Privacy

Images captured on a household surveillance camera could breach data-protection rules, the European court of 'justice' (ECJ) has ruled .

By clarifying European legislation, the judgment could have significant consequences for householders in the UK who use CCTV and keep or try to use the images, according to a legal expert.

The case related to a Czech man, Frantisek Rynes, who installed a surveillance camera after he and his family were subjected to attacks by unknown individuals. The camera filmed areas including a public footpath and the entrance to the house opposite. After someone fired a catapult at his home, breaking a window, Rynes gave the recordings to the police, allowing them to identify two suspects, who were subsequently prosecuted.

However, one of the suspects challenged the legality of Rynes recording and holding the images. The Czech office for the protection of personal data, found that although Rynes had been trying to expose the perpetrators of a crime, he had infringed data-protection rules and issued him with a fine.

And of course Euro judges agreed:

The operation of a camera system, as a result of which a video recording of people is stored on a continuous recording device such as a hard disk drive, installed by an individual on his family home for the purposes of protecting the property, health and life of the homeowners, but which also monitors a public space, does not amount to the processing of data in the course of a purely personal or household activity, for the purposes of that provision.

The EU has issued formal censorship rules surrounding the so-called Right to Be Forgotten (RTBF).

The formal considerations that the EU data censors want considered in evaluating any RTBF request are:

• Does the search result relate to a natural person -- i.e. an individual? And does the search result come up against a search on the data subject's name?
• Does the data subject play a role in public life?
• Is the data subject a public figure?
• Is the data subject a minor?
• Is the data accurate?
• Is the data relevant and not excessive?
• Is the information sensitive within the meaning of Article 8 of the Directive 95/46/EC?
• Is the data up to date? Is the data being made available for longer than is necessary for the purpose of the processing?
• Is the data processing causing prejudice to the data subject?
• Does the data have a disproportionately negative privacy impact on the data subject?
• Does the search result link to information that puts the data subject at risk?
• In what context was the information published?
• Was the original content published in the context of journalistic purposes?
• Does the publisher of the data have a legal power, or a legal obligation, to make the personal data publicly available?
• Does the data relate to a criminal offence?

In most cases, it appears that more than one criterion will need to be taken into account in order to reach a decision to censor. In other words, no single criterion is, in itself, determinative.

The document asserts that successful RTBF requests should be applied globally and not just to specific country domain search results, as Google has been doing:

[D]e-listing decisions must be implemented in a way that guarantees the effective and complete protection of these rights and that EU law cannot be easily circumvented. In that sense, limiting de-listing to EU domains on the grounds that users tend to access search engines via their national domains cannot be considered a sufficient means to satisfactorily guarantee the rights of data subjects according to the judgment. In practice, this means that in any case de-listing should also be effective on all relevant domains, including .com

But any such global de-listing sets up a conflict of laws between nations that recognize RTBF and those that do not. Google had been notifying publishers that their links were being removed, causing some to republish those links for re-indexing. This has frustrated some European censors who see this practice as undermining the RTBF. Accordingly, the EU says that publishers should not be notified of the removal of links:

Search engine managers should not as a general practice inform the webmasters of the pages affected by de-listing of the fact that some webpages cannot be acceded from the search engine in response to specific queries. Such a communication has no legal basis under EU data protection law.

The EU also doesn't want Google to publish notices to users that links have been removed for similar reasons:

It appears that some search engines have developed the practice of systematically informing the users of search engines of the fact that some results to their queries have been de-listed in response to requests of an individual. If such information would only be visible in search results where hyperlinks were actually de-listed, this would strongly undermine the purpose of the ruling. Such a practice can only be acceptable if the information is offered in such a way that users cannot in any case come to the conclusion that a specific individual has asked for the de-listing of results concerning him or her.

The guidelines state that beyond external search engines (e.g., Google) they may be extended to undefined intermediaries. However they immediately go on to apparently contradict that notion:

The right to de-listing should not apply to search engines with a restricted field of action, particularly in the case of search tools of websites of newspapers.

Finally the guidelines suggest that only EU citizens may be eligible in practice to make RTBF requests.

MPs on the Science and Technology select committee have called for the Government to draw up new guidelines for websites and apps explaining clearly how they use personal data, warning that laws will be needed if companies fail to comply.

Facebook can gain direct access to a person's mobile and take pictures or make videos at any time without explicit consent, MPs warn as they call on social media companies to simplify their terms and conditions.

The MP said that they should simplify the conditions of using their services, which are designed for US courts, because they are so impenetrable that no reasonable person can be expected to understand them.

The MPs on the Science and Technology select committee called for the Government to draw up new guidelines for websites and apps explaining clearly how they use personal data, warning that laws will be needed if companies fail to comply.

The committee highlighted terms for Facebook Messenger's mobile app, used by more than 200,000 million people a month, that means it can gain direct access to a mobile or tablet, including to take pictures or make videos, at any time without explicit confirmation from the owner.

The five eyes mass snooping partners, the USA, the UK, Australia, Canada and New Zealand, have joined forces to nobble a UN General Assembly committee's statements on digital privacy.

While the General Assembly's human rights committee has adopted a non-binding resolution saying that unlawful or arbitrary mass surveillance, interception and data collection are highly intrusive acts and a violation of the right to privacy.

However, metadata collection, revealing most of what people are up to the internet, was dropped from the privacy violations noted in the resolution, at the behest of the US and its allies.

Google is to fight back against the European Union's inane right to be forgotten ruling. Following a ruling from the European Union Court of Justice under which, Google must remove personal information from search results upon requests without being in the position to ascertain that the request is justified.

In order to oppose against the ruling, Google is planning public hearings in seven different European cities starting in Madrid on September 9.

Google is looking for a robust debate over the ruling and its implementation criteria, as said by a top lawyer, David Drummond. Google is not the only company to criticize the ruling and Wikipedia Founder , Jimmy Wales, has called the ruling to be deeply immoral and even said that ruling will lead to an internet riddled with memory holes.

Drummond and Eric Schmidt, Google Chairman, will highlight the implications of this ruling. Furthermore, the company will outline ideas for handling requests related to criminal convictions.

As reported last week in the Wall Street Journal , Google has banned the privacy and security app Disconnect Mobile from the play store. By doing so, Google has shown once again that it cares more about allowing third-parties to monetize the tracking of its users than about allowing those users to ensure their own security and privacy. The banned app, Disconnect Mobile , is designed to stop non-consensual third party trackers on Android (much like EFF's Privacy Badger does in Firefox or Chrome). Disconnect released their app in the Android Play Store and Apple's App Store a little over a week ago. Google removed the app just five days after it was released, citing a section of their rules that states that developers agree not to use the Play Store to distribute apps that interfere with or disrupt the services of any third party.

On its face this may seem like a reasonable rule--it would block DDOS tools from the Play Store, for example--but on further inspection it's obvious that this rule is overly vague, allowing Google to be selective in its enforcement. After all, any antivirus app or firewall could be considered to be violating these terms of service, since they would interfere with the services of a (malicious) third-party. Yet firewall and antivirus apps abound in the Play Store. Clearly enforcement of this clause is selective.

So why is Disconnect Mobile being targeted? This question seems especially puzzling given that Disconnect's goal--blocking non-consensual third-party trackers--is as virtuous as the goals of any antivirus or firewall app. After all, who would want shadowy services collecting their browsing habits across the Internet without their consent? An app that blocks trackers like this seems like it would be a great thing to have in the Play Store, especially when you consider that the trackers it blocks can be used for nefarious goals such as spreading malware and spying on civilians . Simply put, technologies such as Disconnect and Privacy Badger are important for the security and privacy of end users. They are also incredibly popular--within days of being in the Apple App store Disconnect is already the number one utility app.

So again, why is Disconnect Mobile being targeted? The problem lies in the fact that many online advertisers participate in this sneaky tracking in order to build up reading profiles of users for marketing purposes, whether users have opted in or not. As a result, Disconnect Mobile blocks these types of ads--even though ad-blocking is incidental to its primary goal. Because of this, Google has deemed Disconnect Mobile to be interfering with these sneaky third-party services--services its users don't want. In other words, Google appears to be interpreting its rules to mean that apps that interfere with Google's business model will be banned, rather than apps that interfere with user security and privacy. By removing this app from the Play Store Google is putting its users at risk and sending the message that it cares more about its bottom line than its users' security.

Google has written to MelonFarmers saying that searches have been blocked for pages related to Max Mosley and his brush with the News World of the World:

We regret to inform you that we are no longer able to show the following pages from your website in response to certain searches on European versions of Google

Google then note that press pictures from the News of the World are the specific item being blocked.

Google have a FAQ explaining a little more about the blocking from search :

How are you implementing the recent Court of Justice of the European Union (CJEU) decision on the right to be forgotten?

The recent ruling by the Court of Justice of the European Union has profound consequences for search engines in Europe. The court found that certain users have the right to ask search engines like Google to remove results for queries that include the person's name. To qualify, the results shown would need to be inadequate, irrelevant, no longer relevant or excessive.

Since this ruling was published on 13 May 2014, we've been working around the clock to comply. This is a complicated process because we need to assess each individual request and balance the rights of the individual to control his or her personal data with the public's right to know and distribute information.

We look forward to working closely with data protection authorities and others over the coming months as we refine our approach. The CJEU's ruling constitutes a significant change for search engines. While we are concerned about its impact, we also believe that it's important to respect the Court's judgement and we are working hard to devise a process that complies with the law.

When you search for a name, you may see a notice that says that results may have been modified in accordance with data protection law in Europe. We're showing this notice in Europe when a user searches for most names, not just pages that have been affected by a removal.

Offsite Article: Fighting Back

21st July 2014. See article from theguardian.com

The Bolton News reprints old stories that Google has censored.

Update: Mosley takes legal action against Google

3rd August 2014. See article from telegraph.co.uk

Max Mosley has launched a new legal claim against Google, the search engine giant, for reproducing sexual images related to an expose in the News of the World.

Proceedings have been issued against Google's British arm and its California-based parent company, claiming that continuing to link to the images is a misuse of private information and a breach of data protection laws.

A spokesman for Google said: We have worked with Mr Mosley to address his concerns and taken down hundreds of URLs [internet links] about which he has notified us.

Sources in the company said they would fight the new High Court claim.

A German court has ruled today that Google must block all access in the country to images of a sadomasochistic orgy involving the former Formula One boss Max Mosley.

The pictures, taken from a video filmed by the now-defunct News of the World and published in an article in 2008, were judged by the court to seriously violate Mosley's privacy. The paper was fined for a breach of privacy.

Google has resisted Mosley's attempts to make it block all access to the widely-circulated images, saying that to do so sets a disturbing precedent for internet censorship.

The search engine giant said it planned to appeal today's decision from a Hamburg court, which has ordered the company to prevent any pictures, links or even thumbnails images from the orgy to show up on the google.de site.