======================================================================= E P I C A l e r t ======================================================================= Volume 16.14 July 21, 2009 ----------------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/alert/EPIC_Alert_16.14.html "Defend Privacy. Support EPIC." http://epic.org/donate ======================================================================= Table of Contents ======================================================================= [1] Justice Department Open Antitrust Inquiry in Google Book Deal [2] Nomination Hearings for Judge Sotomayor [3] Inspector Generals Issue Report on President's Surveillance Program [4] Canadian Commissioner Holds that Facebook Must Strengthen Privacy [5] Global Privacy Standards in a Global World [6] News in Brief [7] EPIC Bookstore: "Global Employee Privacy and Data Security Law" [8] Upcoming Conferences and Events - Join EPIC on Facebook http://epic.org/facebook - Privacy Policy - About EPIC - Donate to EPIC http://epic.org/donate - Subscription Information ======================================================================= [1] Justice Department Open Antitrust Inquiry in Google Book Deal ======================================================================= On July 2, 2009, the Department of Justice announced an investigation into Google's proposed settlement with book publishers and authors. The settlement addresses a federal lawsuit filed by rights holders against Google, and arose from Google's large-scale digitization of books. The Department "determined that the issues raised by the settlement warrant further inquiry," and noted that commentators have "expressed concern that aspects of the settlement agreement may violate the Sherman [anti-trust] Act." The announcement follows the European Commission's notice of a similar investigation. The European Commission has announced that it will hold a hearing on September 7 for interested parties to comment. Commentators have criticized the proposed settlement on privacy grounds. University of California Professor Pamela Samuelson filed a letter with the court warning that the settlement will enable entities to "gather detailed information about the type and extent of academic research . . . inconsistent with norms and sound practices within academic communities." Library groups, including the American Library Association, caution that the settlement fails to protect user privacy, placing no restrictions on what information Google will retain about the user, how it will use that information, or how it will protect user data. Academics and others also object to the settlement on anti-trust grounds. The Institute for Information Law and Policy at New York Law School told the Court that the settlement "threaten[s] the public interest" by providing Google with "exclusive access to a large portion of the market for electronic versions of books," and granting Google the opportunity to "impose unfair and overreaching terms on libraries and readers." Professor Samuelson notes that the settlement-created Book Rights Registry could "have an institutional bias against helping academic authors who might want to put their books in the public domain or make them available under Creative Commons Licenses." The Google Books project began in 2004 as an online research tool and database to access the texts or large portions of the texts of millions of books. Google entered into agreements with several libraries to digitize books, including books protected by U.S. Copyright law, in those libraries' collections. In 2005, the Authors Guild and several publishers sued Google. The rights holders alleged that the project's digitization process infringed their copyrights. In response, Google argued that its digitization of the books is permitted under U.S. Copyright law's "fair use" doctrine. In 2008, the parties negotiated a proposed settlement. The federal court for the Southern District of New York must analyze the settlement's fairness, and approve or reject the terms. The Court has solicited comments, which are due September 4, 2009. EPIC has a long history of opposing actions that consolidate data concerning users' online habits. On April 20, 2007, EPIC and other privacy groups filed a complaint with the Federal Trade Commission, requesting that the agency open an investigation into the proposed Google/Doubleclick merger. EPIC identified specific privacy threats arising from the heightened ability of the merged company to record, analyze, track, and profile Internet users' activities. The Department of Justice later scuttled Google's proposed deal with Yahoo based on similar privacy concerns. The Department's probe focused on Google's growing power in advertising. July 2, 2009 Department of Justice Letter to Judge Denny Chin: http://epic.org/privacy/googlebooks/7-2-09_ltr.pdf Judge Chin's Response to July 2, 2009 DOJ Letter: http://epic.org/privacy/googlebooks/7-2-09_order.pdf EPIC - Google Books Settlement and Privacy: http://epic.org/privacy/googlebooks/default.html Pamela Samuelson, "Legally Speaking: The Dead Souls of the Google Booksearch Settlement:" http://epic.org/redirect/072009_Samuelson_LegallySpeaking.html Information Note filed by the German Delegation to the Council of the European Union: http://register.consilium.europa.eu/pdf/en/09/st10/st10221.en09.pdf EPIC - Search Engine Privacy: http://epic.org/privacy/search_engine/ EPIC - Privacy? Proposed Google/DoubleClick Deal: http://www.epic.org/privacy/ftc/google/ Yahoo! Inc. and Google Inc. Abandon Their Advertising Agreement, Justice Department Press Release, November 5, 2008: http://www.usdoj.gov/opa/pr/2008/November/08-at-981.html ======================================================================= [2] Nomination Hearings for Judge Sotomayor ======================================================================= President Obama nominated Judge Sonia Sotomayor to replace Justice David H. Souter as an Associate Justice of the Supreme Court of the United States earlier in May this year. On July 13, the Senate Judiciary Committee began its hearings to consider the nomination of Judge Sotomayor. After the President selects, but before the Senate as a whole considers the nominee, the Senate Judiciary Committee initiates its own intensive investigation into the nominee's background. The confirmation hearing began with a statement from the Committee chairman, Senator Patrick Leahy, followed by a statement from Judge Sotomayor. Senators, starting with the Chairman, then commenced the questioning in descending order of seniority. Several questions from the Senators concerned privacy issues. Senator Herb Kohl of Wisconsin first asked Judge Sotomayor if she believed there was a general right to privacy in the Constitution. Sotomayor responded in the affirmative. Senator Sheldon Whitehouse of Rhode Island questioned Sotomayor about her views on the privacy of information stored on electronic databases. Sotomayor explained that the circumstances in which stored information received protection depended on Congress's determinations about safeguarding certain types of information and what the Constitution had to say about such matters. Senator Arlen Specter of Pennsylvania also solicited the Supreme Court nominee's views on whether she believed the Supreme Court should have granted certiorari in a case involving the Foreign Intelligence Surveillance Act. Sotomayor did not provide a direct answer to the Senator's question. Senator Russ Feingold of Wisconsin asked Sotomayor to comment on Open Government issues, particularly about circumstances in which the Supreme Court has issued rulings containing substantive interpretations of FISA that were neither available to a full Congress nor the public. Sotomayor expressed that Congressional intent behind a statute was of primary importance. Al Franken of Minnesota also asked Sotomayor whether the words "privacy" could be found in the Constitution. Sotomayor responded in the negative, but nonetheless stated, in general, that courts recognize the right to privacy. Senator Diane Feinstein questioned Sotomayor on how she, as a Supreme Court Justice, would balance the executive branch's expertise in national security matters with the judicial branch's constitutional duty to enforce the Constitution and to prevent abuses of power. Senator Cardin elicited Judge Sotomayor's views on the role the court faced on privacy issues in the 21st century, especially since the Constitution was drafted in the 18th century. The nominee responded that the right to privacy has been recognized in a wide variety of cases and circumstances for over 100 years. She stated that such cases provided precedents and frameworks - although society changes, the Constitution and its principles have remained the same. Although the Committee vote on the nomination was to be held on Tuesday, July 21, the voting was postponed by a week. The full Senate is expected to vote on the nomination before the summer recess, scheduled for August 7. EPIC prepared an extensive page on Judge Sotomayor's view on privacy and other related issues. EPIC also provided running coverage of the nomination hearings and the Committee vote over Twitter at @privacy140 #sotomayor #scotus #privacy. EPIC - The Nomination of Judge Sotomayor: http://epic.org/privacy/sotomayor The President's Nominee: Judge Sotomayor, The White House Blog Post, May 26, 2009: http://www.whitehouse.gov/sotomayor/ Testimony of Judge Sonia Sotomayor: http://epic.org/redirect/072009_Sotomayor_Senate_Testimony.html Transcript from The Los Angeles Times: http://epic.org/redirect/072009_Sotomayor_LATimes.html Twitter - privacy@140: http://www.twitter.com/privacy140 Statement of the Honorable Patrick Leahy: http://epic.org/redirect/072009_Sotomayor_Leahy_Open.html Rules of Procedure United States Senate Committee on the Judiciary: http://judiciary.senate.gov/about/committee-rules.cfm ======================================================================= [3] Inspector Generals Issue Report on President's Surveillance Program ======================================================================= The Inspector Generals of the Intelligence Community released a report on the President's Surveillance Program. A separate classified version was also provided to the relevant Congressional Committees. The unclassified report summarizes the collective results of the reviews that can be publicly disclosed. The report was mandated under the Foreign Intelligence Surveillance Act Amendments Act of 2008. The review, prepared by the Inspectors General of the participating Intelligence Community describe how following the terrorist attacks of September 11, 2001, the President directed the NSA's signals intelligence collection capabilities be used. Although President Bush referred to the activities as the "Terrorist Surveillance Program," the Inspectors Generals chose instead to describe the program as the President's Surveillance Program (PSP)." The report examined (a) all the facts necessary to describe the establishment, implementation, product, and use of the PSP; (b) access to legal reviews of the PSP and access to information about the PSP; (c) communications with, and participation of, individuals and entities in the private sector related to the PSP; (d) interaction with the Foreign Intelligence Surveillance Court and transition to court orders related to the PSP; and (e) any other matters identified by any such IG that would enable that IG to complete a review of the PSP, with respect to such Department or element. The review details the inception of the PSP and the expansion of NSA's collection activities to conduct electronic surveillance within the United States without an order from the Foreign Intelligence Surveillance Court; the implementation of the surveillance program; the subsequent legal reassessment and the transition of certain activities to the FISC orders and the impact of PSP on the Intelligence Community's counterterrorism efforts. The report also states various conclusions of the different IGs of the Intelligence Community. Although the NSA OIG report found no evidence of intentional misuse of the program, the DOJ OIG concluded that it was "foreseeable that [PSP derived] information might impact the process and that the initial delay in reading anyone from DOJ's Office of Intelligence Policy and Review or the FISC into the PSP unnecessarily jeopardized DOJ's relationship with the Court. In addition, overly restrictive limitations on the number of OIPR attorneys and FISC judges who were read into the program created significant and avoidable problems of workload imbalance." The DOJ OIG concluded that once the PSP began to affect the functioning of the FISA process, the number of OIPR staff and FISC judges read into the PSP to manage the program's impact should have been increased. The DOJ OIG also concluded that it was extraordinary and inappropriate that a single DOJ attorney, John Yoo, conducted the initial legal assessment of the PSP, and that the lack of oversight and review of Yoo's work contributed to a legal analysis of the PSP that at a minimum was factually flawed. Upon Yoo's departure, his successors at DOJ began developing an analysis to more fully address the FISA statute with respect to the PSP. The DOJ OIG further concluded that the White House's strict controls over DOJ access to the PSP undermined DOJ's ability to perform its critical legal function during the PSP's early phase of operation and the circumstances plainly called for additional DOJ resources to be applied to the legal review. Finally, the DOJ OIG found it difficult to assess or quantify the overall effectiveness of the PSP program as it related to the FBI's counterterrorism activities. However, based on the interviews conducted and documents reviewed, the DOJ OIG concluded that although PSP-derived information had value in some counterterrorism investigations, it generally played a limited role in the FBI's overall counterterrorism efforts. The DOJ OIG advised that "the retention and use by [Intelligence Community] organizations of information collected under the PSP and FISA should be carefully monitored." In December 2005, EPIC requested the legal opinions that were prepared to justify the program. The government has refused to produce many key documents, and EPIC sued under the Freedom of Information Act. In March this year, the Attorney General released several related memos, which previously were secret, following President Obama's statement on government transparency. However, the legal authority for the wiretap program still remains secret. Intelligence Community: http://www.intelligence.gov/index.shtml Unclassified Report on the President's Surveillance Program: http://judiciary.house.gov/hearings/pdf/IGTSPReport090710.pdf EPIC's FOIA Complaint: http://www.epic.org/privacy/nsa/complaint_doj.pdf Department of Justice Releases Nine Office of Legal Counsel Memoranda and Opinions: http://www.usdoj.gov/opa/pr/2009/March/09-ag-181.html USDOJ - Office of Legal Counsel Memoranda: http://www.usdoj.gov/opa/documents/olc-memos.htm EPIC FISA: http://epic.org/privacy/terrorism/fisa/ EPIC FOIA Work on NSA's Warrantless Surveillance Program: http://epic.org/privacy/nsa/foia/default.html EPIC Wiretapping: http://epic.org/privacy/wiretap/ EPIC National Security Letters: http://epic.org/privacy/nsl/default.html ======================================================================= [4] Canadian Commissioner Holds that Facebook Must Strengthen Privacy ======================================================================= The Office of the Privacy Commissioner of Canada released a Report of "Findings into the Complaint Filed by the Canadian Internet Policy and Public Interest Clinic" against Facebook, Inc. The complaint was filed by the CIPPIC under the Personal Information Protection and Electronic Documents Act, and contained twenty-four allegations concerning a range of Facebook business practices. The PIPEDA covers privacy protections by private data holders, including the actions of third parties to whom the data holders provide information. It requires data holders to obtain individual consent for any use of such data, and requires data holders, upon request, to provide details regarding the nature of information held, and a list of all third parties to whom the information has been provided. The charges include allegations that Facebook fails to inform users: how it uses the personal information it collects; the extent of disclosures of such information to the more than 950,000 third-party application developers; of new uses of the personal data collected; of monitoring for anomalous behavior; and, of persistent cookies in mobile Facebook. The complaint further alleges that Facebook fails to allow for deletion (as opposed to deactivation) of user accounts or obtain consent from non-users for upload and storage of personal information. Privacy Commissioner Jennifer Stoddart stated that while Facebook has clearly made efforts to maintain user privacy, "we found serious privacy gaps in the way the site operates." Facebook has agreed to many of the Commission's recommendations, and has also proposed what the Commission calls "reasonable alternatives" to others. The company has not, however, addressed all of the recommendations, noting that under the current "statement of rights and responsibilities" it would have to consult users regarding changes to certain policies. The Commission, however, states in its report that "[w]hile we understand the importance Facebook places on user feedback, the legislative requirements and obligations imposed by the Act are not contingent on user approval." The Commission will review Facebook's new policies in 30 days to assess that the company is in compliance with the ruling. If Facebook's changes are unsatisfactory, the Commission can take the issue to Federal Court to enforce the recommendations. In June, the Article 29 Working Party warned about the dissemination and use of information available on Social Networking Sites for other secondary, unintended purposes. Earlier, in February, Facebook had announced that it was opening its site governance to user voting after the new Terms of Service were widely criticized, and were to be the subject of an EPIC complaint to the Federal Trade Commission. Facebook restored the old terms and sought user feedback on the new terms. About 75 percent of the users voted to adopt new terms re-drafted from user feedback. Under the updated terms, users have the right to "own and control their information." Facebook had also taken some steps to improve account deletion, to limit sublicenses, and reduce data exchanges with application developers. EPIC supported the adoption of the new terms. Office of the Privacy Commissioner of Canada: http://www.priv.gc.ca/index_e.cfm Report of Findings into the Complaint Filed by the CIPPIC against Facebook, Inc. under PIPEDA: http://www.priv.gc.ca/cf-dc/2009/2009_008_0716_e.cfm Personal Information Protection and Electronic Documents Act (PIPEDA): http://www.priv.gc.ca/cf-dc/2009/2009_008_0716_e.cfm#appendixB Article 29 Working Party Opinion of Social Networking Sites: http://epic.org/privacy/socialnet/Opinion_SNS_090316_Adopted.pdf Facebook Privacy Policy: http://www.facebook.com/policy.php Facebook Statement of Rights and Responsibilities: http://www.facebook.com/terms.php EPIC - Facebook Privacy: http://epic.org/privacy/facebook/ EPIC - Social Networking Privacy: http://epic.org/privacy/socialnet/ ======================================================================= [5] Global Privacy Standards in a Global World ======================================================================= The 31st International Conference of Data Protection and Privacy Commissioners, hosted by the Spanish Data Protection Authority, will be held November 4-6, 2009, in Madrid, Spain. The annual event draws Privacy Commissioners from around the world, as well as a host of experts from academia, civil society and the private sector. The theme of this year's conference is "Privacy: Today is Tomorrow." The core issues at the Privacy Commissioners' conference will be the education of minors, social networks and new technologies and its impact in terms of data protection and privacy; data protection as a strategic element in the scope of business and international data transfers in a globalized world. The conference will also address new advertising and sales techniques, together with their incidence in the field of data protection. The security – privacy binomial is another issue that will be discussed, for instance, the proliferation of video-surveillance devices, and biometrics. The Spanish Data Protection Director, Artemi Rallo Lombarte stated "the challenge we face as the organizers of the 31st International Conference is that of achieving the approval of a joint proposal on "International Standards for the Protection of Privacy and Personal Data," allowing the development of a universal, binding legal document." A civil society Symposium, entitled "Global Privacy Standards in a Global World" will take place on November 3, 2009, also at Madrid. This one-day event aims to "Review the privacy developments of the past year and release the current edition of the Privacy and Human Rights report;" "Promote civil society participation in decisions concerning the protection of privacy as both a fundamental human right and an essential facilitator for a global economy;" "Develop global privacy standards in a global world," and "Review and coordinate civil society involvement in privacy discussions in regional and other global arenas such as the United Nations Internet Governance Forum, The Asia Pacific Economic Cooperation Forum, the Organization for Economic Co-operation and Development, Internet Corporation for Assigned Names and Numbers, among others. Some of the issues to be addressed at the civil society conference will include: A country-by-country privacy overview: Are governments getting better at protecting citizens' data or is the surveillance society expanding?; Examples and experience sharing of privacy and data protection rights advocacy around the world, what can be achieved and lessons to be learned; Your Data in the Cloud: What if it Rains?"; Newest emerging issues and their implications for consumer digital rights: Cloud Computing, Search and Privacy and Google Book Settlement; "Freedom of Movement: Bridges for People, Walls for Data". A panel on "Towards Global Privacy Standards?" will also be held. The panel will discuss the key elements necessary to be included in a global privacy framework. For example, the right to access to his or her personal data as a key element to empower any citizen to exercise his or her right to control their own personal information. 31st International Conference of Data Protection and Privacy Commissioners: http://epic.org/redirect/072009_31Conf_IntlDPA.html The Public Voice: Global Privacy Standards in a Global World: http://thepublicvoice.org/events/madrid09/ The Public Voice: Estandares Globales sobre Privacidad en un Mundo Globalizado: http://thepublicvoice.org/events/madrid09/es.html Resolution on Standards On Privacy And Personal Data: http://epic.org/redirect/072009_PC09_PrivStandard.html The Public Voice: Civil Society Privacy Workshop: Privacy Rights in a World Under Surveillance http://thepublicvoice.org/events/montreal07 The Public Voice: http://thepublicvoice.org Privacy and Human Rights Report 2006: http://epic.org/phr06 ======================================================================= [6] News in Brief ======================================================================= Senate Homeland Security Committee Considers REAL ID 2.0 On July 15, 2009, the Senate Homeland Security Committee held a hearing to reevaluate the REAL ID Act law. The hearing focused on a new bill S. 1261, the "Providing for Additional Security in States' Identification Act of 2009" or the "PASS ID Act." Janet Napolitano, Secretary of Homeland Security, testified that REAL ID law "is unlikely to be implemented by the states." Civil liberties groups have expressed opposition to the PASS ID Act. However, the focus of the hearing was on reinstating many of the provisions of REAL ID under a new name "PASS ID." EPIC - PASS ID: http://epic.org/privacy/pass_id/ PASS ID Act: http://epic.org/privacy/pass_id/pass_id.pdf Federal Court Affirms Penalties for Sale of Telephone Records A Federal Appellate Court has ruled that a conduct by an entity may be an unfair trade practice although it may otherwise be lawful. The case involved a website that sold confidential telephone records. A federal statute forbids telecommunications carriers from disclosing telephone records absent customer consent. The Court, in upholding a lower court opinion ordering disgorgement of profits for the sale of private information, also held that the Federal Trade Commission had the right to pursue the unfair trade practice even if the area of law was strictly not administered by the FTC. The Tenth Circuit Court of Appeals further held that the Federal Trade Commission Act "enables the FTC to take action against unfair practices that have not yet been contemplated by more specific laws." The Office of the Privacy Commissioner of Canada had filed a "friend-of-the-court" brief in the case. Previously, EPIC had filed an amicus brief in a case before the D.C. Circuit Court urging support for opt-in safeguards for telephone customers. The EPIC brief had stated that "[c]onsumers have a legitimate expectation of privacy with respect to sensitive personal information such as whom they call on a telephone." "An opt-out policy would provide neither adequate protection for consumer data nor sufficient notice to consumers," the brief added. FTC v. Accusearch, Inc. - Tenth Circuit Court of Appeals: http://www.ca10.uscourts.gov/opinions/08/08-8003.pdf FTC v. Accusearch, Inc., - FTC Page: http://www.ftc.gov/os/caselist/pretextingsweep/accusearch.shtm FTC Seeks Halt to Sale of Consumers’ Confidential Telephone Records: http://www.ftc.gov/opa/2006/05/phonerecords.shtm EPIC - NCTA v. FCC: http://epic.org/privacy/nctafcc/ EPIC - CPNI (Customer Proprietary Network Information): http://epic.org/privacy/nctafcc/ GAO Finds Continued Federal Efforts Needed to Protect Cybersecurity The Government Accountability Office testified before Congress that DHS has yet to satisfy its key cybersecurity responsibilities which include increasing efforts to protect cyber critical infrastructure and act on key areas identified in recent GAO reports, such as enhancing partnerships with the private sector. The GAO testified that although DHS has taken actions to remedy security weaknesses in its Secure Flight program, it still needed to address remaining GAO recommendations for strengthening controls for systems supporting the US-VISIT program. The GAO also testified a majority of the federal agencies continue to exhibit deficiencies in their implementation of information security policies and procedures. 20 of 24 major agencies has noted that their information system controls over their financial systems and information were either a material weakness or a significant deficiency. The GAO has previously reported that agencies did not consistently (1) identify and authenticate users to prevent unauthorized access; (2) enforce the principle of least privilege to ensure that authorized access was necessary and appropriate; (3) establish sufficient boundary protection mechanisms; (4) apply encryption to protect sensitive data on networks and portable devices; and (5) log, audit, and monitor security-relevant events. Furthermore, those agencies also had weaknesses in their agency-wide information security programs. EPIC has a longstanding interest in computer and network security policy and its potential impact on civil liberties. GAO Testimony on Cybersecurity: http://www.gao.gov/new.items/d09835t.pdf DHS/TSA Secure Flight: http://www.tsa.gov/secureflight/ DHS US-VISIT: http://www.dhs.gov/us-visit EPIC - Secure Flight: http://epic.org/privacy/airtravel/secureflight.html EPIC - US-VISIT: http://epic.org/privacy/us-visit/ DHS Issues Notice Requiring More Personal Information, Seeks Comments The Department of Homeland Security issued a notice proposing to update, rename, and reissue the record system. The notice expands the categories of records to include maiden name, mother's maiden name, date of birth, clearance level, identifying physical information, financial history, entry on duty date, and weapons bearer designation. The additions are supposed to ensure compatibility with DHS's Personal Identity Verification Management Record System. The new system, according to DHS, will support the administration of the Homeland Security Presidential Directive 12 which directs the use of a common identification credential for both logical and physical access to federally controlled facilities and information systems. The notice also states that the information in the system may be shared with other DHS components and appropriate Federal, state, local, tribal, foreign or international government agencies on a "need to know" basis. Comments are due on or before July 27, 2009. DHS Federal Register Notice [DHS-2008-0167]: http://edocket.access.gpo.gov/2009/E9-14905.htm Federal e-Rulemaking Portal: http://www.regulations.gov EPIC - Privacy and Control of Personal Data: http://epic.org/privacy/consumer/action.html EC Seeks Comments on EU Data Protection Framework The European Commission is seeking public comments on an effective and comprehensive legal framework that protects individual's personal data within the European Union. The Commission is seeking comments from citizens, organizations and public authorities. The questionnaire specifically asks about on the new challenges for personal data protection; whether the current legal framework meets those challenges; and what future action would be needed to address the identified challenges. Comments are due by December 31, 2009. Consulting the public - European Commission: http://epic.org/redirect/072009_EC_PubComm_Framewrk.html European Commission - Freedom, Security, Justice: http://ec.europa.eu/justice_home/fsj/privacy/index_en.htm EPIC - Council of Europe Privacy Convention: http://epic.org/privacy/intl/coeconvention/ EU Data Protection Supervisor Issues Draft Guidance on Video Privacy The European Data Protection Supervisor has created a consultation draft of the EDPS Video-surveillance Guidelines for review and comments. The purpose of the guidelines are to (i) contribute to the prevention of uncontrolled proliferation of video-surveillance in cases where not required; and (ii) assist the Community institutions in using video-surveillance responsibly and with effective safeguards in place where such surveillance is justified. The guidelines recommend that before implementing the technology, the purpose for using video surveillance be clearly established; address whether the technology is efficient and proportionate to the purpose; look for alternative solutions; and work together with Data Protection Officers to decide on camera locations, method of operations, and what safeguards are required to protect privacy and other legitimate interests or fundamental rights of the individuals captured on the cameras. The deadline for the written comments is September 15, 2009 and a workshop would be conducted on September 30, 2009 in Brussels. The guidelines would be formally issued subsequently. Draft Video-Surveillance Guidelines: http://epic.org/redirect/072009_EDPS_VideoSurv_Guide.html European Data Protection Supervisor: http://www.edps.europa.eu/EDPSWEB/edps/pid/1?lang=en EPIC - Video Surveillance: http://epic.org/privacy/surveillance/ EPIC - Observing Surveillance: http://www.observingsurveillance.org/ ======================================================================= [7] EPIC Bookstore: "Global Employee Privacy and Data Security Law" ======================================================================= "Global Employee Privacy and Data Security Law" Edited by Miriam H. Wugmeister & Christine E. Lyon http://www.amazon.com/gp/product/157018805X?tag=e03a6-20 As the offices of the world become increasingly interconnected and the flow of information from one place to another happens almost naturally, workplace privacy and data protection laws are sometimes all that stands between the proliferation of employee personal information from the workplace to the world. This book is aimed at employers who need to understand the legal landscape of workplace privacy and data security issues. The authors guide the employers begin asking the questions necessary to make key decisions. Privacy laws vary from state to state and from country to country. In this publication, the authors describe the contours of the protections arising from the varied social, cultural and legal regimes that influenced the evolution of privacy laws and how they impact today's offices. Edited by two partners of the Morrison and Foerster, the topics delve into multiple arenas of workplace privacy such as background checks and investigations; data communications monitoring and physical surveillance; non work related conduct; health information; use and disclosure of personnel records; security breach notifications; and the maintenance of the security of employee data. This compendium of workplace privacy laws provides a unique and invaluable aid to every employer to comprehend what information is really personal, in what context, and how it should be protected. This handbook is strongly recommended as a "must-have" to be on the shelves of every organization that not only wants to know of the affected privacy rights, but also desires to create an employer workplace privacy policy. -- Anirban Sen ================================ EPIC Publications: "Litigation Under the Federal Open Government Laws 2008," edited by Harry A. Hammitt, Marc Rotenberg, John A. Verdi, and Mark S. Zaid (EPIC 2008). Price: $60. http://epic.org/bookstore/foia2008/ Litigation Under the Federal Open Government Laws is the most comprehensive, authoritative discussion of the federal open access laws. This updated version includes new material regarding the substantial FOIA amendments enacted on December 31, 2007. Many of the recent amendments are effective as of December 31, 2008. The standard reference work includes in-depth analysis of litigation under Freedom of Information Act, Privacy Act, Federal Advisory Committee Act, Government in the Sunshine Act. The fully updated 2008 volume is the 24th edition of the manual that lawyers, journalists and researchers have relied on for more than 25 years. ================================ "Information Privacy Law: Cases and Materials, Second Edition" Daniel J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98. http://www.epic.org/redirect/aspen_ipl_casebook.html This clear, comprehensive introduction to the field of information privacy law allows instructors to enliven their teaching of fundamental concepts by addressing both enduring and emerging controversies. The Second Edition addresses numerous rapidly developing areas of privacy law, including: identity theft, government data mining and electronic surveillance law, the Foreign Intelligence Surveillance Act, intelligence sharing, RFID tags, GPS, spyware, web bugs, and more. Information Privacy Law, Second Edition, builds a cohesive foundation for an exciting course in this rapidly evolving area of law. ================================ "Privacy & Human Rights 2006: An International Survey of Privacy Laws and Developments" (EPIC 2007). Price: $75. http://www.epic.org/phr06/ This annual report by EPIC and Privacy International provides an overview of key privacy topics and reviews the state of privacy in over 75 countries around the world. The report outlines legal protections, new challenges, and important issues and events relating to privacy. Privacy & Human Rights 2006 is the most comprehensive report on privacy and data protection ever published. ================================ "The Public Voice WSIS Sourcebook: Perspectives on the World Summit on the Information Society" (EPIC 2004). Price: $40. http://www.epic.org/bookstore/pvsourcebook This resource promotes a dialogue on the issues, the outcomes, and the process of the World Summit on the Information Society (WSIS). This reference guide provides the official UN documents, regional and issue-oriented perspectives, and recommendations and proposals for future action, as well as a useful list of resources and contacts for individuals and organizations that wish to become more involved in the WSIS process. ================================ "The Privacy Law Sourcebook 2004: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price: $40. http://www.epic.org/bookstore/pls2004/ The Privacy Law Sourcebook, which has been called the "Physician's Desk Reference" of the privacy world, is the leading resource for students, attorneys, researchers, and journalists interested in pursuing privacy law in the United States and around the world. It includes the full texts of major privacy laws and directives such as the Fair Credit Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well as an up-to-date section on recent developments. New materials include the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the CAN-SPAM Act. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. http://www.epic.org/bookstore/filters2.0 A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ EPIC publications and other books on privacy, open government, free expression, crypto and governance can be ordered at: EPIC Bookstore http://www.epic.org/bookstore ================================ EPIC also publishes EPIC FOIA Notes, which provides brief summaries of interesting documents obtained from government agencies under the Freedom of Information Act. Subscribe to EPIC FOIA Notes at: https:/mailman.epic.org/mailman/listinfo/foia_notes ======================================================================= [8] Upcoming Conferences and Events ======================================================================= "Online Child Safety, Privacy, and Free Speech: An Overview of Challenges in Congress & the States", The Progress Freedom Foundation, July 27, 2009, 12:00 p.m. to 1:30 p.m., Room SVC-208, Capitol Visitor Center, 1st Street and East Capitol Street, NE (entrance across from Supreme Court) For more information, http://tinyurl.com/kmgmgh Engaging Data: First International Forum on the Application and Management of Personal Electronic Information hosted by SENSEable City Lab, Massachusetts Institute of Technology. October 12-13, 2009. Submission Deadline (extended) - July 27, 2009, 11:59 p.m. PDT (Los Angeles). For more information, http://senseable.mit.edu/engagingdata Pan-European Dialogue on Internet Governance (EuroDIG), Geneva, Switzerland, September 14-15, 2009. For more information, http://www.eurodig.org/ ASAP FOIA/Privacy Act Workshop, Chicago, Illinois, September 21-23, 2009. Registration: July 7, 2009 - September 11, 2009. For more information, http://www.accesspro.org/ 2nd International Action Day "Freedom not Fear - Stop the Surveillance Mania," September 12, 2009, Worldwide Demonstrations, Events, Privacy Parties etc. in many countries. For more information, http://wiki.vorratsdatenspeicherung.de/Freedom_Not_Fear_2009 3rd European Privacy Open Space, October 24-25, 2009, Vienna, Austria. For more information, http://www.privacyos.eu Global Privacy Standards in a Global World, The Public Voice, Madrid, Spain, November 3, 2009. For more information, http://thepublicvoice.org/events/madrid09/ 31st International Conference of Data Protection and Privacy Commissioners, Madrid, Spain, November 4-6, 2009. For more information, http://epic.org/redirect/072009_31Conf_IntlDPA.html UN Internet Governance Forum, November 15-18, 2009, Sharm El Sheikh, Egypt. For more information, http://www.intgovforum.org/ ======================================================================= Join EPIC on Facebook ======================================================================= Join the Electronic Privacy Information Center on Facebook http://epic.org/facebook Start a discussion on privacy. Let us know your thoughts. Stay up to date with EPIC's events. Support EPIC. ======================================================================= Privacy Policy ======================================================================= The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information." ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, see http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). ======================================================================= Donate to EPIC ======================================================================= If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can contribute online at: http://www.epic.org/donate Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ======================================================================= Subscription Information ======================================================================= Subscribe/unsubscribe via web interface: http://mailman.epic.org/mailman/listinfo/epic_news Back issues are available at: http://www.epic.org/alert The EPIC Alert displays best in a fixed-width font, such as Courier. ------------------------- END EPIC Alert 16.14 ------------------------ .