Last week, Google announced changes in its privacy policies that will affect users of its services, such as search, Gmail, Google+ and YouTube. Advocates and legislators questioned the changes, saying that there were privacy issues, and criticized the Internet services giant (Congress pdf; archive pdf) for not including an opt-out provision; Google said that users who objected could stop using its services and move their data elsewhere. Google responded to the criticisms in a letter (pdf) to U.S. lawmakers and a blog post.

Now, the EU’s Article 29 Data Protection Working Party has written (Working Party pdf; archive pdf) to Google about the privacy policy, which affect 60 Google services. The Working Party includes data protection authorities from all 27 European Union member states as well as the European Data Protection Supervisor. Jacob Kohnstamm, chairman of the Article 29 Working Party, writes:

The scandal about the alleged hacking of thousands of British citizens’ phones by the UK News of the World led to that newspaper’s closing and the questioning of owner Rupert Murdoch and his son, James Murdoch, by British officials. (It also led to much discussion about the privacy and security of telephone voicemail systems.) Now, the New York Times reports that the voicemail hacking scandal has spread to the Murdochs’ Times of London and it could include e-mail hacking:

The hacking scandal at Rupert Murdoch’s British newspapers took a new turn on Thursday when a lawmaker said police investigations had spread to the flagship Times of London. The revelation came a day after lawyers said an e-mail referring to “a nightmare scenario” of legal repercussions from widespread phone hacking at the News of the World tabloid was deleted from James Murdoch’s computer less than two weeks before the police opened investigations.

The lawmaker, Tom Watson, from the opposition Labour Party, who has been a central figure in the inquiries into phone hacking, said in a message on Twitter that Scotland Yard had “confirmed to me they are investigating” The Times “over e-mail hacking.” [...]

The development was significant in two regards: it focused attention on e-mail hacking rather than the illicit voice mail interception at the center of inquiries so far, and it suggested that the most august of the Murdoch publications in Britain was not immune from scrutiny. Read more »

The New York Times reports on negotiations concerning the sharing of traveler data between European Union countries and the United States:

BRUSSELS — Raising the stakes in a trans-Atlantic struggle over data privacy, an influential lawmaker said Tuesday that the European Parliament should reject a deal between the European Union and the United States that aims at sharing information about air passengers as a way to fight serious crime and terrorism.

Sophie in ’t Veld, a Dutch member of the Parliament who previously helped lead efforts to block an initiative for sharing banking information with the United States, said the air passenger deal failed to address earlier concerns raised by the Parliament, and was incompatible with other European legislation. [...]

A majority of E.U. member governments approved the air passenger deal in December, although Germany and Austria abstained because they still had serious concerns about the effects of the deal on privacy.

Ms. in ’t Veld’s recommendation is not binding, but if she gathers enough support the Parliament could block the agreement when it comes to a vote in April. Read more »

USA Today reports on how companies such as Google and Facebook are reacting to changes proposed in the European Union that would limit tracking of individuals’ online activities:

They may be battling each other tooth-and-nail to win over online advertisers. But Google and Facebook are on the same side when it comes to opposing new data-handling privacy laws fast-gelling in Europe and the U.S.

On Wednesday, the European Union formally proposed strict rules that could restrict much of the systematic tracking and profiling Google and Facebook routinely do of Internet users, as part of delivering targeted ads to them.

If Europe’s new rules are implemented as expected in 2013, the tech rivals could face hefty fines, up to 2% of annual revenue, for any violations. In Google’s case that translates into a maximum penalty of $800 million.

On Tuesday, Facebook Chief Operating Officer Sheryl Sandberg delivered a statistics-filled speech at a tech conference in Munich outlining how Europe’s proposed rules are very likely to stymie the global economy. [...]

Meanwhile, refinements announced this week by Google and Facebook, about how each tracks and profiles Internet users, added heat to the domestic debate over the need for new data privacy rules here in the U.S. Read more »

In honor of International Data Privacy Day, Computerworld in New Zealand has rounded up what it believes to be the 15 worst Internet privacy scandals:

These high-profile privacy scandals involve many underlying technologies, from search to social media, e-mail to voice mail, mobile phones to Webcams to GPS. But at the heart of all of these privacy scandals are companies collecting personal data without the user’s knowledge or consent and then either sharing it with third parties or simply failing to keep it safe. [...]

1. Sony CD Spyware

Sony BMG ran into a major privacy flap in fall 2005 because of the anti-piracy measures called XCP that it added to music CDs. When a customer played one of these CDs on a Windows PC, the CD installed hidden rootkit software onto the PC that communicated the CD being played and the IP address of the PC back to Sony. This so-called spyware also created vulnerabilities on PCs for worms or viruses to exploit. Critics said Sony had created a backdoor onto its customers’ machines, leading Sony to recall the CDs and offer a free removal tool for the rootkit software. Class action lawsuits were filed against Sony in Texas, New York and California. The U.S. Federal Trade Commission required Sony to pay $150 to any consumer whose PC was damaged by the software as part of a settlement for violating federal law. (Also see: Sony BMG rootkit scandal – five years later) [...]

3. AOL Search Leak

In August 2006, AOL released a file containing 20 million search keywords used by 650,000 of its users over a three-month period. The file was supposed to be anonymous data available for research purposes, but personally identifiable information was available in many of the searches making it possible to identify an individual and their search history. AOL admitted it was a mistake to release the data and removed it from its Web site after three days, but by then the data had been mirrored at sites across the Internet. AOL’s CTO Maureen Govern quit two weeks later. In September 2006, a class action lawsuit was filed – that’s still lingering in California courts — against AOL demanding $5,000 per user.

4. Google Street View Read more »

Saturday, January 28, is International Data Privacy Day. Take the time to think about how privacy is important in your life and how you can protect your rights from being infringed upon. Please also take the time to donate to any number of organizations out there trying to protect your privacy rights.

Visit the official site to find events near your area. Here are a few highlights in the United States and internationally:

Alabama

On Friday, Jan. 27, Cumberland School of Law hosts “Is My Phone Spying On Me or Am I Just An Open Book? An Exploration of Privacy and Mobile Technology.” It will be “a discussion on the legal, ethical, and commercial implications of mobile technology on privacy. Featuring privacy professionals from business, law practice, and the academy, this panel will explore the state of privacy law with respect to mobile technology, the tension between privacy and the utility of data collected from mobile technology, and how organizations handle data collected and transmitted using mobile technology.” Time and location: 10 a.m. to 11 a.m. at Cumberland School of Law at Samford University. For more information: http://cumberland.samford.edu/content/my-phone-spying-me

North Carolina

On Friday, Feb. 3, the UNC School of Information and Library Science and the American Library Association will host “Should Librarians Care About Privacy Anymore?” The free panel/webinar “will feature presentations and panel discussion by Barbara Jones, director of the American Library Association Office for Intellectual Freedom, Anne Klinefelter, associate professor of Law and director of the UNC at Chapel Hill Law Library, Christopher (Cal) Lee, SILS associate professor, Zeynep Tufekci, SILS associate professor, and SILS Dean, Gary Marchionini, as moderator.” Time and location: 1 p.m. to 3 p.m. at 08 Peabody Hall, UNC Chapel Hill2 and streaming via webinar. For more information: http://sils.unc.edu/events/2012/data-privacy-webinar  Read more »