour la confiance dans l'économie numérique) and not an editor and therefore it is not liable for the content on its website. The court also considered that eBay has put into force significant means to fight against online counterfeiting and thus "fulfilled its obligations of loyalty to other operators on the market."
The court has also asked both parties to closely collaborate in order to find adequate measures to fight counterfeiting perfumes and cosmetics and suggested a mediator between the two, a hearing being scheduled for 25 May on the issue. L'Oréal accepted the decision and welcomed the mediation solution. In its turn, eBay was pleased with the outcome considering the fight against counterfeiting should be a shared responsibility and the various involved parties should work together in this matter.
Dailymotion escapes two convictions in ten days (only in French, 11.05.2009)
Counterfeiting : L'Oréal dismissed in its pursue of eBay (only in French,
Judge sides with eBay in L'Oreal fake goods case (13.05.2009)
EDRi-gram: France: Linking can be damaging to your pockets (9.04.2009)
EDRI-gram: France considering new rules for web 2.0 (23.04.2009)
This article is also available in:
Deutsch: Britische Kreativindustrien fordern die Ausschaltung von Filesharern
An alliance of eight UK creative industries and five trade unions want the government to force Internet Service Providers (ISPs) to disconnect persistent alleged illegal file sharers from the Internet and have issued a set of "urgent recommendations" they want to be included in the government's Digital Britain manifesto.
The group considers that more than 50% of the net traffic in the UK is illegal content, situation which puts jobs in the creative industries at risk. "The growing threat of illegal P2P (peer to peer) file-sharing threatens (the creative industries), as films go unmade, DVD sales deteriorate and jobs are lost in production and distribution of content," said John Woodward, head of the UK Film Council.
In 2008, the UK Government urged ISPs to take measures to prevent illegal downloading but refrained from introducing legislation that would force ISPs to disconnect file sharers. Some of the UK's biggest internet providers accepted a voluntary scheme and sent warning letters to thousands of users suspected of illegally sharing music.
The Internet Services Providers' Association (ISPA) considers however that disconnections could be challenged by users in court and that, for the time being, the standard of the technology available for monitoring and detecting illegal sharers was not one to be admissible as evidence in court. In ISPA's opinion, the rights holders should rewrite their licensing agreements so as to take into consideration the "new models of online content distribution". ISPA's secretary general, Nicholas Lansman, said to BBC: "ISPA recognises that there is a problem with unlawful P2P file sharing, but it is important to recognise that a major part of the solution lies in licensing reform and the availability of legal content online."
Woodward agreed the film industry had to introduce radical new business models and needed to work more closely with ISPs in this digital era. "There needs to be a better relationship between content providers, ISPS and consumers." In his opinion, ISPs might consider a graduated response system if they were "incentivised to tackle piracy" by the content providers paying distribution fees to ISPs.
UK's Intellectual Property minister David Lammy said earlier this year that the government would not force ISPs to pursue file sharers. "We can't have a system where we're talking about arresting teenagers in their bedrooms," he told The Times newspaper.
Barbara Follett, Minister for the creative industries, also said at a conference of industry executives in London that the UK government was more in favour of sending warning letters to offenders threatening with legal actions rather than taking steps to slow or stop users' connections. "We propose a requirement for ISPs to notify their customers that are engaging in unlawful file-sharing and notify them in such a way that any further action would have consequences," she said adding that the Digital Britain report in June will include details related to the types of legal action to be taken.
Call to 'disconnect file-sharers' (12.05.2009)
UK Govt. to hear calls to disconnect file sharers (12.05.2009)
Net firms reject 'policing role' (12.05.2009)
British ISPs warn Internet downloaders on the risk of being prosecuted
This article is also available in:
End Software Patents launched a wiki to document the case against software
patents. Over 100 articles are being written to give an idea of the scope
and structure of the wiki.
This article is also available in:
The world is going Flat-rate
3 Strikes for Print: A Modest Proposal From Ed Felten
This article is also available in:
22-23 May 2009, Florence, Italy
E-privacy: Towards total control
23 May 2009, Florence, Italy
Big Brother Award Italia 2009
24-28 May 2009, Venice, Italy
ICIMP 2009, The Fourth International Conference on Internet Monitoring and Protection
1-4 June 2009, Washington, DC, USA
Computers Freedom and Privacy 2009
5 June 2009, London, UK
The Second Multidisciplinary Workshop on Identity in the Information Society (IDIS 09): "Identity and the Impact of Technology"
28-30 June 2009, Torino, Italy
COMMUNIA Conference 2009: Global Science & Economics of Knowledge-Sharing Institutions
2-3 July 2009, Padova, Italy
3rd FLOSS International Workshop on Free/Libre Open Source Software
13-16 August 2009, Vierhouten, The Netherlands
Hacking at Random
23-27 August 2009, Milan, Italy
World Library and Information Congress: 75th IFLA General Conference and Council: "Libraries create futures: Building on cultural heritage"
10-12 September 2009, Potsdam, Germany
5th ECPR General Conference, Potsdam Section: Protest Politics Panel: The Contentious Politics of Intellectual Property
16-18 September 2009, Crete, Greece
World Summit on the Knowledge Society WSKS 2009
17-18 September 2009, Amsterdam, Netherlands
Gikii, A Workshop on Law, Technology and Popular Culture Institute for Information Law (IViR) - University of Amsterdam Call for papers by 1 July 2009
21-23 October 2009, Istanbul, Turkey
24-25 October 2009, Vienna, Austria
3rd European Privacy Open Space
25 October 2009, Vienna, Austria
Austrian Big Brother Awards Deadline for nominations: 21 September 2009
16 October 2009, Bielefeld, Germany
10th German Big Brother Awards Deadline for nominations: 15 July 2009
13-15 November 2009, Gothenburg, Sweden
Free Society Conference and Nordic Summit
15-18 November 2009, Sharm El Sheikh, Egypt
UN Internet Governance Forum