close

European Union

BrexitCambridge AnalyticaEuropean UnionFacebookForeign policyMediaPoliticsSocial networkingTechnologyUK news

‘We’re waiting for answers’: Facebook, Brexit and 40 questions | Technology

‘We’re waiting for answers’: Facebook, Brexit and 40 questions | Technology


Mike Schroepfer, Facebook’s chief technology officer, was the second executive Facebook offered up to answer questions from parliament’s select committee for Digital, Culture, Media and Sport (DCMS).

He took his place in the hot seat in the wake of the first attendee, Simon Milner, Facebook’s (now ex-) head of policy for Europe, who answered a series of questions about Cambridge Analytica’s non-use of Facebook data that came back to haunt the company in the furore that followed the Observer and New York Times revelations from Christopher Wylie.

Schroepfer is Facebook’s nerd-in-chief. He was the tech guy sent to answer a series of questions from MPs about how his platform had facilitated what appeared to be a wholesale assault on Britain’s democracy, and though there was much he couldn’t answer, when he was asked about spending by Russian entities directed at British voters before the referendum, he spoke confidently: “We did look several times at the connections between the IRA [the Kremlin-linked Internet Research Agency] … and the EU referendum and we found $1 of spend. We found almost nothing.”

But new evidence released by the United States Congress suggests adverts were targeted at UK Facebook users, and paid for in roubles, in the months preceding the short 10-week period “regulated” by the Electoral Commission but when the long campaigns were already under way.

This is the latest episode in a series of miscommunications between the company and British legislators, which has come to a head in the week the Electoral Commission finally published the findings of its investigation into the Leave.EU campaign.

Damian Collins, the chair of the DCMS committee, said: “We asked them to look for evidence of Russian influence and they came back and told us something we now know appears misleading. And we’re still waiting for answers to 40 questions that Mike Schroepfer was unable to answer, including if they have any record of any dark ads.

“It could be that these adverts are just the tip of the iceberg. It’s just so hard getting any sort of information out of them, and then not knowing if that information is complete.”



Leave.EU supporters celebrate the Leave vote in Sunderland after polling stations closed in the Brexit referendum. Photograph: Toby Melville/Reuters

Preliminary research undertaken by Twitter user Brexitshambles suggests anti-immigrant adverts were targeted at Facebook users in the UK and the US.

One – headlined “You’re not the only one to despise immigration”, which cost 4,884 roubles (£58) and received 4,055 views – was placed in January 2016. Another, which accused immigrants of stealing jobs, cost 5,514 roubles and received 14,396 impressions. Organic reach can mean such adverts are seen by a wider audience.

Facebook says that it only looked for adverts shown during the officially regulated campaign period. A spokesperson said: “The release of the set of IRA adverts confirms the position we shared with the Electoral Commission and DCMS committee. We did not find evidence of any significant, coordinated activity by the IRA operatives directed towards the Brexit referendum.

“This is supported by the release of this data set which shows a significant amount of activity by the IRA with only a handful of their ads listing the UK as a possible audience.”

Collins said that the committee was becoming increasingly frustrated by Facebook’s reluctance to answer questions and by founder Mark Zuckerberg’s ongoing refusal to come to the UK to testify.

Milner told the committee in February that Cambridge Analytica had no Facebook data and could not have got data from Facebook.

The news reinforces MPs’ frustrations with a system that last week many of them were describing as “broken”. On Friday, 15 months after the first Observer article that triggered the Electoral Commission’s investigation into Leave.EU was published, it found the campaign – funded by Arron Banks and endorsed by Nigel Farage – guilty of multiple breaches of electoral law and referred the “responsible person” – its chief executive, Liz Bilney – to the police.

Banks described the commission’s report as a “politically motivated attack on Brexit”.

Leading academics and MPs called the delay in referring the matter to the police “catastrophic”, with others saying British democracy had failed. Liam Byrne, Labour’s shadow digital minister, described the current situation as “akin to the situation with rotten boroughs” in the 19th century. “It’s at that level. What we’re seeing is a wholesale failure of the entire system. We have 20th-century bodies fighting a 21st-century challenge to our democracy. It’s totally lamentable.”

Stephen Kinnock, Labour MP for Aberavon, said it was unacceptable that the Electoral Commission had still not referred the evidence about Vote Leave from Christopher Wylie and Shahmir Sanni – published in the Observer and submitted to the Electoral Commission – to the police. He said: “What they seem to have done, and are continuing to do, is to kick this into the long grass. There seems to be political pressure to kick this down the road until Britain has exited the EU.”

He accused the commission of ignoring what he considered key evidence, including about Cambridge Analytica. The commission had found Leave.EU guilty of not declaring work done by its referendum strategist, Goddard Gunster, but said it had found no evidence of work done by Cambridge Analytica.

“The whole thing stinks,” Kinnock said. “I wrote to the commission with evidence that the value of work carried out by Cambridge Analytica was around £800,000. The glib way it dismissed the multiple pieces of evidence about the company was extraordinary. I just think it is absolutely not fit for purpose.”

Gavin Millar QC, a leading expert in electoral law at Matrix Chambers, said: “Our entire democratic system is vulnerable and wide open to attack. If we allow this kind of money into campaigning on national basis – and the referendum was the paradigm for this – you have to have an organisation with teeth to police it.”

Damian Tambini, director of research in the department of media and communications at the London School of Economics, described the whole system as broken and said there was not a single investigatory body that seemed capable of uncovering the truth. “The DCMS Select Committee has found itself in this extraordinary position of, in effect, leading this investigation because it at least has the power to compel witnesses and evidence – something the Electoral Commission can’t do. It’s the classic British solution of muddling through.

“The big picture here is it’s possible for an individual or group with lots of money and some expertise to change the course of history and buy an election outcome. And with our regulatory system, we’ll never know if it’s happened.”

This article was amended on 13 May 2018 to clarify that a remark from Damian Tambini referred to the DCMS Select Committee.





Source link

read more
AlphabetData protectionDigital mediaEuropeEuropean UnionFacebookGDPRGoogleInternetMediaPrivacySocial mediaSocial networkingTechnologyTwitterWorld news

EU: data-harvesting tech firms are ‘sweatshops of connected world’ | Technology

no thumb


The European data protection supervisor has hit out at social media and tech firms over the recent constant stream of privacy policy emails in the run up to GDPR, calling them them the “sweatshops of the connected world”.

With the tough new General Data Protection Regulations coming into force on 25 May, companies around the world are being forced to notify their users to accept new privacy policies and data processing terms to continue to use the services.

But Giovanni Buttarelli, the European data protection supervisor (EDPS), lambasted the often-hostile approach of the recent deluge of notifications.

“If this encounter seems a take-it-or-leave it proposition – with perhaps a hint of menace – then it is a travesty of at least the spirit of the new regulation, which aims to restore a sense of trust and control over what happens to our online lives,” said Buttarelli. “Consent cannot be freely given if the provision of a service is made conditional on processing personal data not necessary for the performance of a contract.”

“The most recent [Facebook] scandal has served to expose a broken and unbalanced ecosystem reliant on unscrupulous personal data collection and micro-targeting for whatever purposes promise to generate clicks and revenues.

“The digital information ecosystem farms people for their attention, ideas and data in exchange for so called ‘free’ services. Unlike their analogue equivalents, these sweatshops of the connected world extract more than one’s labour, and while clocking into the online factory is effortless it is often impossible to clock off.”

The European Union’s new stronger, unified data protection laws, the General Data Protection Regulation (GDPR), will come into force on 25 May 2018, after more than six years in the making.

GDPR will replace the current patchwork of national data protection laws, give data regulators greater powers to fine, make it easier for companies with a “one-stop-shop” for operating across the whole of the EU, and create a new pan-European data regulator called the European Data Protection Board.

The new laws govern the processing and storage of EU citizens’ data, both that given to and observed by companies about people, whether or not the company has operations in the EU. They state that data protection should be both by design and default in any operation.

GDPR will refine and enshrine the “right to be forgotten” laws as the “right to erasure”, and give EU citizens the right to data portability, meaning they can take data from one organisation and give it to another. It will also bolster the requirement for explicit and informed consent before data is processed, and ensure that it can be withdrawn at any time.

To ensure companies comply, GDPR also gives data regulators the power to fine up to €20m or 4% of annual global turnover, which is several orders of magnitude larger than previous possible fines. Data breaches must be reported within 72 hours to a data regulator, and affected individuals must be notified unless the data stolen is unreadable, ie strongly encrypted.

While data protection and privacy has become a hot-button issue in part thanks to the Cambridge Analytica files, Buttarelli is concerned that it is simply being used as part of the “PR toolkit” of firms. He said that there is “a growing gulf between hyperbole and reality, where controllers learn to talk a good game while continuing with the same old harmful habits”.

A new social media subgroup of data protection regulators will be convened in mid-May to tackle what Buttarelli called the “manipulative approaches” that must change with GDPR.

“Brilliant lawyers will always be able to fashion ingenious arguments to justify almost any practice. But with personal data processing we need to move to a different model,” said Buttarelli. “The old approach is broken and unsustainable – that will be, in my view, the abiding lesson of the Facebook/ Cambridge Analytica case.”



Source link

read more
AmazonBusinessCultureeBayEuropeEuropean UnionFilmGoogleInternetMediaNetflixTechnologyTelevisionTelevision & radioTelevision industryWorld news

Online streaming services face ‘30% made in Europe’ law | Media

no thumb


Netflix, Amazon and other online streaming services will have to dedicate 30% of their output to TV shows and films made in Europe, which they must subsidise, under the terms of a new EU law agreed in Brussels on Thursday.

As well as the “Netflix quota”, the streaming services will have to fund European TV series and films, either by directly commissioning the content or contributing to national film funds, under the terms of an outline deal on EU broadcasting rules reached by legislators.

MEPs and the Council of Ministers, who are responsible for agreeing the law, struck a deal on a final version of the EU’s audio-visual services directive – a breakthrough in the legislative process.

The law falls into a longstanding tradition of EU lawmakers protecting European film and drama against the encroachments of Hollywood and US TV and online shows.

Industry groups have criticised cultural quotas as “outdated” and “counterproductive”, but lost the argument to European politicians who see them as vital to protect local languages and culture.

The European commission’s original proposal was for a 20% “Netflix quota” but MEPs said that was not enough.

The European parliament says the law means companies such as Netflix will face the same rules as traditional TV channels, not only on European content but also limits on advertising and product placement.

Video-sharing websites, such as Google and Facebook, will also have to intensify work to clamp down on content “inciting violence, hatred and terrorism”. Under the law, platforms need to create a “transparent, easy-to-use and effective mechanism” to allow users to report hateful content.

The EU is also banning product placement from children’s programmes, although member states can decide whether they want to outlaw corporate sponsorship of under-18’s TV shows.

Advertisers will only be allowed 20% of screen time during the prime-time hours of 6pm to midnight.

“We have now made European media regulation fit for the digital era by applying similar rules to similar services, whether online or offline,” said Sabine Verheyen, a German centre-right MEP who was one of the parliament’s lead negotiators.

The rules on product placement and sponsorship were “a great achievement for the protection of consumers, especially children and minors”, she added.

The law has to jump over several procedural hurdles before it is passed, a process not expected to be completed until September.

Also on Thursday a draft EU regulation was published that would force Amazon, Google, eBay and other tech firms to be more transparent in their dealings with third-party businesses that sell goods on their sites.

Thousands of companies use the platforms to sell goods online, allowing a sole trader working from home to reach millions of potential customers. But many complain that the big firms are opaque about their rankings, which mean some get top billing, while others struggle to be seen. App designers report similar problems when listing on Google’s and Apple’s stores.

Under the draft regulation, large platforms would have to rewrite their terms and conditions to ensure third-party sellers knew how to influence their online ranking, for example, if payment is required for a top spot.

Platforms would also have to explain any decision to suspend a third-party business from their site, and set up a system to handle complaints.

Legislators hope for agreement between European ministers and MEPs on the law by early next year, which would see the law come into effect from autumn 2019.

The draft regulation follows a pan-European survey by the commission, which found that 46% of businesses using online platforms encounter problems, rising to 75% for those that generated more than half of their turnover via the platform. One-third of heavy users complained about lack of transparency, while 22% thought terms and conditions were unfair. The most frequently cited problems were technical ones and lack of support from the platform.

“You see things like user conditions being changed from day to day,” said Mariya Gabriel, the European commissioner for digital economy and society. “We are saying to the platforms you need to have transparency with regard to your conditions for use, data access and so on, to provide businesses with the opportunity to know what their criteria are and to create an environment based on rules that everyone is familiar with.”



Source link

read more
Chat and messaging appsChildrenData protectionEuropeEuropean UnionFacebookGDPRMediaPrivacySocial networkingSocietyTechnologyWhatsApp

WhatsApp raises minimum age to 16 for Europeans ahead of GDPR | Technology

no thumb


WhatsApp is raising the minimum user age from 13 to 16, potentially locking out large numbers of teenagers as the messaging app looks to comply with the EU’s upcoming new data protection rules.

The Facebook-owned messaging service that has more than 1.5 billion users will ask people in the 28 EU states to confirm they are 16 or older as part of a prompt to accept a new terms of service and an updated privacy policy in the next few weeks.

How WhatsApp will confirm age and enforce the new limit is unclear. The service does not currently verify identity beyond requirements for a working mobile phone number.

WhatsApp said it was not asking for any new rights to collect personal information in the agreement it has created for the European Union. It said: “Our goal is simply to explain how we use and protect the limited information we have about you.”

WhatsApp’s minimum age will remain 13 years outside of Europe, in line with its parent company. In order to comply with the European General Data Protection Regulation (GDPR), which comes into force on 25 May, Facebook has taken a different approach for its primary social network. As part of its separate data policy, the company requires those aged between 13 and 15 years old to nominate a parent or guardian to give permission for them to share information with the social network, or otherwise limit the personalisation of the site.

WhatsApp also announced Tuesday that it would begin allowing users to download a report detailing the data it holds on them, such as the make and model of the device they used, their contacts and groups and any blocked numbers.

GDPR is the biggest overhaul of online privacy since the birth of the internet, giving Europeans the right to know what data is stored on them and the right to have it deleted. The new laws also give regulatorsthe power to fine corporations up to 4% of their global turnover or €20m, whichever is larger, for failing to meet the tough new data protection requirements.

WhatsApp, founded in 2009 and bought by Facebook for $19bn in 2014, has come under pressure from some European governments in recent years because of its use of end-to-end encryption and its plan to share user data with its parent company.

In 2017 European regulators disrupted a move by WhatsApp to change its policies to allow it to share users’ phone numbers and other information with Facebook for ad targeting and other uses. WhatsApp suspended the change in Europe after widespread regulatory scrutiny, and signed an undertaking in March with the UK Information commissioner’s office to not share any EU citizen’s data with Facebook until GDPR comes into force.

But on Tuesday the messaging firm said it wanted to continue sharing data with Facebook at some point. It said: “As we have said in the past, we want to work closer with other Facebook companies in the future and we will keep you updated as we develop our plans.”



Source link

read more
European UnionFacebookMediaPrivacySocial networkingTechnologyWorld news

Facebook moves 1.5bn users out of reach of new European privacy law | Technology

no thumb


Facebook has moved more than 1.5 billion users out of reach of European privacy law, despite a promise from Mark Zuckerberg to apply the “spirit” of the legislation globally.

In a tweak to its terms and conditions, Facebook is shifting the responsibility for all users outside the US, Canada and the EU from its international HQ in Ireland to its main offices in California. It means that those users will now be on a site governed by US law rather than Irish law.

The move is due to come into effect shortly before General Data Protection Regulation (GDPR) comes into force in Europe on 25 May. Facebook is liable under GDPR for fines of up to 4% of its global turnover – around $1.6bn – if it breaks the new data protection rules.

The shift highlights the cautious phrasing Facebook has applied to its promises around GDPR. Earlier this month, when asked whether his company would promise GDPR protections to its users worldwide, Zuckerberg demurred. “We’re still nailing down details on this, but it should directionally be, in spirit, the whole thing,” he said.

A week later, during his hearings in front of the US Congress, Zuckerberg was again asked if he would promise that GDPR’s protections would apply to all Facebook users. His answer was affirmative – but only referred to GDPR “controls”, rather than “protections”. Worldwide, Facebook has rolled out a suite of tools to let users exercise their rights under GDPR, such as downloading and deleting data, and the company’s new consent-gathering controls are similarly universal.

Facebook told Reuters “we apply the same privacy protections everywhere, regardless of whether your agreement is with Facebook Inc or Facebook Ireland”. It said the change was only carried out “because EU law requires specific language” in mandated privacy notices, which US law does not.

In a statement to the Guardian, it added: “We have been clear that we are offering everyone who uses Facebook the same privacy protections, controls and settings, no matter where they live. These updates do not change that.”

Privacy researcher Lukasz Olejnik disagreed, noting that the change carried large ramifications for the affected users. “Moving around one and a half billion users into other jurisdictions is not a simple copy-and-paste exercise,” he said.

“This is a major and unprecedented change in the data privacy landscape. The change will amount to the reduction of privacy guarantees and the rights of users, with a number of ramifications, notably for for consent requirements. Users will clearly lose some existing rights, as US standards are lower than those in Europe.

“Data protection authorities from the countries of the affected users, such as New Zealand and Australia, may want to reassess this situation and analyse the situation. Even if their data privacy regulators are less rapid than those in Europe, this event is giving them a chance to act. Although it is unclear how active they will choose to be, the global privacy regulation landscape is changing, with countries in the world refining their approach. Europe is clearly on the forefront of this competition, but we should expect other countries to eventually catch up.”

Facebook also said the change did not carry tax implications. That means users will exist in a state of legal superposition: for tax purposes, Facebook will continue to book their revenue through Facebook’s Irish office, but for privacy protections, they will deal with the company’s headquarters in California.

The company follows other US multinationals in the switch. LinkedIn, for instance, is to move its own non-EU users to its US branch on 8 May. “We’ve simply streamlined the contract location to ensure all members understand the LinkedIn entity responsible for their personal data,” it told Reuters.



Source link

read more
AdvertisingData protectionEuropeEuropean UnionFacebookFacial recognitionGDPRMediaSocial networkingTechnologyUS newsWorld news

Facebook to start asking permission for facial recognition in GDPR push | Technology

no thumb


Facebook has started to seek explicit consent from users for targeted advertising, storage of sensitive information, and – for the first time in the EU – application of facial recognition technology as the European general data protection regulation (GDPR) is due to come into force in just over a month.

The company is only required to seek the new permissions in the European Union, but it plans to roll them out to all Facebook users, no matter where they live. The move follows Mark Zuckerberg’s stated goal to apply the spirit of GDPR worldwide.

When Facebook users log in during the coming weeks, they will be asked to agree to the company’s updated terms of service, and to make specific choices in a number of areas defined by the new law.

In a blogpost, Facebook executives Erin Egan and Ashlie Beringer said users would be asked to review information about targeted advertising, and to choose whether or not they want the social network to use data from partners to show them ads; to explicitly confirm whether they’re happy to share “political, religious, and relationship information”, which is defined as specially protected data under EU law; and to agree to the use of facial recognition technology, which Facebook says will be used to detect which pictures users are in and help protect them against strangers using their photos.

Some users, however,say Facebook is attempting to railroad them in to giving consent under the new laws, rather than making it easy to make a meaningful choice.

If users want to decline the new permissions, they are not able to simply click “no”. Instead, all of the options are presented with a blue button reading “accept and continue” and a white button labelled “manage data settings”. The “manage data settings” button takes them to a second page where Facebook gives more information pushing them into accepting the change, and then a third page where they are able to opt out.

“Overall, it seems like Facebook is complying with the letter of GDPR law, but with questionable spirit,” wrote TechCrunch’s Josh Constine. “The subtly pushy designs seem intended to steer people away from changing their defaults in ways that could hamper Facebook’s mission and business.”

Facial recognition is a particular watershed for Facebook. The company withdrew an earlier facial recognition feature called tag suggestions from the EU and Canada in 2012 over concerns that it was not compatible with data protection laws in those jurisdictions. Now, however, the company believes it can roll out the features worldwide if it secures active consent from users before applying facial recognition technology to their photos.

A California judge allowed a class-action lawsuit against Facebook on Monday over tag suggestions. Users in Illinois are suing the company, arguing that the feature violated state law.



Source link

read more
Cambridge AnalyticaData protectionEuropeEuropean UnionFacebookMark ZuckerbergMediaSocial networkingTechnologyUK newsUS newsWorld news

Facebook refuses to promise GDPR-style privacy protection for US users | Technology

no thumb


Facebook is rolling out stronger privacy protections to users ahead of the introduction of Europe’s General Data Protection Regulation (GDPR), but Mark Zuckerberg will not promise all future changes will apply to the company’s American users.

Although the initial tranche of changes, announced last week, will be available worldwide, Zuckerberg refused to commit to GDPR becoming the standard for the social network across the world.

The European Union’s new stronger, unified data protection laws, the General Data Protection Regulation (GDPR), will come into force on 25 May 2018, after more than six years in the making.

GDPR will replace the current patchwork of national data protection laws, give data regulators greater powers to fine, make it easier for companies with a “one-stop-shop” for operating across the whole of the EU, and create a new pan-European data regulator called the European Data Protection Board.

The new laws govern the processing and storage of EU citizens’ data, both that given to and observed by companies about people, whether or not the company has operations in the EU. They state that data protection should be both by design and default in any operation.

GDPR will refine and enshrine the “right to be forgotten” laws as the “right to erasure”, and give EU citizens the right to data portability, meaning they can take data from one organisation and give it to another. It will also bolster the requirement for explicit and informed consent before data is processed, and ensure that it can be withdrawn at any time.

To ensure companies comply, GDPR also gives data regulators the power to fine up to €20m or 4% of annual global turnover, which is several orders of magnitude larger than previous possible fines. Data breaches must be reported within 72 hours to a data regulator, and affected individuals must be notified unless the data stolen is unreadable, ie strongly encrypted.

He told Reuters that Facebook was working on a version of the data protection law that would work globally, bringing some European privacy guarantees worldwide, but the 33-year-old billionaire demurred when asked what parts of the law he would not extend worldwide.

“We’re still nailing down details on this, but it should directionally be, in spirit, the whole thing,” Zuckerberg said. He did not elaborate.

His comments suggest that in some ways, American users will continue to find themselves with weaker privacy protections than their European counterparts.

Privacy advocacy groups have been urging Facebook and its Silicon Valley competitors such as Alphabet Inc’s Google to apply EU data laws worldwide, largely without success.

“We want Facebook and Google and all the other companies to immediately adopt in the United States and worldwide any new protections that they implement in Europe,” said Jeff Chester, executive director of the Center for Digital Democracy, in Washington.

Even while Facebook introduces its long-planned tweaks to comply with GDPR, the social network is also rushing to introduce a second set of privacy tools following the Cambridge Analytica files, which revealed the company’s historical lack of clarity over how and why user data was shared with third parties.

The latest post-scandal change offers users the ability to remove applications from the Facebook platform in bulk quantities. Integrations with external developers were responsible for the initial removal of data from Facebook’s platform that eventually found its way into the hands of Cambridge Analytica, an election consultancy. But it has always been hard for users to manage the settings related to how much data gets shared with external providers, particularly if those users have been on the site for many years.

Now, alongside a tool that was previously promised, which deactivates an app if the user hasn’t accessed it in three months, Facebook allows users to remove apps in large numbers, making it easier to clean up their privacy settings.

The new settings can be accessed by visiting the main settings, then clicking on “apps”, and checking multiple apps that should be removed.



Source link

read more
Cambridge AnalyticaData protectionDigital mediaEuropeEuropean commissionEuropean UnionInternetMediaSocial mediaSocial networkingTechnologyWorld news

EU official seeks ‘clear game plan’ on social media and elections | Technology

no thumb


A senior EU official has called for action against internet companies that harvest personal data, as Brussels prepares to move against those spreading “fake news” following the Cambridge Analytica revelations.

Sir Julian King, the European commissioner for security, wants “a clear game plan” on how social media companies are allowed to operate during political campaigns to be ready for the 2019 European elections.

The European commission’s digital strategy, to be outlined this month, has been given new impetus by the Cambridge Analytica scandal, in which whistleblowers revealed that the data of 50 million Facebook users ended up in the hands of political consultancies for use in Donald Trump’s US election campaign and the UK’s EU referendum.

In a letter seen by the Financial Times, King wrote that the “psychometric targeting activities” such as those of the data analysis company are just a “preview of the profoundly disturbing effects such disinformation could have on the functioning of liberal democracies”.

King, the UK’s final European commissioner, is calling for limits on the harvesting of personal information for political purposes, more transparency on the internal algorithms that internet platforms use to promote stories, as well as disclosure by technology companies of who funds sponsored content on their websites.

His ideas are set out in a letter to Mariya Gabriel, the digital economy commissioner, who is leading the EU’s response to fake news.

The French president, Emmanuel Macron, has already promised a law to ban fake news during election campaigns.

On Monday, Malaysia became one of the first countries in the world to introduce such a law, despite being urged by the UN not to rush the measures. Under the legislation, offenders could be sentenced to up to six years in prison. It has prompted fears of a clampdown on free speech before a general election.

King has previously called on the EU to redouble its efforts to debunk “pro-Kremlin disinformation”, and cited the work of the EU’s counter-propaganda unit, the East Stratcom taskforce. Set up in 2015 after Russia’s invasion of Crimea, the taskforce produces the EU’s Disinformation Review, a website that says it has found 3,500 cases of deliberately misleading news.

Critics say this work risks undermining freedom of expression and publishers’ rights. “The EU Disinformation Review seeks to control the right to freedom of expression by labelling publishers as ‘disinformation outlets’ and their content as ‘disinformation’, creating a chilling effect on the work of journalists that is central to democracy,” states a complaint by a group of lawyers to the EU ombudsman, published this week.

Led by Alberto Alemanno, a professor of EU law at HEC Paris business school, the group argues in a 13-page submission that the EU does not have a coherent method for deciding whether a publication is producing disinformation. The EU is also criticised for not giving publishers any notice of their complaint, meaning individual bloggers and publishers are subject to “arbitrary and capricious administration”.



Source link

read more
AlphabetComputingData and computer securityData protectionEmailEuropeEuropean UnionGoogleInternetTechnologyWorld news

GDPR: how can I email data securely to comply with the new regulations? | Technology

GDPR: how can I email data securely to comply with the new regulations? | Technology



As a freelance media professional, I am often asked by my various employers to send copies of my passport, completed visa forms and other sensitive data in the form of email attachments. I have recently questioned this and have not really got a satisfactory response. I have tried uploading these documents to my Google Drive account and giving them a link, though I don’t really know whether this method is any safer. However, I am at a loss to see how companies should acquire such sensitive data in light of the new GDPR rules coming into force in May. Robert

The European Union’s General Data Protection Regulation (GDPR), which comes into force on May 25, will govern the storage and processing of data rather than its collection. It also includes some very important consumer rights. The most important are the right to be informed, the right of access, the right to correct errors, the right to erase data, the right to restrict processing, and the right take it elsewhere (data portability). How useful these will be in practice remains to be seen.

The European Union’s new stronger, unified data protection laws, the General Data Protection Regulation (GDPR), will come into force on 25 May 2018, after more than six years in the making.

GDPR will replace the current patchwork of national data protection laws, give data regulators greater powers to fine, make it easier for companies with a “one-stop-shop” for operating across the whole of the EU, and create a new pan-European data regulator called the European Data Protection Board.

The new laws govern the processing and storage of EU citizens’ data, both that given to and observed by companies about people, whether or not the company has operations in the EU. They state that data protection should be both by design and default in any operation.

GDPR will refine and enshrine the “right to be forgotten” laws as the “right to erasure”, and give EU citizens the right to data portability, meaning they can take data from one organisation and give it to another. It will also bolster the requirement for explicit and informed consent before data is processed, and ensure that it can be withdrawn at any time.

To ensure companies comply, GDPR also gives data regulators the power to fine up to €20m or 4% of annual global turnover, which is several orders of magnitude larger than previous possible fines. Data breaches must be reported within 72 hours to a data regulator, and affected individuals must be notified unless the data stolen is unreadable, ie strongly encrypted.

“Personal data” includes names, addresses, phone numbers and IP addresses, as well as whatGDPR calls “factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”. That includes biometrics such as face, fingerprint and iris recognition, and genetic information. In other words, you may have personal data that identifies someone even if you don’t know their name.

GDPR applies to companies and organisations, particularly those with more than 250 employees. Home and household users are exempt. However, as a freelancer, you store and process data, even if the “processing” just means entering a name in an address book and looking it up. You should therefore do an audit of the devices and software you use to make sure that other people’s personal data is protected. This may require the use of data backups, passwords, encryption, malware protection, and a VPN when using public hotspots. The GDPR also obliges you to tell people if there are any security breaches.

You should also audit your data to make sure that you are only holding data that is necessary for your jobs, or that you are legally required to hold, eg for tax purposes.

The UK’s Information Commissioner’s Office (ICO) has a useful 12-step plan (PDF), though like most things GDPR-related, it’s aimed at companies. IBM’s Liz Henderson provides a good summary in two posts on LinkedIn, GDPR Plan – Do you have yours? and GDPR Initial Steps, What’s Next…?

Note: the GDPR is being modified and implemented in the UK by the data protection bill, which is still going through parliament. It should include some exceptions for journalism similar to the ones in the previous DPA, so check whether these apply to you.

Email problems

You are right to be concerned about sending things by email. Emails are more like plain text postcards because they can, in theory, be read at any of the many servers through which they pass, or by someone tapping a line. Of course, “read by” is unlikely to mean “read by a human being.” However, software can look for things like passwords and credit card numbers.

A more likely problem is sending emails to the wrong address, either because users have got their own email addresses wrong (this happens surprisingly often), or through human error. Pick the wrong address from a list of auto-complete suggestions and you could send personal data to the wrong recipient. This would be a data breach that might have to be reported.

It would obviously be good thing if all emails were encrypted by default so that only the intended recipient could read them. Three decades of history says this isn’t going to happen soon, if at all. Public key encryption is too hard for people who just want to send normal emails.



Emails are more like plain text postcards because they can, in theory, be read at any of the many servers through which they pass, or by someone tapping a line. Photograph: Roger Tooth for the Guardian

Some large organisations do have encrypted email services, such as the NHS, but that doesn’t help the rest of us.

Some people do choose secure email services, such as ProtonMail in Switzerland and Tutanota in Germany. However, you also have to send external recipients a password – for example, in an SMS text message – to decrypt the email.

Tutanota users get an email that says “you have an encrypted email” and you click a link to read it, and reply to it, in a browser. You have to export the email if you want to keep a copy.

There are also plug-ins for Gmail and the Microsoft Outlook email program that provide secure email services. If one of your employers is using a secure system, they might let you join in.

If there’s no other alternative, you should encrypt and password-protect your images and documents before sending them as email attachments. Again, you must send the password separately, either via a different messaging service or in the post.

Online storage locations

It’s a good idea to upload attachments and then send people a link. However, bear in mind that you are uploading documents to the company that probably runs the biggest surveillance operation on the planet. Encrypt your documents before you upload them.

Encryption protects data if an online storage service is compromised – it has happened – or if your email is hacked.

Unfortunately, using Google Drive brings up an extra complication. If you are using Gmail, then you can assume that your data is being held in, or passing through, or accessible from the USA.

GDPR does not oblige users to store data on servers inside the EU. However, there are extra requirements if servers are outside the EU. First, you need to have a legitimate reason for transferring personal data outside the EU. Second, you must have the consent of the person whose data is being exported. Third, you must give that person the option to opt out.

In another post, the aforementioned Liz Henderson explains how to create a GDPR Privacy Notice, and you could adapt her sample to cover Gmail storage outside the EU.

You could switch to using an email service that operates wholly within the EU (see above), if only for any people who opt out, or you could upgrade to Google’s paid-for service.

Google claims that its G Suite and Google Cloud Platform (GCP) services are fully compliant with GDPR, because it offers to sign EU Model Contract Clauses and a Data Processing Amendment. The fine print notes that “the parties acknowledge and agree that Non-European Data Protection Legislation may also apply to the processing of Customer Personal Data” and that “Google will not process Customer Personal Data for Advertising purposes or serve Advertising in the Services”.

I don’t think GDPR will actually stop advertising-driven personal data processing. Just look forward to clicking “I agree” to lots of terms and conditions you won’t even bother to read.

IANAL!

Bear in mind that GDPR is a legal matter and I am not a lawyer. I am also not an expert on GDPR. Companies who can be fined up to €20 million or 4% of their annual turnover should take this stuff seriously and follow the ICO’s advice. Lots of consultancies are offering guides, training, software toolkits and other services, too.

Freelancers like us are not the target, but we should work to comply as best we can. In particular, don’t keep any personal data you don’t need, and store and use it securely. Indeed, you should do those things even if the GDPR didn’t exist.

Have you got a question? Email it to [email protected]



Source link

read more
Cambridge AnalyticaData protectionEuropeEuropean UnionFacebookMediaSocial mediaTechnologyUK news

Facebook announces privacy tools to ‘put people in more control’ of data | Technology

no thumb


Facebook is launching a range of new tools in an effort to “put people in more control over their privacy” in the buildup to new EU regulations that tighten up data protection.

The changes come after a troubling two weeks for the company, which is battling with the fallout of the Cambridge Analytica files. At least one of the new features, a unified privacy dashboard, was previously discussed by Facebook’s chief operating officer, Sheryl Sandberg, back in January.

“The last week showed how much more work we need to do to enforce our policies, and to help people understand how Facebook works and the choices they have over their data,” two Facebook executives wrote in a blogpost announcing the changes. “We’ve heard loud and clear that privacy settings and other important tools are too hard to find, and that we must do more to keep people informed.”

Erin Egan, Facebook’s chief privacy officer, and Ashlie Beringer, its deputy general counsel, continued: “Most of these updates have been in the works for some time, but the events of the past several days underscore their importance.” The features will be available to all users, not just those in countries covered by the EU general data protection regulation (GDPR), which comes into effect on 25 May.

On mobile devices, Facebook users will now be able to find all their settings in a single place, rather than spread across “nearly 20 different screens” as they were before. They will also be able to find a separate item, the “privacy shortcuts” menu, which provides a clearing house for options about data protection, ad personalisation and on-platform privacy.

The site is also complying with rules about access to stored personal data with a new “access your information” tool, that allows people to find, download and delete Facebook data.

But Facebook is not committing to making it any easier for users to delete their accounts wholesale. The option to permanently delete an account is currently buried in a help menu, deprioritised in favour of the non-destructive option to “deactivate” a user account, which leaves all the data on Facebook’s servers and accessible to the company’s data-mining tools.

Facebook says that further changes will come in response to user feedback, including updates to the terms of service and data policies. “These updates are about transparency,” Egan and Beringer write, “not about gaining new rights to collect, use, or share data.”



Source link

read more
1 2 3
Page 1 of 3