Article published in EDRi-gram 8.7

In a blog post, Commissioner Malmström’s press spokesman Love Berggren placed the blame for the perceived need to impose EU-wide blocking squarely at the feet of the governments in the USA, Russia and Ukraine. He said that “a check of the internet by hotlines in 35 countries recently found 144 web sites in the USA, Russia, Ukraine and other countries. One year later, a majority of the sites were still operating”.

It is quite puzzling that the Commission has chosen to publicly criticise Russia and Ukraine in this context. There is widespread agreement that the problem of child abuse websites has decreased significantly in recent years in Russia and efforts are ongoing to address the problem there ever more effectively. This was partly to be attributed to efforts of former Commissioner Frattini for positive international engagement with Russia to remove the websites completely from the Internet rather than the new focus of blocking the sites while taking no new initiatives to take them offline.

Similarly, Ukraine has never appeared significantly on the reports of European hotlines with regard to child abuse images. However, and this may be an indicator of a wider strategy of the Commission, it has repeatedly been criticised with regard to intellectual property infringements.

read the entire article in EDRi-gram 8.7

Information and communication technologies (telephone, Internet, emails, blogs and social networks) make daily life and relationships with our relatives, friends or even strangers easier. Young people and young adults make a particularly intense use of them. However, unless we are careful, they can lead us to hand over excessive amounts of our personal data, facilitating surveillance of our private lives. Protection of personal data is crucial for the respect for privacy. The European Union has established a legislative and regulatory framework which aims at ensuring the protection of citizens’ personal data as one of their fundamental rights. What is the reality in practice and how can we protect ourselves on a daily basis?

The European project “Sensitization and information of young European citizens on the protection of their personal data” takes stock of the situation in nine EU countries (Czech Republic, Finland, France, Germany, Greece, Netherlands, Romania, Spain and United Kingdom) and on the European legislation. This 18-month project started in January 2009 and is funded by the “Fundamental Rights and Citizenship” programme of the European Commission. It is coordinated by the French League of Human Rights (LDH), in partnership with the European Association for the Defense of Human Rights (AEDH), European Digital Rights (EDRi), the Czech association Iuridicum Remedium (IuRe) and the Spanish association Comunicació per a la Cooperació (Pangea). The project aims at raising citizens’ awareness on the issue of privacy protection. Country reports, a comparative analysis of the various situations and an inventory of the legislation and practices in the EU are being produced for that purpose. They will come with recommendations to public authorities.

As for now, the project publicly releases a comic book “Under surveillance “it produced as an information and awareness tool for young adults.

Synopsis: In an unspecified European city, a group of young people works, studies, travels, publishes on forums and blogs, exchanges on social networks and meets at concerts… A “difficult” situation in the life of a young photo-journalist and his friends’ mobilization to help him out of this situation illustrate the breaches of personal data protection facilitated by the use of new technologies. The comic book underlines the consequences but also possible remedies. A glossary and links to useful websites come with the comic book.

The comic book “Under surveillance” is available in Catalan, Czech, English and French. Online versions are made available on the project partners’ websites. 20,000 hard copies are available in each language and are disseminated for free. AEDH and EDRI are disseminating the English versions. We invite organisations interested in contributing to this dissemination to get in touch with AEDH and EDRI. Those interested in the production of versions in other European languages must contact LDH, the project coordinator.

Contacts: EDRi (edrigram at edri dot org) AEDH (aedh at aedh dot eu) LDH (ldh at ldh-france dot org)

Press release: Personal data: a comic book to raise awareness among European young adults (7.04.2010)
http://www.edri.org/files/Press-release-edri-comic-book-privacy-under-…

Données personnelles : une bande dessinée à destination des jeunes adultes européens pour prendre conscience, s’informer et se protéger au quotidien (only in French, 7.04.2010)
http://www.edri.org/files/Communique-bande-dessinee-vie-privee-surveil…

Comic Book “Under Surveillance”
http://www.edri.org/files/Comic-Book-Under-surveillance-En.pdf
http://www.edri.org/files/Comic-Book-Cover-Under-surveillance-En.pdf

LDH France
http://www.ldh-france.org

EDRi
http://www.edri.org

AEDH
http://www.aedh.eu

IURE
http://www.iure.org

Pangea
http://www.pangea.org

The German Constitutional court declared the data retention law as unconstitutional, in a landmark decision given today 2.03.2010.

After data retention ruling: Civil liberties activists call for political end to retention of telecommunications data

+++ Data retention opposed by 70% of German population +++ European Citizens’ Initiative for repealing the EU directive on data retention announced +++ Legal action to be continued +++

The German Working Group on Data Retention has today announced a Europe-wide campaign to end Internet and telephone data retention. This follows the German Constitutional Court’s ruling on a mass complaint made by more than 34,000 citizens. According to a newly-published poll, 69.3% of all Germans oppose data
retention, making it the most strongly rejected surveillance law.[1]

“The recording of confidential contacts and movements of the entire population in the absence of any suspicion is unacceptable and must stop immediately”, says Florian Altherr of the Working Group. “In starting an initiative to this end, the Federal Minister of Justice can count on the support of EU Commissioner Viviane Reding as well as of many states such as Austria, Belgium and Romania, all of which do not have data retention laws in place.”

“In order to bring the massive rejection of blanket data retention home to politicians we are in the process of preparing a European Citizens’ Initiative. With the signatures of one million opponents to the permanent logging of our Internet and phone use we want to pursuade the EU to repeal its data retention directive”, announces data protection activist padeluun of the Working Group.

Patrick Breyer of the Group adds: “At the same time we will continue our legal fight against data retention. Today’s decision proclaiming the recording of the entire population’s behaviour in the absence of any suspicion compatible with our fundamental rights is unacceptable and opens the gates to a surveillance state.”

The German Working Group on Data Retention is making five political demands after today’s ruling:
1. The Federal Government, the Federal Minister of Justice and Parliaments must now cooperate with other like-minded states and bodies to take steps to repeal the redundant and detrimental data retention directive.
2. The German law on data retention, going far even beyond EU requirements and - according to the German Constitutional Court - unconstitutional, must not be renewed.
3. European citizens should be given the right to file constitutional complaints directly with the European Court of Justice.
4. The Federal Government must not agree to any further collection of information on citizens not suspected of any wrong-doing in the name of security, such as the air travellers file proposed by the EU. Mass data pools
that were introduced in the past, such as the registration of Internet use by the Federal Office for Information Security or the employee information system ELENA, must be closed down.
5. An independent review of all existing “security” measures must take place in order to systematically examine their compatibility with our fundamental rights, their effectiveness, their cost, their harmful side-effects and alternatives.

Background information:

Communications data enables the tracing of who has contacted whom via telephone,
mobile phone or e-mail. In the case of mobile calls or text messages via mobile
phone, the user’s location is also logged. Data retention allows citizens’
movements to be traced and personal and business contacts to be monitored.
Information regarding the content of communications such as personal interests
and individual life circumstances can also be deduced.

A study commissioned in 2008 shows that data retention is acting as a serious
deterrent to the use of telephones, mobile phones, e-mail and Internet. The
survey conduced by research institute Forsa found that with communications data
retention in place, one in two Germans would refrain from contacting a marriage
counsellor, a psychotherapist or a drug abuse counsellor by telephone, mobile
phone or e-mail if they needed their help. One in thirteen people said they had
refrained from using telephone, mobile phone or e-mail at least once because of
data retention, which extrapolates to 6.5 mio. Germans in total.

German NGO Working Group on Data Retention (Arbeitskreis
Vorratsdatenspeicherung) organised several protest marches against the scheme.
Last year, 20.000 people protested against surveillance in Berlin.[2]

Footnotes and Links:
[1] Poll on data retention (in German):
 http://www.vorratsdatenspeicherung.de/im…
[2] Protest march “Freedom not Fear”:
 http://www.vorratsdatenspeicherung.de/co…

About Arbeitskreis Vorratsdatenspeicherung (German Working Group on
Data Retention):
The Arbeitskreis Vorratsdatenspeicherung (AK Vorrat) is a Germany-wide
organisation which campaigns against extensive surveillance in general and the
blanket logging of telecommunications and other behavioural data in particular.
Homepage und contact details: http://www.vorratsdatenspeicherung.de

Previous press releases:
1. Unanimous rejection of proposed telecommunications data retention
(22/01/2007): http://www.vorratsdatenspeicherung.de/co…
2. Thousands of people participated in nationwide protests against data
retention (07/11/2007):
 http://www.vorratsdatenspeicherung.de/co…
3. Constitutional complaint filed against German Telecomms Data Retention Act
(31/12/2007): http://www.vorratsdatenspeicherung.de/co…
4. Historic class-action lawsuit filed against telecommunications data
collection (29/02/2008):
 http://www.vorratsdatenspeicherung.de/co…
5. Data retention in Germany partly suspended by Constitutional Court - NGO
demands resignation of Minister of Justice (19/03/2008):
 http://www.vorratsdatenspeicherung.de/co…
6. After ruling on data retention: activists remain confident (10/02/2009):
 http://www.vorratsdatenspeicherung.de/co…
7. Administrative Court: Data retention is “invalid” (16/03/2009):
 http://www.vorratsdatenspeicherung.de/co…
8. Civil Liberties Groups Ask EU to Repeal Data Retention Directive
(01/12/2009): http://www.vorratsdatenspeicherung.de/co…

More information:
1. Our mission statement:
 http://www.vorratsdatenspeicherung.de/co…
2. Joint statement on data retention:
 http://www.vorratsdatenspeicherung.de/co…
3. Class-action law suit against data retention:
 http://www.vorratsdatenspeicherung.de/co…

This press release on the Internet:
 http://www.vorratsdatenspeicherung.de/co…

Article published in EDRi-gram 8.3

On January 28 and 29, the Council of Europe held a consultation meeting on the launch of work on a new international instrument that would create neighbouring rights for broadcasting organisations. The purpose of this initiative is to take up the work of the World Intellectual Property Organisation (WIPO) which, following twelve years of negotiation has been unable to reach any agreement on the objectives and scope of a proposed treaty for the protection of broadcasters and cablecasters. The draft WIPO treaty has been proposed as the basis for negotiations at the Council of Europe.

Negotiations at WIPO have stalled over two issues concerning the scope of the proposed treaty. First, the majority of WIPO’s Member States want any treaty to be limited to protecting broadcasters’ signals, rather than creating 50 year intellectual property rights to the content carried by those signals, which in most cases, is already protected by copyright. Second, many countries oppose the extension of the treaty to the Internet because that would restrict freedom of expression and the free flow of information on the Internet. Despite this, broadcasters have continued to press for treaty based on IP rights, and want exclusive rights over Internet retransmissions of recorded broadcast and cablecast programming. The current draft WIPO treaty also includes a number of other elements that raise concerns for consumers’ existing rights under national copyright laws, competition policy, and innovation, including obligations for legal entrenchment of broadcasters’ and cablecasters’ technological protection measures and an overbroad ban on decryption devices that would extend to personal computers.

See the entire article published in EDRi-gram 8.3

Article published in EDRi-gram 8.3

The transposition of the Data Retention Directive in Belgium has remained stagnant for a long time. Following a public consultation in May 2008 on a first draft law proposal and draft royal decree to transpose this Directive into Belgian law, a broad group of organisations voiced a strong position against the Data Retention Directive and the way in which the Belgian government wanted to transpose this into the national law.

Not only did the government choose for a maximal transposition (e.g. a retention period of 24 months), but the Belgian government also chose to extend the data retention scheme provided by the European Directive (e.g. demanding more data to be retained, such as banking data, and allowing access and use of these data beyond ’serious’ crime). Even the Belgian Data Protection Authority (DPA) delivered at that time, and for the first time ever, a completely negative advice on the draft law proposal and royal decree.

Together with the public campaign on the website bewaarjeprivacy.be, all the above had an impact on some political parties taking part in the federal government, especially the French speaking ones, which made it hard - given the more general mistrust in the Belgian federal government between Dutch speaking and French speaking parties - to find a political agreement on the matter and for the responsible cabinets to proceed without adjustments.

See the entire article published in EDRi-gram 8.3

See now FAQ on Swift also in French, German, Italian and Finnish

In German
http://www.edri.org/files/SWIFT-FAQ_2010-02-10-DE.pdf

In Italian
http://www.edri.org/files/SWIFT-FAQ_2010-02-10-IT.pdf

In French
http://www.edri.org/files/SWIFT-FAQ_2010-02-10-FR.pdf

In Finnish
http://www.effi.org/uutiset/100209-swift-faq-sopimus.html

After the Civil Liberties committee in the European Parliament (EP) rejected on 5 February 2010 the interim nine-month SWIFT deal between the EU and US, now it will be up to the plenary of the EP to confirm the decision on 11 February 2010.

The interim controversial deal which provisionally came in force on 1 February was negotiated to order to provide US with a legal background, following new architechture of SWIFT (Society for Worldwide Interbank Financial Telecommunication) which does not longer mirror EU transactions in the United States since 1 January. However, the deal needs EP’s approval to become legally binding. Under the new Lisbon Treaty, which came into force in December, EP obtained extended legislative powers and has to approve any new European law.

The main argument of the EP Civil Liberties committee to scrap the deal is the lack of proper data privacy safeguards. The opponents of the agreement also emphasized that by rejecting the interim deal now would give the EU the upper hand for the final agreement, as only 60-70% of the Parliament’s recommendations on data protection have been considered in the present text.

However, the US officials are pressing EU for a final agreement on bank data access. On 6 February, during the Munich security conference, US national security advisor James Jones restated the need for EP to allow American investigators to access EU banking data in order to trace terrorism funding.

US foreign policy chief Hillary Clinton had phone conversations with EP President Jerzy Buzek, and Catherine Ashton, her EU counterpart and, together with US treasury secretary Timothy Geithner, wrote a letter to Buzek in which they expressed the hope that the EP vote would be positive for the agreement.

EDRi has also explained in an FAQ on SWIFT sent to some MEPs that the current interim framework does not meet EU data protection and privacy standards and that “in effect, the agreement would violate established EU and national law in this field, including the European Convention on Human Rights and the EU Charter of Fundamental Rights.”

EDRi is also pointing on the fact that a lot of data will in fact be shared with the US because of the technical set-up of SWIFT. Thus the company can not limit data searches to specific individuals. “In effect, it will have to (and has in the past) transfer data about all transactions from a certain country on a certain date. There have been reports that the U.S. Treasury has received up to 25% of all SWIFT transactions. This is beyond any proportionality and also puts the EU at risk of wide-scale economic espionage.”

The debate on this topic will take place today, 10 February 2010 at 15 00 CET and can be followed live on the European Parliament website. The vote will follow on 11 February 2010 at 12 00 CET.

EDRi makes a public call to all EU citizens interested in privacy issues to call their MEPs before Thursday, 11 February 2010 to tell them to vote against the SWIFT treaty.

EDRi public letter to MEPs - FAQ - Why should the “SWIFT” Interim Agreement be rejected by the Parliament? (9.02.2010)
http://www.edri.org/files/SWIFT-FAQ-2010-02-09.pdf

Live Coverage of the SWIFT debates in the European Parliament - 10.02.2010 starting with 15:00 CET
http://www.europarl.europa.eu/wps-europarl-internet/frd/live/live-vide…

US links EU security partnership to bank data deal (8.02.2010)
http://euobserver.com/9/29427/?rk=1

Clinton calls parliament chief over bank data deal (4.02.2010)
http://euobserver.com/?aid=29411

Euro MPs shun bank data deal with US (5.02.2010)
http://news.bbc.co.uk/2/hi/europe/8500132.stm

EU lawmakers slam bank data deal with US (1.02.2010)
http://www.dw-world.de/dw/article/0,,5200854,00.html

EDRi-gram: Bank data deal under heavy fire from EU Parliamentarians (27.01.2010)
http://www.edri.org/edrigram/number8.2/swift-deal-european-parliament

AEDH (European Association for the Defence of Human rights) and EDRI (European Digital Rights) launch the first edition of the European Civil Society Data Protection Award (ECSDPA). The prize aims at rewarding positive initiatives contributing to the visibility and effectiveness of right to privacy and to the protection of personal data in Europe. The ECSDPA prize will be awarded each year on 28 January, as a European Civil Society contribution to the Data Protection Day.

Such achievements and initiatives have to enhance public awareness, stimulate creative and constructive input, and favour useful exchanges of information at any level, from the very local neighbourhood to the whole European continent.

The award is open to all non-governmental organisations, trade unions, non-profit institutions and any other civil society actor from the 47 member States of the Council of Europe. The ECSDPA winner will benefit from a one week lobbying training in Brussels, travel expenses and lodging being fully covered.

The ECSDPA initiative, the first of its kind, has been made possible thanks to the support of The Law Science Technology & Society Research Group of the Vrije Universiteit Brussel (LSTS/VUB) and The Flemish-Dutch House deBuren.

You can find the operational details about the prize, including application and selection procedures, by following the link: http://www.ecsdpa.org.

The deadline for submitting nominations is 15 January 2010. Nominations should be sent to: nominations at ecsdpa dot org.

For any further information, please contact: contact at escdpa dot org

See this press release in French, German or Spanish.

(Please note that all notes from Live Blogging were taken live and might contain some errors)

Last session from the Public Voice events - http://thepublicvoice.org/events/madrid0…

Presenting the declaration - Global Privacy Standards for a Global World, The Civil Society Declaration Madrid, Spain, 3 November 2009

Ms. Jennifer Stoddart, Privacy Commissioner, Canada (Canada)

Describing Canada’s situation. Other activitis from the DPA.

The Canadian DPA fully supports the Declaration.

Mr. Jacob Kohnstamm, EU Article 29 Group Vice-Chairman (Netherlands)

I am impressed not only by the things in the declaration, but also by the vast ammount of NGOs who signed. How to empower data subjects ?

Accountabilty - but to explain it better, haiving the DPAs more power to enforce.

Mr. Rafael García Gozalo, Agencia Española de Protección de Datos (Spain)

Frank and sincere support of the Spannish DPA for this Declaration. Resolution from the past conf - international resolution of privcay standard s - creating a huge map of compatibilities (you should see the presentation here) - just four issues where is the same opinion.

Mission - to draft a document according to the criteria set up by the conf. define the effective application, examine the role of self-regulation

Wanted to obtain the broadest institutional and social consensus. Now final draft for the Madrid conf.

Main features:

- not an innovative text - based of existant principles

- not a european text - looking for maximum consensus

- guarantee adequate level of protection

- importance of international transfers

- importance of self-regulation

Mr. Simon Davies, Privacy International (UK)

Mr. Simon Davies, founder of Privacy International (UK), sends a bouquet of flowers to the regulators and organizations

I missed his speech

Mr. Peter Hustinx, Supervisor, European Data Protection Supervisor (Netherlands) - closing remarks

Congratulate Public Voice and Marc.  EDPS underscores the enourmos work or civil society - also on keeping other actors sharp.  We agree on the increased importance of privacy in and ICT dependant. The stakes getting higher every year.

We need to focus on greater effectiveness. It should be effective in a real world - drilled to the bottom. Integrated approaches to combine.

The Lisbon treaty has a very proeminent provision of data protection. I find not only welcome this declaration and a strong signal of awareness.

String messages in the text by the spannish DPA: adopted by consensus - strong consesus of messages fromall over the world.  There are innovative elements - there will be long and hard until it will be an international convention.

Responsibility is key - in implementing privacy in everything that is being done.

The emphasis is shifting from DP Authorities to responsable parties that need to prove that they did the correct thing.

The role of the DPA will change - and will need to focus where that it needs to be.

We need to fix things in RFID isues, Social networks, cloud computing.

</end session>

</end blogging for today>

See the previous workshops coverage

Moderator: Prof. Yves Poullet, Computing Research Centre, Facultés Universitaires Notre-Dame de la Paix (Belgium)

Mr. Pedro Martinez, Fiscal, Madrid High Court (Spain)

Data retention directive -  scope to monitor citizens

Implementation in spain - software SITEL - part of Interpol. Discussion on spanish issues regarding wiretapping and data retetion directive ( The translator is doing a great job, but he has a rough time in keeping up with the speaker

Relationship between us and eu

Mr. Eddan Katz, Electronic Frontier Foundation (USA) .

inadequate protection of data.

Under the derogations - list of data that can be transferred - legal incertanty about it.

Unambigous consent - practical problems how can you differentiate between eu users and others…

Standard clauses

Binding Corporate Rules - but is just for a few organisations

EU-US safe harbour principles presented.

Safe harbour issues - yearly registration at FTC (but only for commercial entities)

But Accountability is the problem.

But all this depands on having a DPA.

Mr. Ivan Ferrando Perea, President, CENTIC (Peru)

Cross border flow - consideration from developping countries

We need a global privacy strandard- is private sector an ally in this search for a global standards ? Not likely

The lesser privacy - the more competiteveness.

Self regulation is not present in this scenario. Companies do not produce self-regulation  -a good number of multinational companies apply a privacy standard lower than the one in their countries - so the civil society and developped countries are the one that should lead the topic.

A global standard can’t be based on self-egulation, needs to be a legisltion with a list of minimum standards. Global standard needs to be a comittment to adop DP legislation.

Mr. Nigel Waters, Australian Privacy Foundation (Australia)

TRansboder data flows are essential for several sectors (transport, etc.)

Big question of monitoring and enforcement. See if there are derrogation.

In Australia there are very wide exemptions and the DPA might not apply the rules.

2 types scenario:

1.Transfer of data for filling a purpose of the consumer - in this case he just needs to be informed.

2. When the private company and a govt asks for the private data to flow. In those cases the individual has almost no information or rights.  Suggested: destination govt to respect human rights and principles.

Mr. Francisco Javier “Patxi” Sanjuan, UGT, Member of CLI (Spain)

Companies discovered to transfer of data and reduce costs - the changes are also affecting workers. Protecting tools for workers and their privacy … (why would anyone read so much text ?

Mr. Gus Hossein, Privacy International (UK)

A modest proposal - stop focusing on transborder data flows that much. (even though PI fought PNR, SWIFT, etc.)

Let’s stop using transborder data flows as a Trojan horse. Just having a DP Act is not enough.

PI spoke with refugees, work with UN. There is a privacy dynamic - so let’s focus on capacity building.

What is capacity building ? - civil society, consumer groups - privacy is not a new domain.

</end session>

Moderator: Ms. Anna Fielder, TACD, Privacy International (UK)

Mr. Michael Donohue, OECD

Cloud computing = industralization of IT. No formal defition, cloud servicies - convienient on-demand access to services over the Internet.

Policy - security & privacy.  But also procurement (govt buyer of claud services), broadband access, competition policy, IP + consumer protection.

Tension between user control and cloud opportunites (mashups, etc.)

OECD is preparing a report focusing on tech changes in ref. cloud computing.

Mr. Alexander B. Van Eesteren, Ixquick

This too commercial for my taste, just check www.ixquick.com/

Ms. Ann Cavoukian, Ph.D., Information & Privacy Commissioner Ontario, (Canada)

Cloud computing - next wave, qualitative step. We call for a higher standard, that exceeds regulation.

Privacy by design - a much higher standard that regulatory compliance in 3 key areas

Goal of data minimalization - once the info is in the cload - it will be further than the user and thefore difficult to control.  Issued a paper last year in Privacy Impact Assesments (PIA) than Privacy of the Clouds - April 2008.

If you can strive to make privacy as default - this is the gold standard.

I am seeking to get organisation to make the privacy the default - both for private and public sector, because privacy trancends borders.

Mr. Andreas Kirsch, EDRi (Austria)- Data protection in the Cloud

What is new - cloud computing 2010 - several mainframes for millions of users, a few data processors, distributed across the globe, connected via the Internet.

Some potential problems:

- the location of the data - where is it?

- how to ensure proper processing ?

- data protection vs ad-financed services

- usage data - every data is recorded

- owenership data (see social networks)

- Access

- Pay per use or pay once, use freely.

- security - are you (still) in control ?

Cloud users - do not use insecure services , stay in control (keep ownership of data)

See also: Andreas: Security issues - Security Guidance for Critical Areas of Focus in Cloud Computing from Cloud Security Alliance http://bit.ly/SQbZz

Prof. Hong Xue, Director Institute for the Internet Policy & Law, Beijing Normal University (China)

Hong Xue APEC has largest internet pop, challenges? legal protection weak, wiki leaks orig in Asia, CJK China Korea Japan

Example: a woman was posted that she worked as an Internet worker and is HIV positive and combinated that info with her telephones, residence address, birthday and even her parents were discovered and were posted on the forum - but the whole posting was a hoax as a revange from her ex-boyfriend.

In 2008 first court decision for Human flesh searching - Bejing court convicted webmaster because published a a diary of a wife to commit suicide, the ex-husband that was harresed after this publication got damages from the court.

Mr. Cristos Velasco, General Director, North American Consumer Project on Electronic Commerce (Mexico)

Personal data of Internet users must receive the same protection in the claud.

First legal issue related to claud computing - conflict of law and jurisdiction. (see some countries that have no legislation - Mexico, Guatemala). How to comply with laws in different jurisdiction ?

Cross-border data transfers - under the EU data protection - data operator takes security measures and it might breach the eu law .

Is it possible under some laws to make and invetsigation in the cloud ? Are there international agreements to allow that ? What is the role of ISP ?

Also legal problem - electronic evidence in the cloud.

Due to the general concers, there is a need of policy and recommandation for cloud computing.

Questions

Sorry - no time to cover that as well, see twitter for some answers.

Ideas to conclude to include in a global standards: data breach notification, security, data minimalisation, responsability for IT infrastructure introduce in the market (see rfid), but not different standards for law enforcement usage.

Cavoukian: data minimalisation, strenghening security requirements, accountability.

Michael: global networks of privacy enforcement

</ end session>