EU Citizens Privacy Rights: EU privacy regulators increase pressure on WhatsApp over data sharing

European Union privacy regulators rapped WhatsApp on the knuckles for not resolving their concerns over the messaging service's sharing of user data with parent company Facebook, a year after they first issued a warning.

The popular messaging service changed its privacy policy last year to start sharing users' phone numbers and other information with Facebook. That drew widespread regulatory scrutiny across Europe, and WhatsApp subsequently suspended the data sharing for EU users.

In a letter sent to WhatsApp on Tuesday and published on Wednesday, the group of EU data protection authorities - known as the Article 29 Working Party - said the company had still not resolved its concerns about getting user consent for the data sharing.

They noted that the information given users about the privacy policy update was "seriously deficient as a means to inform their consent."

"Whilst the WP29 (Article 29 Working Party) notes there is a balance to be struck between presenting the user with too much information and not enough, the initial screen made no mention at all of the key information users needed to make an informed choice, namely that clicking the agree button would result in their personal data being shared with the Facebook family of companies," the letter said.

The Irish data protection authority - which has jurisdiction over Facebook in the EU because the company's European headquarters are in Dublin - said in April that it hoped to reach a deal in the coming months on the data sharing with WhatsApp.

"Over the last year we have engaged with data protection authorities to explain how our 2016 terms and privacy policy update apply to people who use WhatsApp in Europe. We remain committed to respecting applicable law and will continue to work collaboratively with officials in Europe to address their questions," a WhatsApp spokesman said.

The WP29 also said users' consent was not freely given as WhatsApp effectively adopted a "take it or leave it approach in which users either signal their 'consent' to the sharing of data or they are unable to avail themselves of WhatsApp's messaging service."

A new EU data protection law will come into force in May which will give regulators the power to fine companies up to 4 percent of their global turnover, a huge increase compared with the present levels.

Read more: EU privacy regulators increase pressure on WhatsApp over data sharing

Privacy Rights: US Spy Scandal - N.S.A. Collection of Bulk Call Data Is Ruled Illegal - C.Savage and J.Weisman

NSA is never far away

A US federal appeals court in New York on Thursday ruled that the once-secret National Security Agency program that is systematically collecting Americans’ phone records in bulk is illegal.

The decision comes as a fight in Congress is intensifying over whether to end and replace the program, or to extend it without changes.

In a 97-page ruling, a three-judge panel for the United States Court of Appeals for the Second Circuit held that a provision of the U.S.A. Patriot Act, known as Section 215, cannot be legitimately interpreted to allow the bulk collection of domestic calling records.

The provision of the act used to justify the bulk data program is to expire June 1, and the ruling is certain to increase tension that has been building in Congress.

It also comes as controversy over electronic surveillance is building in Europe, including a push in France to increase domestic spying and a decision by Germany to reduce cooperation on surveillance with the United States.

The ruling puts new pressure on Senator Mitch McConnell of Kentucky, the majority leader, to make serious changes to the Patriot Act, which he has so far aggressively defended against any alteration, even as recently as Thursday on the Senate floor. Mr. McConnell has pressed to maintain the N.S.A.’s existing program against bipartisan efforts to scale it back, and has proposed simply extending the statute by the June 1 deadline.

Read more: N.S.A. Collection of Bulk Call Data Is Ruled Illegal - NYTimes.com

Europeans Fight U.S. Trade Deal With Fear of McHospitals, Fracking Under Eiffel Tower (and they should)-by Leo Cendrowicz

It will afflict Europe with American abominations on an almost Biblical scale: cheap and dirty food, toxic waste, mind-numbing movies and television, gas-guzzling cars, all while scrapping healthcare and erasing labour rights.

That, at least, is how angry European activists are painting a planned trade deal between the European Union and the United States. A legion of horrors has been evoked about an agreement known as the Transatlantic Trade and Investment Partnership, or TTIP, which is currently under negotiation.

Dozens of groups have sprung up to oppose the planned pact, like Stop TTIP (whose website describes the deal as “a corporate coup that will put power and money into the hands of corporations and away from the elected government.”) and No TTIP (“TTIP would lock in the privatization of our public services, erode government protection for people and the environment and threaten a new round of unjust economic reforms forced on the poor”).

U.S. and E.U. officials are currently in New York this week for their ninth round of talks to hammer out the details of deal. But on Sunday, tens of thousands of protesters marched through the streets of Berlin, Brussels, Vienna, Madrid, Helsinki, Warsaw, Prague and other cities in simultaneous colorful demonstrations against TTIP.

Europe’s anti-TTIP campaigners characterize the plans as a diabolical plot to allow the likes of McDonalds to take over hospitals, Exxon to frack under the Eiffel Tower, and Google to take over parliaments. “It’s the most contested acronym in Europe,” admits Cecilia Malmström, the E.U. trade commissioner, who is in charge of the European side of the negotiations.

Work on TTIP will continue for the moment. Planned for over a decade before its formal launch in 2013, the negotiations are expected to last at least another two years. But the real test will come when the ratification process begins in European and American legislatures – some 898 amendments have so far been proposed in the European Parliament’s TTIP wish list.

 If anger continues to swell, it could dilute TTIP or derail it completely. If that happens, TTIP’s many opponents would celebrate. Whether their interests would be served by the trade pact’s demise is another matter. But even TTIP’s supporters accept that in its current form, the agreement has become a lightning rod for almost every European discontent.

Read more: Europeans Fight U.S. Trade Deal With Fear of McHospitals, Fracking Under Eiffel Tower - The Daily Beast

What happens in Europe, doesn't stay in Europe: US giants accused of breaking EU privacy pact - by Jennifer Baker

More than 30 big US tech firms are breaking international agreed-upon US-EU Safe Harbor commitments to safeguard Europeans’ data, according to a complaint filed with the US Federal Trade Commission (FTC) on Thursday.

The Washington-based Center for Digital Democracy (CDD) claims tech giants such as AOL, Adobe, Salesforce, Datalogix, Marketo, BlueKai, Criteo, Merkle and others are ignoring their promise to keep EU citizens’ data private – as opposed to sharing it with other organizations.

None of these companies have responded to requests for comment, but we'll update when we hear more. The CDD claims "these companies are compiling, using, and sharing EU consumers’ personal information without their awareness and meaningful consent, in violation the Safe Harbor framework."

The Safe Harbor agreement is a legally enforceable but voluntary "code of conduct" for US businesses that process European citizens’ data. The bilateral deal was reached in 2000 and is supposed to guarantee Europeans data privacy in line with the 1995 EU Data Protection Directive, but following the Snowden revelations last year, many don’t believe it is worth the paper it’s printed on.

The deal let the US off the hook of having to comply with data privacy adequacy requirements for transferring data outside the EU and instead allowed companies to sign up to the agreement on a case-by-case basis. Currently 4,767 companies have so far signed up.

These companies are then authorised to display a logo showing that they are part of the scheme and the rules can be legally enforced. But last year Galexia, an Australian-based consulting company on internet law and privacy, carried out research into the Safe Harbor membership scheme and claimed it had found that around one in every seven claims is false.

According to the CDD, the 30-odd companies in the complaint are actively involved in “data profiling”.
“Our investigation found that many of the companies are involved with a web of powerful multiple data broker partners who, unknown to the EU public, pool their data on them so they can be profiled and targeted online," said CDD executive director, Jeff Chester.

The group has also claimed that the FTC is failing to enforce the Safe Harbor rules. Compiling, using and sharing EU consumers' personal information without their awareness, consent, or ability to opt out is in violation the Safe Harbor framework. In such cases the FTC could enforce sanctions.

Representatives of the EU and US are currently in negotiations to create a new, so-called data privacy “umbrella agreement” which would – possibly – give Europeans the same rights of redress as American citizens if their data is used inappropriately.

In the meantime, many in the European Parliament have called for the Safe Harbor agreement to be suspended. Following an investigation into the NSA spying revelations last year, the parliament voted to suspend the deal, but the European Commission, which would have to act on such a vote, has not done so, preferring instead to continue the “umbrella” negotiations.

Note EU-Digest: If the EU Commissions is able to override the EU Parliament on issues of Personal Privacy etc. there is something horribly wrong with the application of Democratic rule in the EU. In case the so-called "umbrella" rule ever gets implemented without proper review by the EU and national parliaments European citizens will find their personal rights even more curtailed than they are now. The EU Commission and the EU parliament better get their act together.

Read more: What happens in Europe, doesn't stay in Europe: US giants accused of breaking EU privacy pact • The Register