01 Sep 2015

EDRi launches a campaign for online privacy for kids

By Heini Järvinen

GlobalGiving_launch_banner

Today, we launched a crowdfunding campaign to create a textbook to raise awareness among kids for the protection of their privacy online.

“We want to teach children what they need to consider to protect themselves online,” said Kirsten Fiedler, Managing Director of European Digital Rights. “The goal is to create material, translated into as many languages as possible, that can be used in schools, at home and elsewhere.”

The internet offers children tremendous opportunities to learn and to explore new ideas. However, younger internet users often possess insufficient knowledge of how their reputations can be affected by their interactions online. Sometimes it is not easy to tell who someone really is online, and there are many reasons for which businesses might try to get personal information about kids or their families. Parents and teachers cannot always be on hand, which is why it is important to empower kids to also protect their own online privacy.

The campaign will continue until 15 September, and if it reaches its target of 5000 euro, a textbook to explain how the internet works, with practical examples, exercises and sample lessons, will be published, translated, and distributed around Europe.

You can find the campaign here:
http://www.globalgiving.org/projects/online-privacy-for-children/

Twitter_tweet_and_follow_banner

close
05 Aug 2015

Our internships at EDRi: We made digital rights matter

By Guest author

During the last couple of months, as EDRi’s interns, through advocacy, campaigning and reporting, we were given a unique opportunity to challenge threats to fundamental rights posed in the context of net neutrality, privacy, personal data and copyright. It was a fruitful and rewarding experience that allowed us to put our theoretical skills into practice while promoting human values of freedom and dignity in the online world.

Here is a short summary of our wonderful journey at EDRi:

Morana:

During my internship, I had the opportunity to work closely on three currently “hot issues”: data protection, copyright and Passenger Name Record (PNR). Since my arrival at EDRi, I was following the activities concerning these subjects and gained a lot of insight by participating in meetings, conferences and events, reading and analysing documents, as well as monitoring the work progress of three main EU institutions: the European Parliament, the European Commission and the Council of the European Union.

Thanks to the fact that I was following the Data protection reform developments, I have learnt what is behind the mystery known as “trialogue” and how it functions. The European Parliament’s early steps in reforming and modernising copyright was a great chance to see how the work of the Members of the European Parliament (MEPs) evolves and how a document can significantly change from the first draft to the final vote in plenary.

Some of the moments I enjoyed the most were visiting the European Parliament, the Commission and the Council for the first time, listening to different perspectives and interesting debates at the events I attended, contacting and meeting Permanent Representations of the EU Member States, analysing the Data retention legislation in Member States, and learning about encryption and basic tools which can protect my privacy online.

All in all, my time at EDRi has helped me enrich my understanding of the European institutions and their work significantly. Participating in the whole process was extremely beneficial to see and understand how the legislation is made at the EU level and how civil society can influence and be part of this process. I have also realised that advocating for citizens’ rights can sometimes be overwhelming and seem pointless, like in the case of the recently adopted EU PNR proposal. However, analysing Marietje Schaake’s Opinion on human rights in third countries, where the suggestions from EDRi were adopted by the Parliament, assured me that organisations like EDRi definitely play an important role in changing the future into a better one.

Aldo:

During my experience at EDRi, I mainly worked on the Telecom Single Market (TSM) package and on trade agreements. To be honest, I didn’t expect trade agreements to be that relevant to digital rights. Indeed, it was very challenging and interesting to deal with trade law and try to understand how a new generation of free trade agreements could affect fundamental rights such as privacy and data protection, which seemed to be completely unrelated to trade issues at first sight.

During these last months, I had the opportunity to follow the legislative procedure of the European Parliament’s own-initiative report on the Transatlantic Trade and Investment Partnership (TTIP). I participated in a whole range of advocacy activities, like contacting MEPs offices to arrange meetings and participating in these meetings, assisting in the analysis of amendments, contacting Committee secretariats to get information on the legislative procedure, preparing documents for internal use and help drafting documents and analyses. In this context, it was particularly challenging and gratifying to take part in writing the “TTIP and Digital Rights” booklet (pdf).

Along with the internal work of the association, the experience at EDRi also gave me the opportunity to participate in several external meetings. Particularly as regards TTIP, I took part in events organised by stakeholders and think tanks, civil society meetings and events organised by the European Commission.

Concerning the Telecoms Single Market (TSM) which is crucial for a potential legal safeguard of net neutrality, my internship gave me the opportunity to understand how important it is to have early contacts with MEPs and keep them informed with position papers and analyses on your positions. Following the TSM trialogue was fundamental to understand how the European institutions work in practice. Only knowing the ordinary legislative procedure can be useless in Brussels because informal meetings can deeply affect how policies are made. Besides the ups and downs of the trialogue negotiations, it was very thrilling and instructive to be involved in the net neutrality “fight”. On some days, this file taught me how institutions can be obscure, producing text that makes it difficult to orientate yourself in the details of legislation. On other days, it was great to see the results of our work, and to see how civil society associations like EDRi can make a difference at EU level.

Conclusion:

Unfortunately, our joyful ride of protecting digital freedoms at EDRi has come to its last stop. It is time to take our suitcases, fully packed with new skills and knowledge, as well as our bursting confidence and even stronger determination to advocate for digital rights, and head off to a new destination where we can put into practice all the knowledge we gained here.

Last, but certainly not least, we want to thank the EDRi Brussels team for being our amazing guides on this journey, supporting us and making us smile even on a grey, cloudy Brussels day.

Off to some new and exciting adventures!

(Contribution by Morana Perušić and Aldo Sghirinzetti, EDRi interns)

Twitter_tweet_and_follow_banner

close
31 Jul 2015

Leaked documents: German news site Netzpolitik.org investigated for treason

By Kirsten Fiedler

If it were up to the Federal Attorney General and the President of the German Domestic Security Agency, two reporters of Netzpolitik.org, a German digital rights blog, would soon be in prison for at least two years. Yesterday, the news blog was officially informed about investigations against the editors Markus Beckedahl and Andre Meister. The accusation: Treason under Section 94 of the German Criminal Code:

Whosoever […] allows a state secret to come to the attention of an unauthorised person or to become known to the public in order to prejudice the Federal Republic of Germany or benefit a foreign power and thereby creates a danger of serious prejudice to the external security of the Federal Republic of Germany, shall be liable to imprisonment of not less than one year.

Until this week, the news site was reported merely as witnesses in a case following the publication of documents that revealed a €2.75m project for processing massive online datasets as well as plans for a 75-man unit in the German secret service to monitor Twitter, Facebook chats and other communications. Now however, two authors are accused of treason and as “joint principals”.

Markus Beckedahl, the editor-in-chief of Netzpolitik told EDRi:

We see this as an attack on press freedom. This is clearly an attempt at intimidation against us, other journalists and whistleblowers in order to prevent revelations on how deep the German government and intelligence agencies are involved with the US National Security Agency (NSA).

The last charges of treason against German journalists date back to the Spiegel scandal in 1962. Such investigations of a news site appear to be in breach of the reasoning in the ruling of the German Constitutional Court in the Cicero case in 2007.

Read the original German letter of the Federal Attorney General in full text.

Leaked documents (in German) of the Netzpolitik.org articles, February and April 2015: Haushaltsplan (pdf) and Einrichtung Referatsgruppe “Erweiterte Fachunterstützung Internet” im BfV (pdf)

Twitter_tweet_and_follow_banner

close
22 Jul 2015

EU Commission – finally – confirms that its promise on data protection will be respected

By Joe McNamee

Last April, EDRi, supported by other sixty-five NGOs from the European Union, North, Central and South America, Africa, Asia and Australia sent a letter (PDF) to the European Commission. The letter asked if the Commission would respect the “absolute red line” that the protection levels in the 1995 Data Protection Directive would be maintained.

This commitment is now critically important, as the EU institutions are currently involved in “trialogue discussions” (infographic), which are expected to finalise the data protection reform process started five years ago with a Commission Communication. A clear position from the leadership of the Commission on the protection of existing standards is crucial to ensure that some of the more extremist policies (PDF) proposed by some Member States can be definitively taken off the table, for the benefit of the coherence, trust and credibility that all stakeholders need from the final Regulation and Directive.

Today, we received a positive answer (PDF) from the European Commission, confirming that they will respect the commitment to respect the levels protection set in the Directive 95/46/EC:

The Commission has been and will continue to be true to this commitment.

Ahead of the next trialogue meetings starting again in September, this commitment sets important boundaries on what is, and what is not, acceptable as this process moves forwards.

All actors involved in these negotiations need not to be distracted with siren calls from a small number of private actors who, as they historically always do, mistake good regulation for constraints on business. As Paul Nemitz, Director for Fundamental rights and Union citizenship in the Directorate – General for Justice of the European Commission, explained to the Wall Street Journal: “The path toward trust through high levels of protection is good for the economy, good for growth and employment.”

Read the Commission’s response:
17072015-eudatap-Commission-95

close
15 Jul 2015

ICANN considers banning privacy services

By Guest author

The Internet Corporation for Assigned Names and Numbers (ICANN) is proposing a new Internet policy which comes at the expense of human rights, especially privacy and freedom of speech. The proposed rules are addressed to companies that provide WHOIS privacy/proxy services (which restrict access to domain registrant information) and limit their availability to individuals only, denying this service to organisations.

Why is this a problem?

When you register a domain on the Internet, you are asked for a set of information which will appear in the WHOIS database – a public registry with all the domain names.

Under the terms of the ICANN proposal, domain name registrants who will register commercial sites will not have the possibility to make the registration via companies that offer the service of de-listing personal information from the WHOIS registry. This policy would be unfair and discriminatory for vulnerable groups, organisations and entrepreneurs who wish to exercise their right to freedom of expression on the Internet. Is it even in ICANN’s remit to decide what is a commercial activity and what is not? And what is a commercial site? Is it a non-governmental organisation (NGO) selling personalised merchandise via a commercial site? What about a humanitarian website asking for donations? Or a blog that sells advertisement space?

It is important to understand that there are actors such as political groups, religious organisations, ethnic groups, gender orientation groups, and others engaged in freedom of expression activities who have a clear need for protection.

EDRi member ApTI has prepared a comment for ICANN’s public consultation expressing firm disapproval regarding the proposal. Below are some of the reasons why greater confidentiality and privacy are needed in the WHOIS directory:

1. ICANN’s anti privacy domain registration = the new Stop Online Piracy Act (SOPA)

The copyright industry’s pressure on ICANN to take action against domains being used for infringing purposes is well known. However, the domain name industry should not be asked to play any part in policing the Internet by being forced to suspend Internet domain names based on accusations of copyright or trademark infringement by a website. The effort to restrict the privacy of domain name registrants is part of this wider lobbying effort to push ICANN into an enforcement role.

2. Privacy and anonymity are fundamental for the open use of the Internet

The argument that criminals use proxy and privacy registrations to hide their identities has been intensively used in the WHOIS privacy debate. However, illegal uses represent a small minority of cases and privacy registrations do not contribute to a wide-spread criminal behaviour. The vast majority of domain owners are not criminals, so why put everyone at risk just for catching few perpetrators? This measure is disproportionate and unjustified and it resembles the deeply flawed reasoning behind adopting mass surveillance decisions.

3. The proposal violates the Internet’s core values

The proposal closes up the free and open use of the Internet. Certain categories of people will be left with no guarantees that their message will be delivered without abuse and repercussions. Website owners with less popular content or presenting dissident views will fear becoming easy targets. With their sensitive data displayed in the public registry, more and more people will refrain from making their voice heard online. Self-censorship is not going to contribute to a free and open Internet.

Several privacy campaigns opposing ICANN’s proposal, such as savedomainprivacy.org and respectourprivacy.com, were launched, and a total of 11510 comments were sent to the public consultation. The comments are publicly available and a report based on the inputs received is expected on 21 July 2015.

ApTI’s full comment for ICANN’s public consultation (07.07.2015)
http://www.apti.ro/sites/default/files/WHOISprivacy-ICANNpubliccomment7JULY2015_0.pdf

ICANN: Initial Report on the Privacy & Proxy Services Accreditation Issues Policy Development Process (05.05.2015)
https://gnso.icann.org/en/issues/raa/ppsai-initial-05may15-en.pdf

Save domain privacy
https://www.savedomainprivacy.org/with-without-privacy/

Changes to domain name rules place user privacy in jeopardy (23.06.2015)
https://www.eff.org/deeplinks/2015/06/changes-domain-name-rules-place-user-privacy-jeopardy

MPAA & RIAA demand DNS action against “pirate” domains (14.05.2015)
https://torrentfreak.com/mpaa-riaa-demand-dns-action-against-pirate-domains-150514/

GNSO privacy & proxy services accreditation issues working group initial report (05.05.0215)
https://www.icann.org/public-comments/ppsai-initial-2015-05-05-en

Comments to the public consultation
https://forum.icann.org/lists/comments-ppsai-initial-05may15/threads.html

(Contribution by Valentina Pavel, EDRi member ApTI, Romania)

EDRi-gram_subscribe_banner

Twitter_tweet_and_follow_banner

close
13 Jul 2015

EU Parliament to vote on indiscriminate collection and storage of travel data on 15 July

By Joe McNamee

Two years after rejecting the Commission proposal for a Directive on Passenger Name Record (PNR) in April 2013, the Committee on Civil Liberties, Justice and Home Affairs (LIBE) is expected to vote again on the adoption of this blanket surveillance measure on 15 July.

The purpose of the Directive is to collect and store the data of air travellers arriving into or leaving the EU (including an amendment that this should also cover intra-EU flights). It is proposed that data will be stored for the entirely arbitrary period of five years, that the data will be compared with unspecified other databases and used to profile all passengers as potential serious criminals. The European Commission has previously defended the proposal on the basis that indiscriminately collecting travellers’ data is “less indiscriminate” than the indiscriminate collection and storage of communications data under the Data Retention Directive.

The EU-PNR proposal was first proposed by the European Commission in 2011. However, it was rejected by the Parliament’s LIBE committee in 2013, presumably because there is no evidence to suggest that it is necessary and proportionate and, therefore, legal. Shortly after, the Parliament asked the Committee to reconsider its position.

The following are some of the reasons why the proposal should be rejected:

The EU should not repeat past mistakes

Fast-tracking these measures after the Paris and Copenhagen terrorists attacks in 2015 will lead to the EU repeating exactly the same mistake it made when adopting the failed Data Retention Directive. As previously explained in our PNR infographic, the LIBE Committee rejected the Data Retention Directive, only for the Directive to be subsequently pushed through following a terrorist attack. It was then declared illegal by the European Court of Justice. Now, after the LIBE Committee rejected the PNR Directive in 2013, it is being pushed through, following terrorist attacks.

Lack of evidence regarding the effectiveness of the PNR profiling

There is simply no evidence showing PNR schemes are an effective anti terrorism measure. There is no evidence that tracking of all passengers and collecting PNR data is necessary or even useful for the fight against terrorism and transnational serious crimes.

Principle at stake

The question is simple. In the absence of any evidence of necessity, of usefulness, of proportionality, is it acceptable to treat every citizen as a potential serious criminal? Is it acceptable to indiscriminately collect individual’s information, storing it in stockpiles of data which will become a security risk in their own right? Is it acceptable that, having made this mistake with telecommunications data retention, the European Parliament looks set to make this mistake again?

We urge you to contact your Members of the European Parliament (MEP) and remind them that privacy and protection of personal data are essential elements of every democratic society. Ask your MEP to support the amendments 48 and 49 in order to make sure that the Commission’s proposal, which evidently undermines key fundamental rights, is rejected.

Jointly written with EDRi intern Morana Perušić

Further reading:

Data retention: EU Commission – guardian and enemy of the treaties (17.12.2014.)
https://edri.org/data-retention-eu-com-guardian-enemy/

“We still need to watch you, really”: PNR back in the Parliament (02.04.2015)
https://edri.org/pnr-back-in-the-ep/

EU-PNR: “Those who don’t know history are doomed to repeat it” (03.06.2015)
https://www.accessnow.org/blog/2015/06/03/eu-pnr-those-who-dont-know-history-are-doomed-to-repeat-it

Article 29 Data Protection Working Party, Opinion 10/2011 on the proposal for a Directive of the European Parliament and of the Council on the use of passenger name record data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime (05.04.2011.)
http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2011/wp181_en.pdf

Twitter_tweet_and_follow_banner

close
08 Jul 2015

TTIP Resolution: what did the Parliament say about Digital Rights?

By Maryant Fernández Pérez

On 8 July, 2015, the European Parliament finally adopted a resolution on the Transatlantic Trade and Investment Partnership (TTIP). The TTIP resolution contains non-binding recommendations to the Commission regarding digital rights, among other topics.

At the beginning of 2015, EDRi published its red lines, which was later developed into a booklet “TTIP and Digital Rights”. On 8 July 2015, the Parliament did not fully listen to the concerns raised by many citizens. There are positive aspects to highlight, but the European Parliament’s Resolution breached some of EDRi’s red lines.

1. Transparency and democracy
The Parliament acknowledges that the lack of transparency has “led to deficiencies in terms of democratic control” on the TTIP negotiations. However, the Parliament rejected amendments to increase the transparency needed in the TTIP negotiations – to the detriment of democracy. We fully support the European Ombudsman’s decision of 6 January 2015 and her recent who request for more transparency, especially from the US side.

2. Investor-to-state dispute settlement (ISDS)
Unfortunately, the Parliament voted to change ISDS for a “new” system, which could still repeat the flaws of ISDS.

ISDS_20150708

3. Guarantee the rule of law
Whereas both the Civil liberties and the Legal Affairs Parliamentary Committees recognised the importance of the rule of law in their respective opinions, the Resolution does not even mention the rule of law. The Parliament recommended that the Commission protect the EU’s right to regulate, but the recommendations regarding the so-called “regulatory cooperation” still raise concerns regarding the chilling effects it may cause to the EU’s legal and political framework.

4. Human Rights clauses
We welcome the Parliament’s call for the Commission to include a “legally binding and suspensive human rights clause”. We regret that the Parliament did not want to clarify what this means, as it rejected Amendment 80, which fully represented EDRi’s red line on human rights clauses.

5. “Intellectual property”
The European Parliament failed to follow the strong opinion of the Legal Affairs committee to exclude copyright, trademarks and patents from the negotiations.

6. Data protection
We welcome the European Parliament’s call to include a horizontal self-standing clause in TTIP to exclude the current and future EU Data protection legislation from being traded in TTIP. However, the Parliament failed to ask the Commission to refrain from negotiating on the flow of personal data in trade agreements, as the Parliament’s Civil Liberties Committee had requested.

7. Surveillance and Privacy
We welcome that Parliament reiterated that its consent to TTIP could be endangered if US mass surveillance programmes are not “completely abandoned”. Additionally, the European Parliament had the possibility to recommend the Commission to exclude “encryption standards, or the certification thereof, in the TTIP agreement, since there is no economic benefit to be derived, but rather a serious potential economic and societal loss”, but that amendment was rejected.

8. Net neutrality
The European Parliament avoids mentioning net neutrality in TTIP’s resolution, which seems reasonable for EDRi.

In sum, this resolution did not suffer many changes as compared to the report adopted in the International Trade Committee (INTA). TTIP’s resolution is just a political indication for the Commission and the world. Ultimately, the European Parliament will say yes or no to the TTIP once negotiations are concluded. In the meantime, it is important not to lose track of the negotiations and the conclusion of other agreements, such as CETA (the Comprehensive Economic and Trade Agreement between Canada and the EU) or TiSA (the Trade and Services Agreement).

Twitter_tweet_and_follow_banner

close
17 Jun 2015

EU continues push for travel surveillance by the back door

By Kirsten Fiedler

The European Commission has released its plans for providing financial support to national security measures. These plans, despite the absence of a legal basis, privacy concerns and a pending EU Court of Justice (CJEU) decision, include the financing of a European mass surveillance measure: namely the long-term storage and exchange of citizens’ air travel data, Passenger Name Record (PNR).

In 2013, the European Commission made 50 million euro available to fund the development of a PNR system in Europe. This sum was split between 14 of the EU’s 28 Member States for projects aimed at “setting up national passenger information units”. Now the Commission continues to introduce surveillance by the back door and announces to provide support to harmonise and “facilitate the exchange” between the individual national systems it previously helped to develop.

However, no legislative measure that would provide a sound legal basis for this EU-wide system has been adopted. For more than four years, the EU has been trying to introduce a Directive with a draft launched by the Commission in 2011 and extensive discussions in three European Parliament committees. In 2013, the key committee (Civil Liberties Committee, LIBE) rejected the proposal because it considered its measures to be disproportionate and privacy invasive – and now it is back in the Parliament. Following political charades and a subsequent referral back to the LIBE committee, the Parliament is expected to vote on the draft proposal before the end of 2015.

In the meantime, the EU Commission continues to release funds for a measure which has been considered in breach of fundamental rights by various bodies, including the European Data Protection Supervisor and the Fundamental Rights Agency.

The Commission’s 2013 grants for national systems contributed to a disharmony of the single market, instead of harmonising it. After releasing this first batch of money, the Commission argued that the development of the PNR system had nothing to do with the ongoing legislative discussions. Now, after having tried to use this fragmentation as a means to advance negotiations on the Directive, it moves on to resolve the problem it helped to create, by facilitating information exchange between the national systems – which is one of the main goals of the draft Directive. In this context, it would be interesting to hear the Commission’s justification of the new grant, as a selection criterion states that applicants must be able to demonstrate a “European added value of the proposed action”. The Parliament might soon be forced to recognise a fait accompli.

European Commission Annual Work Programme for 2015 for support to Union Actions under the Internal Security Fund, 8 June 2015
http://ec.europa.eu/dgs/home-affairs/financing/fundings/security-and-safeguarding-liberties/internal-security-fund-police/union-actions/docs/awp_2015_isf_p_en.pdf

European Commission funds for national PNR systems, action grants 2012
http://ec.europa.eu/dgs/home-affairs/financing/fundings/security-and-safeguarding-liberties/prevention-of-and-fight-against-crime/calls/call-2012/pnr-targeted-call/docs/pnr_call_for_proposals_2012_final_en.pdf

Civil Liberties Committee rejects EU Passenger Name records proposal http://www.europarl.europa.eu/news/en/news-room/content/20130422IPR07523/html/Civil-Liberties-Committee-rejects-EU-Passenger-Name-Record-proposal

PNR is back in the European Parliament
https://edri.org/pnr-back-in-the-ep/

Timeline of the proposal for A Directive on the retention and use of PNR data
https://edri.org/surveillance-of-air-passengers-letter-to-parliamentarians/

The proposed EU passenger name records (PNR) directive Revived in the new security context
http://www.europarl.europa.eu/EPRS/EPRS-Briefing-554215-The-EU-PNR-Proposal-FINAL.pdf

(Contribution by Kirsten Fiedler, EDRi)

EDRi-gram_subscribe_banner

Twitter_tweet_and_follow_banner

close
17 Jun 2015

Microsoft’s new small print – how your personal data is (ab)used

By Heini Järvinen

Microsoft has renewed its Privacy Policy and Service Agreement. The new services agreement goes into effect on 1 August 2015, only a couple of days after the launch of the Windows 10 operating system on 29 July.

The new “privacy dashboard” is presented to give the users a possibility to control their data related to various products in a centralised manner. Microsoft’s deputy general counsel, Horacio Gutierrez, wrote in a blog post that Microsoft believes “that real transparency starts with straightforward terms and policies that people can clearly understand”. We copied and pasted the Microsoft Privacy Statement and the Services Agreement into a document editor and found that these “straightforward” terms are 22 and 23 pages long respectively. Summing up these 45 pages, one can say that Microsoft basically grants itself very broad rights to collect everything you do, say and write with and on your devices in order to sell more targeted advertising or to sell your data to third parties. The company appears to be granting itself the right to share your data either with your consent “or as necessary”.

A French tech news website Numerama analysed the new privacy policy and found a number of conditions users should be aware of:

By default, when signing into Windows with a Microsoft account, Windows syncs some of your settings and data with Microsoft servers, for example “web browser history, favorites, and websites you have open” as well as “saved app, website, mobile hotspot, and Wi-Fi network names and passwords”. Users can however deactivate this transfer to the Microsoft servers by changing their settings.

More problematic from a data protection perspective is however the fact that Windows generates a unique advertising ID for each user on a device. This advertising ID can be used by third parties, such as app developers and advertising networks for profiling purposes.

Also, when device encryption is on, Windows automatically encrypts the drive Windows is installed on and generates a recovery key. The BitLocker recovery key for the user’s device is automatically backed up online in the Microsoft OneDrive account.

Microsoft’s updated terms also state that they collect basic information “from you and your devices, including for example “app use data for apps that run on Windows” and “data about the networks you connect to.”

Users who chose to enable Microsoft’s personal assistant software “Cortana” have to live with the following invasion to their privacy: “To enable Cortana to provide personalized experiences and relevant suggestions, Microsoft collects and uses various types of data, such as your device location, data from your calendar, the apps you use, data from your emails and text messages, who you call, your contacts and how often you interact with them on your device. Cortana also learns about you by collecting data about how you use your device and other Microsoft services, such as your music, alarm settings, whether the lock screen is on, what you view and purchase, your browse and Bing search history, and more.” But this is not all, as this piece of software also analyses undefined “speech data”: “we collect your voice input, as well your name and nickname, your recent calendar events and the names of the people in your appointments, and information about your contacts including names and nicknames.”

But Microsoft’s updated privacy policy is not only bad news for privacy. Your free speech rights can also be violated on an ad hoc basis as the company warns:

“We will access, disclose and preserve personal data, including your content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary to”, for example, “protect their customers” or “enforce the terms governing the use of the services”.

So much for clearly understandable and straightforward terms of service.

Microsoft Privacy Statement
https://www.microsoft.com/en-us/privacystatement/default.aspx

Microsoft Services Agreement
https://www.microsoft.com/en-gb/servicesagreement/default.aspx

Windows 10, Microsoft and your personal data: what you need to know (only in French, 11.06.2015)
http://www.numerama.com/magazine/33357-windows-10-microsoft-et-vos-donnees-privees-ce-que-vous-devez-savoir.html

Microsoft provides privacy dashboard ahead of Windows 10 launch (04.06.2015)
http://www.pcworld.com/article/2932132/microsoft-provides-privacy-dashboard-ahead-of-windows-10-launch.html

(Contribution by Kirsten Fiedler and Heini Järvinen, EDRi)

EDRi-gram_subscribe_banner

Twitter_tweet_and_follow_banner

close
20 May 2015

EDRi-gram 300: Digital rights news from 2025

By Kirsten Fiedler

We are proud to present the 300th edition of the EDRi-gram as an eBook entitled “Digital rights news from 2025″!

EDRi-gram300_blogpost1

Since 2003, the EDRi-gram is reporting on developments across Europe to raise awareness of attacks on freedom of expression and privacy as well as to highlight good news and best practice. The EDRi-gram publishes free speech and privacy advocates’ media stories from across Europe every two weeks. EDRi’s members, observers and guest authors frequently contribute with reports and analysis from their home countries.

To celebrate our 300th edition, we have collected articles from the brightest stars in the digital rights universe. In the articles, they imagine what they will be writing about in 2025.

Editors: Joe McNamee, Kirsten Fiedler, Heini Järvinen

With contributions by: Dunja Mijatović, Hans de Zwart, Simon Davies, Jillian C. York, Cory Doctorow, Katarzyna Szymielewicz, Joe McNamee, Jesper Lund, Kirsten Fiedler, Erich Moechel, Raegan MacDonald, Estelle Massé, Douwe Korff, Bogdan Manolea, Monica Horten and Annie Machon.

The anniversary edition is available in various formats, including a DRM-free ebook (.epub ), a .pdf version and is published under a CC-by-sa licence on our website and on all major retailers worldwide.

Get your copy:

EDRi-gram300_blogpost2

EDRi-gram_subscribe_banner

Twitter_tweet_and_follow_banner

close