17 Oct 2016

EDRi’s privacy for kids booklet: Your guide to the Digital Defenders


Today, we are publishing a booklet “Your guide to Digital Defenders vs. Data Intruders – Privacy for kids!“, to help young people between 10-14 years to protect their privacy.

The internet is an amazing opportunity for young people to learn, communicate and to explore new worlds. Our booklet will help them enjoy all the benefits of the internet while protecting their personal information.

said Kirsten Fiedler, Managing Director of European Digital Rights.

Children’s freedom to explore and develop should not be limited due to lack of awareness of privacy-protecting strategies. The booklet helps them make safer and more informed choices about what to share and how to share online. It includes chapters on what privacy actually is, how to use safer messaging systems and how to improve the security of smartphones.


The booklet is the outcome of an international project with contributions by EDRi’s network (Bits of Freedom, Open Rights Group, Chaos Computer Club, Digitale Gesellschaft, ApTI Romania, Mediamocracy and many more). In the parallel universe of the booklet, a team of superheroes (the Digital Defenders) fights a group of villains (the Intruders). They were created by German comic artist and illustrator Gregor Sedlag.

The original language is English, but we have started to coordinate translations to make it available in as many languages as possible. The booklet is available under a creative commons (CC-BY) licence and can be freely downloaded and re-distributed. Donations to cover printing costs as well as translations are accepted here. If you want to help with translations, or if you want to print it and distribute it at schools please contact us!



Read more:
Educate and empower children on online privacy


12 Oct 2016

Corporate-sponsored privacy confusion in the EU on trade and data protection

By Maryant Fernández Pérez

After the “Privacy shield” was adopted on 12 July 2016, the European Commission started internal discussions about whether or not to include “data flows” and “data localisation” clauses in Transatlantic Trade and Investment Partnership (TTIP) and in the Trade in Services Agreement (TiSA). It appears that the European Commission Directorate-General for Justice and Consumers (DG Justice) initially accepted the inclusion of clauses on forced, unjustified “data localisation”, but not on transfers of data. However, according to EurActiv, DG Justice has backed down and accepted a weakening of its position on data protection and privacy in order to placate industry, after a campaign based on dubious assertions and backed up by the US government.

Now, the European Commission President Jean-Claude Juncker and the Vice-President Frans Timmermans seem to be prepared to defend core principles of EU law and the rights of EU citizens. They are allegedly blocking the “compromise” to water down protections because “the deal might poke holes in the EU data protection rules that are set to go into effect in 2018”. Weakening privacy and data protection of European citizens through the inclusion of “data flows” in trade agreements has global corporate sponsorship. The EU should resist. There are three main reasons for this:

1. Data flows must not be part of trade agreements

Trade negotiations are not suitable for shaping rules affecting the fundamental rights to privacy and data protection. If the EU was unable to ensure protections of fundamental rights in the Privacy Shield (see here, here and here), on what basis could it think that trade agreements would achieve a better result? Is the apparently ideological rush to include “data flows” in trade agreements worth the risk of making a dubious compromise that would put the whole agreement in doubt?

Data transfers are and can be ensured in other legal fora. Personal data flows are ensured in the EU legal framework by several mechanisms, such as binding corporate rules, modal clauses, adequacy decisions or special arrangements, of which the EU-US Privacy Shield is an example, albeit not a stellar one. The General Data Protection Regulation (GDPR) even provides more alternatives to transfer data of EU citizens abroad, such as self-certification. In addition, the European Commission is expected to issue a “Free flow of data initiative”, apparently only for commercial data.

2. Including data flows in trade agreements like TTIP or TiSA would have huge implications

On 13 July 2016, the University of Amsterdam issued an independent study that EDRi, BEUC, TACD and CDD commissioned in order to ascertain whether fears with regard to both privacy and data protection in trade agreements were founded. The study concluded the risks are real, and a great deal of effort needs to be put into making trade agreements data protection- and privacy-proof. This is our take:

Unless parties want to change their legal framework to truly protect human rights online, trade agreements’ vague commitments to protect data protection and privacy will be meaningless in practice.

Exceptions and safeguards protecting personal data and privacy are being suggested as a means to address the concerns about fundamental rights. However, these clauses can only be activated if certain conditions are complied with, such as:

  • that privacy and data protection measures cannot be inconsistent with other obligations of the agreement. Would the EU legal measures on data protection be inconsistent with the obligation to ensure “a free flow of data”? According to the lobby group CCIA, the response could well be “yes” (cf. “Europe might want to consider whether its 20th century localised data protection framework is well suited in the 21st century interconnected digital world”). To guard against such extreme positions, the European Parliament asked the Commission not to include such conditionality; or
  • that privacy and data protection measures should take “international standards” into consideration. As the EU is a standard setter in privacy and data protection, this creates the risk of a race to the bottom and could prevent other countries from adopting measures which defend privacy and data protection as much as (or more than) the EU.

Even if trade agreements had strong exceptions and safeguards, they could be undermined by:

  •  trade dispute settlement mechanisms of trade agreements, as the Charter of Fundamental Rights will obviously not be considered; and by
  • national security exceptions. Trade agreements contain exceptions on “essential security interests” that establish that nothing in the trade agreement shall prevent any Party to the agreement from adopting measures to protect “essential security interests”. This means that if a party to the agreement wanted to conduct mass surveillance, for example, the trade deal would not ensure the protection of the privacy and personal information of individuals. This is very worrisome, as the Snowden revelations and other scandals have shown. The European Parliament has warned the Commission that their consent to TTIP could be endangered if “US blanket mass surveillance activities are not completely abandoned”.

Conditions, suspensions or prohibitions of transfers of EU citizens’ personal data outside the EU must be possible if fundamental rights are violated or circumvented, as the European Parliament has proposed to the Commission. This position is absent from all of the clauses seen in current trade proposals. In fact, the EU is currently negotiating on trade agreements whose drafts include provisions on data protection that are fundamentally broken. The existence, application or enforcement of the laws adopted by the Parties to a trade agreement relating to their fundamental rights requirements must not be considered as a violation of any trade agreement.

3. Blackmail tactics of industry lobbyists

The hollow-sounding and specious arguments that the “global tech sector” use, such as that they take “the fundamental right to privacy very seriously”; and that without data flows (as if they would suddenly, mysteriously, stop), no trade agreements will be or can be concluded; or that the EU could be perceived as “data protectionist” are far from credible. Even some industry actors (e.g. eBay) had admitted to the Commission that the inclusion of data flows are not a priority for them because they rely on binding corporate rules to transfer data from EU citizens.

Having lobbied unsuccessfully against the General Data Protection Regulation (GDPR), having successfully lobbied for a flawed, inevitably temporary “Privacy Shield”, having incomprehensibly asked the Commission to repeal the e-Privacy Directive, it is understandable that industry lobbyists, backed by the US government want to:

  • ensure there are legal means available to challenge privacy and data protection measures, with the weak excuse that fundamental rights are barriers to trade;
  • prevent other countries to adopt high standards on data protection and privacy; and
  • make sure whatever protections on privacy and personal data are contingent on a nebulous and unpredictable understanding of “necessity” and “proportionality” in trade agreements, whereby fundamental rights will always be deprioritised compared with trade concerns.

It is also understandable that after hearing that the Commission was opposing to include data flows, they increased their lobbying and resorted to “independent” “think tanks” like ECIPE to multiply their message.

The European Commission should do better. As Evgeny Morozof argues, when policy is dictated by corporations, the protection of your privacy starts being seen as a barrier to economic growth. By defending the protection of privacy and personal information of all, the EU will gain influence and credibility. Data protection and privacy are not barriers to trade. Quite the opposite, privacy is an asset of economic growth; it’s a business opportunity to regain trust. Making void assurances and general statements that are not reflected in the actual text of the agreements would not be enough. The European Parliament has strongly reiterated this approach and even asked the Commission to “immediately and formally oppose the US proposals on movement of information”.

This is exactly what the EU should do.


11 Oct 2016

#2 Freedom to have secrets: How to keep your information private


This is the second blogpost of our series dedicated to privacy, security and freedoms. In the coming weeks, we will explain how your freedoms are under threat, and what you can do to fight back.

In our previous blogpost we described “cookies” and how they help to make a profile of your personality. This time we explain how your freedom to have secrets is at risk.


Big Data Surveillance: What is that and how it works?

Today, more and more devices and appliances connect to the internet, and most of our communications are in the hands of private companies. These companies often collect data about us: Your “free” email service is very probably routinely screening the contents of your emails, and using this information for advertising purposes. Based on your mobile phone’s location data, it’s not very difficult for companies to find out where you are at every moment, guess what you might be interested in, and who your friends are.

Could you imagine that a toothbrush or a television could be used to spy on you? Or that searching for a recipe to cook lentils could lead into anti-terror squads raiding your home?

If companies are able to read your emails, sms and chats, and to know constantly where you are, and with whom you have close relationships, how can you keep anything to yourself, or to share only with those who you choose? This kind of snooping is a threat to your freedom to have secrets! Even if the companies have no bad intentions, creation of databases with vast amounts of personal data generates huge security risks.

How to claim back your freedom to have secrets

To keep some of your information private, disable location in your smartphone, and check out these tools:

Signal: Recommended by whistleblower Edward Snowden as one of the best available apps, this application allows you to chat securely. All the communications are encrypted end-to-end by default, including group chats and attachments. This means that nobody but the person to whom you send the message will be able to read its contents. Sometimes it is a pain to change to a different technology. However, the more people that use Signal, the more people will use Signal! Privacy and security needs leaders to set an example… Try Signal, it’s as easy as any other instant message app! Ask the five people with whom you are in contact the most regularly to start using it, too, and you’ll be able to chat with them, with no risk to your privacy and security.

Want to go a step further? Why not encrypting your smartphone? Check the full disk encryption options in Android security settings, and check the “data protection” options in iPhones and iPads to improve your security beyond the defaults.

See more advice from our member organisation, the EFF, about how to keep your information safe here.

You can find more tools in the surveillance self-defense guide by the EFF.

John is dealing with location surveillance in this video, prepared by our member Association for Technology and Internet (ApTI) – Romania:


What can politicians do to safeguard your freedoms online?

The rules on online privacy in the EU (ePrivacy Directive) will be soon updated. This law is dealing with privacy and confidentiality of communications for the entire EU, and it affects tracking and other issues related to your freedoms online. Are politicians ready to fight for your privacy and security?

Read our previous blogposts here, and stay tuned to our next blogposts to know more about your freedoms online, and how they are threatened!


06 Oct 2016

Big Brother Awards Belgium: Facebook is the privacy villain of the year


Big Brother Awards Belgium 2016 – The Devil is in the Default

On 6 October, the Belgian Big Brother Awards 2016 took place in Brussels. The negative prize for the worst privacy abuser was unanimously granted to Facebook by the professional jury. The public confirmed Facebook’s title as the ultimate privacy villain of the year – a big majority of the votes went to the social network that is successfully harvesting and generating personal data from people all around the world.

Facebook is a multi-billion dollar company that has one commodity – you!

said Joe McNamee, Executive Director of European Digital Rights.

Facebook has access to a wide range of personal data, and it tracks your movements across the web, whether you are logged in or not. And the devil is in the default: To opt out, you are expected to navigate Facebook’s complex web of settings.

We nominated Facebook for the award because their default settings are noxious for privacy. To understand what privacy you are giving away when you use Facebook… well, that is impossible. Data algorithms that can make new assumptions about users are being constantly developed – even Facebook today would have difficulty knowing how they will use your data tomorrow.

said McNamee.

The Big Brother Awards are based on a concept created by EDRi member Privacy International. The goal is to draw attention to violations of privacy.


Big Brother Awards Belgium 2016: “The Devil is in the Default”


05 Oct 2016

CETA puts the protection of our privacy and personal data at risk

By Maryant Fernández Pérez

We are constantly sharing parts of our lives on the internet. We feel free to do this because we believe that we can still preserve some privacy and remain in control of what we share. Governments have a moral and legal duty to protect our privacy, prevent abuses and preserve a climate of trust. This is done through laws. Nowadays, our online privacy and the protection of our personal information are threatened in “creative” ways. One of these ways can be found in the Comprehensive Economic Trade Agreement (CETA) between Canada and the European Union. Unlike traditional “trade agreements”, CETA goes far beyond trade, touching upon privacy and data protection, as well as other fundamental rights.

Fifteen years ago, the European Union formally recognised that Canada offered EU citizens an adequate level of protection of their privacy and personal information, and this permitted EU data to be exported to Canada without additional restrictions. However, the European Court of Justice (CJEU) has recently clarified in the Schrems case that this means that non-EU countries must provide not just “adequate” but essentially equivalent protection as the EU does.

................................................................. Support our work with a one-off-donation! https://edri.org/donate/ .................................................................

Thanks to the Snowden revelations, it was proven that Canada was conducting mass surveillance activities within the so-called “Five Eyes” arrangement. If brought to court, as the Austrian student Max Schrems did with the EU-US agreement on transfer of personal data (the “Safe Harbor agreement”), the adequacy status given by the EU could be overturned. However, if CETA is ratified, the EU would be prohibited from protecting personal data in this way.

CETA does not allow the suspension of the transfer of data from one country to the other. If it was proven in Court that Canada violated citizens’ rights to privacy and personal data protection, the EU would be prevented from ensuring Canada grant an adequate level of protection. There are three main reasons for this.

Firstly: in theory, CETA provides some safeguards and exceptions that could allow both parties to adopt rules to protect our privacy and personal data. However, these clauses can be activated only if they are not inconsistent with other provisions of CETA – putting the Charter of Fundamental Rights of the European Union on a de-facto lower level than this Agreement.

Second reason: in the adoption and maintenance of rules on data protection and privacy, CETA requires that standards of international organisations where both parties are a member be followed. However, Canada is not part of the Council of Europe’s Convention on the protection of personal data, even though this Convention is open to non-European countries. The only standards that Canada can be held to, therefore, are vastly less meaningful than current EU standards.

Third and final reason: CETA creates a Regulatory Cooperation Forum, where big companies would be able to lobby legislators when laws are being drafted. We saw over and over again in the recent review of EU data protection legislation – and already before the planned review of online privacy rules – that lobbyists have no qualms in producing weak or downright false arguments about trade and innovation being undermined by citizens’ fundamental rights.

The negotiations to conclude CETA started in 2009 and concluded in 2014. During this period, neither citizens nor the representatives of national parliaments could vote on the content of the agreements. Yet, the 28 Member States of the European Union are being requested to approve CETA. It does not matter that we know that its clauses are not perfect or appropriate. Only a “yes” or a “no” to CETA is possible right now. Only a “yes” or “no” to risking the safeguards and protections of our privacy and personal data is possible. Improved trade agreements, that respect our democratic values, rights and freedoms, are possible, but it seems we lack the willingness to achieve this. A better Europe is possible.

This article was originally published in Polish on Dziennik Gazeta Prawna http://biznes.gazetaprawna.pl/artykuly/980577,co-to-jest-ceta-10-rzeczy-ktorych-nie-wiecie-o-umowie-ue-kanada.html.

CETA will undermine EU Charter of Fundamental Rights (04.05.2016)

Fifteen years late, Safe Harbor hits the rocks (06.10.2015)

(Contribution by Maryant Fernández Pérez, EDRi)



05 Oct 2016

e-Privacy Directive: Frequently Asked Questions

By Diego Naranjo

What is the e-Privacy Directive?

The e-Privacy Directive (ePD) is a Directive covering specific privacy and data protection issues in the electronic communications sector. It was adopted in 2002 and revised in 2009. The official text of the current version can be found here.


Why do we need this instrument?

The ePD was created to ensure privacy and to protect personal data in the electronic communications sector by “complementing and particularising” matters covered in a general way by the main legal instrument, the Directive on Data Protection, now the General Data Protection Regulation (GDPR). For example, the confidentiality of the content of communications and information which is stored or accessed on an individual’s device is protected under the ePD. The GDPR does not specifically cover this.

Confidentiality of communications is very complex. It covers not just your right to privacy and data protection, but also your freedom of communication and freedom of expression. Without legislation providing clarity on what these fundamental rights mean in this complex environment, the protection of confidentiality and security of communications would be less predictable and less enforceable. Lack of precise rules also makes it more difficult for companies to develop new and innovative services.

Isn’t the General Data Protection Regulation (GDPR) enough?

Although the GDPR covers many issues related to data protection, it does not cover, directly and precisely, the right to privacy and, in particular, the right to freedom of communication, which are two distinct fundamental rights. Therefore, the ePD is a necessary layer of precision to ensure predictable, effective protection of rights that are not covered precisely enough in the GDPR. Furthermore, the ePD also covers activities for which the processing of personal data is not the main issue at stake, such as the sending unsolicited messages (for example email spam or direct marketing). It also provides a framework for protecting the security of information stored on an individual’s device. It is important to remember that the ePD is not about creating new rights, but complementing existing rules, for the good of individuals and businesses alike.

The need for legislation on privacy and security of personal data in the electronic communications sector is increasing. Online tracking and the monitoring of e-mails for advertising purposes are on the rise, while telecommunications companies try to emulate internet companies by cashing in on the masses of customer data they hold, including location information. Furthermore, the ePD needs to be updated to meet the latest technological developments, such as the use of instant messaging instead of SMS or e-mail.

Which fundamental rights are affected by the ePD?

  • The fundamental right to confidentiality of communications, enshrined in Article 7 of the Charter

The new instrument replacing or revising the ePD should expressly clarify that this principle applies fully to data relating to online activities and communications, including traffic and location data as currently defined in the e-Privacy Directive. Furthermore, it should also apply to any similar data created or used in the online environment, such as location data, browsing data, e-book usage patterns, mobile app use, search queries, etc. and any new data produced therefrom. The new instrument should also bring clarity  with regard to the implementation of privacy by design and by default in this context.

  • The fundamental rights to protection of personal data and freedom of expression, as enshrined in Article 8 of the Charter

For most people in the EU the easiest way to access information involves the internet. To protect this, the revised instrument should ban obligations to consent to tracking of one’s activities  and subsequent profiling and automated decision-making (for example by accepting cookies before being allowed to enter a website). This is particularly important when accessing information regarding issues linked to sensitive data or when accessing website or services provided by the public sector.

What activities are covered in the ePD?

  • the confidentiality and security of communications
  • traffic and location data produced by personal devices
  • tracking of users, including by using personal devices (e.g. for behavioural advertising purposes)
  • cookies
  • security measures in personal devices
  • itemised billing
  • calling line identification
  • public and private directories
  • spam and unsolicited calls for marketing purposes
  • data breach notifications (later specified by EU Regulation 611/2013)

Which aspects need an update?

All aspects of the eDP related to online activities – such as the confidentiality and security of communications and personal devices, and the tracking of users – need to be updated to correspond to new and potential future technological developments. The rules on itemised billing, directories of users, and unsolicited communications need to be reassessed, to check if they are in line with the GDPR. Some of its aspects, such as how data breaches should be dealt with, do not require a specific  legislation and can be removed. Therefore this could be solved by referring to the GDPR, to avoid redundancy.

I am tired of banners telling me to accept cookies. Will this bring more of these?

The ePD currently tries to give users some control over online tracking. However, it does so in a rather blunt way. In light of experience and technological developments, the provision regulating cookies in the ePD should be refined and allow for user friendly mechanisms for expressing consent.

As we have explained in a previous blogpost, one of the ways you leave digital traces behind while surfing online are cookies. They are bits of information that get automatically installed into your device while visiting websites. Revised rules regulating cookies in the ePD should allow smoother browsing by removing obligations for consent for cookies that do not involve the collection and further processing of personal data, such as the tracking of users and devices via third parties. This would apply, for example, to statistics related to which parts of a website are visited the most collected by the owner of a website (“first party analytic cookies”) that do not involve unnecessary processing of personal information. Generally, we refer to the guidelines on cookies issued by the Article 29 Working Party on this regard.

How is this connected to the protection from mass surveillance?

We can unquestionably expect an expanding use of personal electronic devices (like smartphones, tablets, personal computers) and related technologies that are connected to the Internet (for example the Internet of Things). This development creates new opportunities for communicating online, but also bears risks for confidentiality and other fundamental rights. Online communications often involve many parties and cross national borders, without users being fully aware of these facts.

We agree with the European Data Protection Supervisor (EDPS) that number and frequency of requests from governments to internet services (Twitter, Gmail and any others) should be made public so that individuals get a clearer picture on how these invasive powers by governments are used in practice. If the public is aware of the government’s conduct, it will be in a better position to hold the government accountable. More transparency in this context could therefore help with restoring people’s trust in the electronic communications sector.

How does it relate to the security of my electronic devices, such as my smart phone?

The GDPR includes security obligations when it comes to the processing of personal data, while the ePD allows for the inclusion of security obligations that are more specifically tailored to our online communications. These security obligations should not only apply to electronic communications providers (telecoms), but should also cover, for example, app developers and the suppliers of individuals’ electronic devices. The companies behind apps and devices are not always the main legally responsible actors. However, given their important role protecting the security and confidentiality of personal communications, they should also be subject to security requirements. More specifically, we refer to the recommendations about security and privacy requirements for operating system suppliers, device manufacturers and other relevant stakeholders issued by the Article 29 Working Party in its Opinion 8/2014 on the Internet of Things.


This FAQ has been prepared jointly by the EDRi Brussels office and EDRi members Open Rights Group, fIPR, Bits of Freedom, Access Now, Panoptykon and Privacy International.

27 Sep 2016

#1 Freedom to be different: How to defend yourself against tracking


This is the first blogpost of our series dedicated to privacy, security and freedoms. In the next weeks, we will explain how your freedoms are under threat, and what you can do to fight back.


Cookies: What are they and how do they work?

One of the ways you leave digital traces behind while surfing online are cookies. They are bits of information that get automatically installed into your device while visiting websites. Sometimes they are useful; for example, when shopping online, the website needs to remember what you have added to your shopping basket, so that you can later check out and do the payment.

But most of the times cookies are placed by advertisers that want to collect data about which websites you visit, to target ads at you. This could seem harmless, but it creates risks. For example, when you are categorised (“profiled”) as someone who earns a good salary, you are likely to see higher prices for the things you want to buy. Or on the contrary, if you are profiled as someone who hasn’t got much money, you could end up paying more for your insurance since an insurance company might considered you a “risk”. Online tracking limits your freedom to be different.

How to claim back your freedom to be different

These tools will enable you to wipe most of the digital traces of your browsing activity:

Install Firefox – a browser that is more secure than others and whose features can be enhanced by numerous add-ons. Start using it now!

Install the following add-ons in your browser:

Privacy Badger: this add-on for your browser puts you back in control by spotting and then blocking third-party domains that seem to be tracking your browsing habits (that is, when advertisers and websites track your browsing activity across the web without your knowledge, control, or consent). Although it blocks many ads in practice, it is more a privacy tool than a strict ad blocker. You can easily download it here.

HTTPS Everywhere: This tool is, again, an add-on for Firefox (both desktop and Android), Chrome, and Opera that makes your browser use HTTPS to encrypt its communication with websites to the greatest extent possible. You can easily download it here.

If you want to find out more tools to defend yourself online, check out the excellent Surveillance Self-defense instructions by the EFF.

John is also dealing with cookies and online tracking in this video, prepared by our member Association for Technology and Internet (ApTI) – Romania:


What can politicians do to safeguard your freedoms online?

The rules on online privacy in the EU (ePrivacy Directive) will be soon updated. This law is dealing with privacy and confidentiality of communications for the entire EU, and it affects tracking and other issues related to your freedoms online. Are politicians ready to fight for your protection?

Stay tuned to our next blogposts to know more about your freedoms online, and how they are threatened!

Read more:

Behavioural Sciences and the Regulation of Privacy on the Internet

Article 29 Working Party: Opinion 04/2012 on Cookie Consent Exemption


20 Sep 2016

EDRi invites you to the Big Brother Awards Belgium

By Kirsten Fiedler

On 6 October, the Belgian Big Brother Awards – a negative prize for the worst privacy abuser – will take place in Brussels. There are many other such award ceremonies around the globe, many of which are being organised by EDRi’s members. EDRi is proud to be one of the partners of the Belgian event, organised by its member Liga voor Mensenrechten.

We will be the organiser of a “Privacy Salon” – a panel discussion which will focus on online tracking activities and the upcoming reform of European privacy rules (ePrivacy Directive). You can register to attend the event by visiting this link.

The event will take place on:

When: 6 October.
Where: KVS , the Brussels City Theatre.

Doors open at 19:00, the program starts at 19:30.
The debate is scheduled from 19:45 until 21:00

Confirmed speakers:

Stephen Deadman (Facebook)
Matthias Matthiesen (IAB)
Brendan Van Alsenoy (Privacy Commission, DPA Belgium)
Estelle Massé (AccessNow)
Dr. Frederik Borgesius (University Amsterdam)
Moderator: Joe McNamee (EDRi)

Background on the nomination:

Facebook is engaging in the same type of mass surveillance that the US National Security Agency NSA is doing – its spying on people all around the world, just via different means. There are three main reasons for our nomination:

1. Facebook has access to a wide range of personal data; for example it accesses your phone number and gives out your name out to strangers.The social network started taking mobile numbers from other, less direct, sources (like WhatsApp) or from you phone to add them to profiles and use them as public identifiers for individuals.

2. Facebook tracks your movements across the web. It doesn’t matter if you are logged in or not. Every time you see a “like” button on a website, your internet browser is talking to Facebook. It tells the social network what pages you are visiting and what kind of browser you’re using in order to target advertising at you.

3. Last but not least, the devil is in the default: Facebook supposes you have nothing against your data being sold, and automatically opts you in. You are expected to navigate Facebook’s complex web of settings (which include “Privacy”, “Apps”, “Ads”, “Followers”, etc.) in search of possible opt-outs.

What can Facebook do with all this information?

Facebook has gained the power to control directly who you are, the social network can “engineer the public” without the users’ knowledge. For years, Facebook has been carrying out experiments, for example to influence the mood of its users, or to manipulate their voting behavior.



20 Sep 2016

Privacy Training Center empowers you to protect your online freedom

By Guest author

New non-profit organisation offers privacy workshops for everyone

Most people know that surfing the internet has serious privacy implications. What many don’t know is how to protect themselves, their family, colleagues and friends. Meet the Privacy Training Center in Brussels the new not-for-profit training organisation.

The PTC aims to fill the knowledge gap by providing regular workshops about online privacy and data protection. Think of it as a targeted and structured way of doing crypto parties. Workshop participants learn about intrusive online advertising, digital criminals and governments’ digital prying eyes – and how to better protect themselves online.

................................................................. Support our work - make a recurrent donation! https://edri.org/supporters/ .................................................................

The curriculum ranges from raising beginners’ awareness for the privacy implications of using social media apps to supporting the roll-out of e-mail encryption in small organisations. Courses cover online security best practices and tons of useful apps and tools for things like secure file sharing, encrypted messaging and calls, anonymity and web tracking protection. We propose free software wherever possible.

As a non-profit, the PTC first and foremost targets are other non-profits, journalists and citizens, but the PTC also develops tailor-made staff training for businesses. After all, what good is the most secure software environment when employees post sensitive stuff on Facebook? Our workshops can also be embedded in conferences, public library programs, schools or universities. Feel free to ask!

The PTC is an initiative run by a group of IT consultants, programmers, privacy researchers and policy geeks and is the offspring of two Privacy Cafés held in the European Parliament together with EDRi and AccessNow in 2015. Our workshops continue to be available to policy makers from all institutions and political parties.

Website of the Privacy Training Center

EDRi announcement of 2015 European Parliament trainings

(Contribution by Jan Weisensee)



14 Sep 2016

Your privacy, security and freedom online are in danger


We carry more intimate information on the devices in our pockets and on our wrists than most personal diaries. For instance, our browsing history alone can already tell a lot about us and who we are, where we are, what we do in our free time, our fears, our political views and our relationships.

Unscrupulous companies now want to water down European rules on the privacy of our communications. This also increases threats to our freedoms – our freedom to have secrets, our freedom to be different or our freedom to make mistakes.

The EU now has the opportunity to protect our rights and freedoms in an upcoming reform (ePrivacy) – or it can turn them into fresh meat for corporate sharks.

In the coming weeks, you can stay tuned to learn about how to defend your privacy and to keep enjoying your freedoms. Join our campaign, check our website for more information about each and every of these 6 threats below – and we’ll give you the tools to protect yourself online.


… and we would like to introduce you to John, who is struggling with the same problems:


The video was prepared by our member Association for Technology and Internet (ApTI) – Romania.

Read the blogposts: