WELCOME to Connected Rights, your nudge in the ribs of digital rights news and analysis.
DATA RETENTION LAWS ARE UNLAWFULLY IN FORCE across 21 European countries, according to a survey by Privacy International: http://bit.ly/2xOT6UC
Data retention – where governments force internet service providers (ISPs) to log the activities of their customers so authorities can comb through them – is not illegal as such in the EU, but repeated rulings by the Court of Justice have set out very strict guidelines for them. As with all privacy-busting surveillance laws, they are supposed to be targeted in order to avoid illegal mass surveillance.
According to Privacy International, not one of the 21 European countries that have data retention laws meet that proportionality test. The NGO recommended that each one should review and revise its legislation, and ISPs should challenge their governments. Meanwhile, it also said the European Commission should “provide guidance on reviewing national data retention laws to ensure its conformity with fundamental rights”.
Who’s on the naughty step? Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, France, Germany, Hungary, Ireland, Italy, Luxembourg, the Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, and the United Kingdom.
CAN EMPLOYERS SPY ON THEIR WORKERS’ INTERNET USE? It’s complicated.
Yesterday, the grand chamber of the European Court of Human Rights ruled that a Romanian man named Bogdan Mihai Bărbulescu had suffered an infringement of his privacy rights when his employers monitored his Yahoo Messenger conversations (conducted over the employer’s internet connection) and fired him for breaking workplace policy on not using the office internet connection for personal matters: http://for.tn/2w2xMZl
However, the court didn’t say workplace monitoring was forbidden. It just said that an employer’s policies cannot remove people’s fundamental rights, and the Romanian courts, to which Bărbulescu had complained, had failed him by not properly examining the proportionality of the monitoring and his firing.
“The right to respect for private life and for the privacy of correspondence continued to exist, even if these might be restricted in so far as necessary,” the court said. So it doesn’t seem that there’s now a ban on workplace monitoring, but rather a good reason to examine how invasive such systems are.
SPEAKING OF WORKPLACE SURVEILLANCE, the Financial Times has an interesting piece on London-based banks installing sensors on their workers’ desks, to check when people are working there: http://on.ft.com/2vxz4jE
Cad-Capture, the company that supplies the OccupEye sensors, claims they were initially popular in the public sector but are now big in the financial industry. The aim is allegedly to better manage desk space, but some employees claim there’s something a bit Big Brother about the whole thing. Wherever might they get that idea?
Thanks so much to those of you who are supporting me through my Patreon page! Your support doesn’t just help me produce this weekly newsletter – it will also help me develop further Connected Rights resources.
A MAN HAS BEEN JAILED IN CHINA for selling VPNs – virtual private networks, a.k.a. the easy-to-use tool that can help you get round censorship mechanisms like China’s “Great Firewall”. According to the South China Morning Post, Deng Jiewei was sentenced in March, though the public has only just noticed: http://bit.ly/2ex7GaK
Jiewei and his partner had explicitly advertised their wares as allowing people to “visit foreign websites that could not be accessed by a mainland IP address”. A court convicted him for “providing software and tools for invading and illegally controlling the computing information system”, a phrasing that social media users in China were reportedly struggling to understand.
In July (so, after this conviction), China said its three telecoms providers would have to block access to VPNs by February 2018.
THE CANADIAN GOVERNMENT HAS FORMALLY PROPOSED making it mandatory for companies to tell customers when they have suffered a data breach: http://bit.ly/2wGGE9b
At the moment, different Canadian provinces have different rules about such things, with most not requiring companies to disclose hacks and leaks. The new rules would operate at a federal level and, per the government, would “contribute positively to the privacy and security of individuals”.
In line with the EU’s General Data Protection Regulation (due to come into force next year), the Canadian proposals would come into play when data breaches pose a “real risk of significant harm” to the affected people. If you’re interested in the details, you can find them here: http://bit.ly/2gMigPG
SPEAKING OF THE GDPR, the EU’s world-leading privacy law will only work if it can be properly enforced, and privacy regulators will need a lot more resources to make this possible. After all, the law will probably lead to a lot more people complaining about their rights being infringed, and expecting something to be done about it.
In recent days, regulators in both the UK (http://on.ft.com/2eDYwwJ) and the Netherlands (http://bit.ly/2vL86FE) have issued pleas for more funding and staff.
If you’d like me to write articles for you about digital rights issues, speak at your event or provide advice for your business, drop me an email at firstname.lastname@example.org.
HIJACKING OTHER PEOPLE’S FACEBOOK GROUPS IS BAD, right? I dunno. What just went down in Germany is pretty funny: http://bit.ly/2vKm2Q2
Die Partei (The Party), which is a satirical (but real) political party, used fake accounts to infiltrate dozens of Facebook groups for members of the far-right AfD (which is set to enter the federal parliament for the first time this month). Once they had become trusted members of those groups with administration rights, they suddenly kicked out the real admins, switched the groups’ status from private to public (thus potentially exposing a combined group membership of around 180,000) and changed the groups’ names.
According to Deutsche Welle: “Now the group ‘The Truth about the Antifa’ is called ‘I ❤ Antifa’, ‘Love your Homeland’ has become ‘Love your Hummus’ and ‘Sharia – more and more in Germany?’ has turned into ‘Shakira – when is she coming back to Germany?'”
The answer to that last question is November, by the way. Anyway, bravo!