============================================================ EDRi-gram biweekly newsletter about digital civil rights in Europe Number 9.13, 29 June 2011 ============================================================ Contents ============================================================ 1. CSISAC decision not to endorse draft OECD Internet Communiqui 2. The Netherlands - first EU country to launch net neutrality 3. Negotiations end in confused text on Internet blocking 4. EU-US PNR agreement found incompatible with human rights 5. High level discussions on online tracking 6. New draft law for data retention in Romania 7. UK: Copyright holders ask for website blocking 8. No anonymous Internet usage in Denmark? 9. Traffic data fraudulently obtained by the Czech police 10. Low level of protection for minor's privacy on social networks 11. Recommended Action. 12. Recommended Reading 13. Agenda 14. About ============================================================ 1. CSISAC decision not to endorse draft OECD Internet Communiqui ============================================================ As a founding member and Steering Committee member of CSISAC (The Civil Society Information Society Advisory Council to the OECD), European Digital Rights (EDRi) strongly supports CSISAC's decision not to endorse the draft Communiqui currently under discussion by the OECD. EDRi was directly involved in the discussions that led to this decision. Having participated constructively in the OECD Internet policy development process over many months, together with other CSISAC members, EDRI and CSISAC support many of the proposed principles, in particular, policies that support the open, interoperable Internet, and multi-stakeholder policy development processes, but regret that other provisions of the draft OECD Communiqui do not meet civil society expectations. The final draft Communiqui threatens established human rights principles and the rule of law. It places excessive emphasis on enforcement of intellectual property, without taking due consideration of fundamental rights and the damage that such measures could have for openness and innovation on the Internet. Similarly, in the context of cybersecurity, it places undue weight on security without giving adequate consideration to proportionality. Most seriously of all, the implication of much of the text is to abandon the rule of law and hand over both enforcement and policing of cyberspace to online intermediaries. The text's repeated references to access to "lawful content" implies that intermediaries should decide what is legal and accessible and what is not - although they lack both the capacity and credibility to take over such a role. Similarly, much of the text appears to imply that Internet providers should also be responsible for punishing alleged infringements, possibly through measures such as disconnection of consumers ("graduated response"). More generally, EDRi has profound concerns regarding the tone of the draft text as a whole - which appears to already be regressing from the principles established in 2008 by the OECD's "Seoul Declaration". EDRi's opposition to the draft Communiqui is not a matter of drafting, it is an indication of a profound concern that the principles that it espouses are contrary to core values of society as a whole. These are the values that civil society exists to protect. The development process for the Communiqui has been far more open and inclusive than many exist in many other international forums. This should be applauded and has made the decision not to support the current draft outcome of the process very difficult. It was a decision that was not taken lightly. Civil Society Seoul Declaration http://csisac.org/seoul.php OECD Seoul Declaration http://www.oecd.org/dataoecd/49/28/40839436.pdf CSISAC http://csisac.org CSISAC Press Release - Civil Society Coalition Declines to Endorse OECD Communiqui on Principles for Internet Policy-Making; Urges OECD to Reject "Voluntary" Steps For Filtering and Blocking of Online Content(28.06.2011) http://www.edri.org/files/CSISAC_Press_Release_0628011_FINAL.pdf CSISAC Statement on OECD Communiqui on Principles for Internet Policy-Making (28.06.2011) http://www.edri.org/files/CSISAC_Statement_on_OECD_Communique%2006282011_FIN... ============================================================ 2. The Netherlands - first EU country to launch net neutrality ============================================================ A broad majority in the Dutch Parliament voted on 22 June 2011 for a legislative proposal to safeguard an open Internet in The Netherlands. The proposal prohibits Internet access providers from restricting or charging end-users for specific services. In addition, provisions were launched protecting users against disconnection and wiretapping by providers. The Netherlands is the first country in Europe to launch net neutrality provisions in parliament. Dutch digital rights movement and member of EDRi Bits of Freedom calls upon other countries to follow the Dutch example. Net neutrality means that Internet service providers may not hinder or block different kinds of applications and content online. Dutch telecom incumbent KPN recently received world-wide media-attention because of it plans to charge Internet users for the use of innovative and competitive services such as Internet telephony. The legislative proposal aims to prevent this, while still allowing for measures in case of congestion and for network security, as long as these measures serve end-user interests. Another proposal regarding internet connection ensures that internet providers can only disconnect their users in a very limited set of circumstances. A third proposal restricts internet providers from using invasive wiretapping technologies, such as deep packet inspection (DPI). The proposals are introduced by the Dutch parliament in the course of the implementation of the European telecommunications package. The proposals will also have to be adopted by the Dutch Senate (Eerste Kamer) before entering into force. English translations of the amendments can be found on the website of Bits of Freedom. Press release regarding net neutrality of Bits of Freedom (22.06.2011) https://www.bof.nl/2011/06/22/press-release-%e2%80%93-the-netherlands-first-... Description of Dutch internet freedom proposals (22.06.2011) https://www.bof.nl/2011/06/22/netherlands-launches-internet-freedom-legislat... English translation of Dutch internet freedom proposals (27.06.2011) https://www.bof.nl/2011/06/27/translations-of-key-dutch-internet-freedom-pro... (Contribution by Ot van Daalen - EDRi-member Bits of Freedom Netherlands) ============================================================ 3. Negotiations end in confused text on Internet blocking ============================================================ After months of negotiation, the Council, Parliament and Commission finally agreed a text on Internet blocking where everyone appears to have got what they wanted, except the European Commission. The agreed text now needs to be signed off by the political groups, before being put to a vote in the Civil Liberties Committee on 12-13 July 2011. A full vote of the European Parliament's plenary in September will definitively end the process in that institution. The provisional text removes the proposed obligation on EU Member States to introduce web blocking and also removes the wording which proposed encouragement and "stimulation" (sic) of Internet providers to introduce blocking outside the rule of law. The explanatory "recital" that is meant to provide clarification of the meaning of the main article is entirely schizophrenic. For those who wish to ignore the European Charter and European Convention on Human Rights, the explanation says that these provisions "are without prejudice to (unspecified) voluntary action taken by the internet industry." Neither"voluntary" or indeed what "action" is referred to is explained. For those who wish to see provisions of Article 52 of the Charter and Articles 8 and 10 of the Convention respected, particularly with regard to the need for restrictions to be based on law, the text explains that "Member States should ensure that it provides an adequate level of legal security and predictability to users and service providers." This wording echoes rulings from the European Court of Human Rights interpreting the concept of "in accordance with the law" in various existing rulings. The final compromise text allows blocking, doesn't require blocking, allows "voluntary" actions but does not explain what this might be, prohibits voluntary blocking, but possibly not in an enforceable way and suggests Member States should take action to remove the material at source, but uses wording so weak that it is practically unenforceable. The European Commission's Communication "Towards an EU Strategy on the Rights of the Child" adopted in 2006 established a set of specific objectives for the Union. - item 6 was "communicating more effectively on children's rights". It is to be hoped that the chaotic mess that was adopted does not effectively communicate the coherence, quality and priorities of the European Union in this policy area. EU Child Rights Communication http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2006:0367:FIN:EN:P... EDRi's blocking booklet http://www.edri.org/files/blocking_booklet.pdf Compromise text and analysis http://www.edri.org/blocking_negotiations Proposal for a Directive on combating the sexual abuse, sexual exploitation of children and child pornography, repealing Framework Decision 2004/68/JHA (29.03.2010) http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2010:0094:FIN:EN:P... Impact assessment (25.03.2009) http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=SEC:2009:0355:FIN:EN:P... Commissioner Malmstrvm's blog (in Swedish and English) on this issue (29.03.2010) http://ceciliamalmstrom.wordpress.com/2010/03/29/ett-slag-for-barnens-rattig... MOGiS (abuse survivors against internet blocking): Remove, don't block! - Act, and don't look away! http://mogis-verein.de/eu/ (Contribution by Joe McNamee - EDRi) ============================================================ 4. EU-US PNR agreement found incompatible with human rights ============================================================ In a note sent on 16 May 2011 to the Director-General of DG Home Affairs, the Legal Service of the European Commission warns that the draft EU-US agreement on the exchange of PNR data is not compatible with fundamental rights. The EC's lawyers found several areas of concern related to the planned agreement. Significant issues are the proportionality of the agreement which covers minor crimes as well, its extension to US border security "which is not linked to the purpose of preventing terrorism or serious crime", a far too long (15 years) data retention period for the data collected for the agreement purpose, the lack of judicial redress for the data subjects, the lack of "guarantee of independent oversight". After having reviewed the present draft, the Legal Service draws the attention over the fact that its earlier comments had not been considered in drafting the present variant of the agreement: "all (these) comments were already transmitted to your services in the course of the negotiations." The Legal Service concludes that "despite certain presentational improvements, the draft agreement does not constitute a sufficiently substantial improvement of the agreement currently applied on a provisional basis, the conclusion of which was refused on data protection grounds by the European Parliament." Moreover, the use of the PNR data for US border security is considered a step back from the point of view of data protection. The conclusion therefore related to the agreement is that "the Legal Service does not consider the agreement in its present form as compatible with fundamental rights." Hopefully this opinion may weigh in the decision of the European Parliament which, according to the Lisbon Treaty, has the power to refuse it. "This Agreement does not meet EU data protection standards of proportionality or purpose limitation, nor does it provide judicial redress to data subjects or any guarantee of independent oversight" says Tony Bunyan, Statewatch Director who believes that it's high time EU takes a firmer stand in the matter. "Secret Minutes of EU-US meetings since 2001 show that they have always been a one-way channel with the US setting the agenda by making demands on the EU. When the EU does make rare requests like on data protection, because US law only offers protection and redress to US citizens, they are bluntly told that the US is not going to change its data protection system". MEP Jan Philipp Albrecht, member of the European parliament's civil liberties committee, believes that by pushing forward this agreement, EU is acting against its own legal advice. "The commission cannot simply continue to stick its fingers in its ears, and it is high time that it dropped its obsession with PNR. This means going back to the drawing board and renegotiating the draft agreements with the US, Australia and Canada on passenger record retention, ensuring these agreements are in line with EU data protection law. It also means dropping the proposed legislation on the retention of passenger data within the EU." As regards the EU PNR proposal, this has been slammed also by the European Union Agency for Fundamental Rights (FRA). The Agency has issued an opinion on the Proposal for a Directive on the use of PNR data, identifying a series of issues regarding the compliance of the proposal with the Charter of Fundamental Rights of the European Union. FRA is concerned by the risk of direct discrimination related to PNR data transmitted by air carriers, which may include sensitive or special data. "It would therefore be useful to introduce a prohibition on the transmission of such data by air carriers." Regarding the limitation of fundamental rights covered by the proposal, FRA is concerned by the vagueness of several formulations and believes the explanatory memorandum of the proposal "does not sufficiently substantiate the necessity of the limitation for all crimes covered," and that "the necessity and proportionality of the PNR system would need to be demonstrated." For the compliance with the right to protection of personal data, FRA suggests the control should be provided by fully independent supervisory authorities that "can take action on their own initiative to protect proactively and effectively the interests of data subjects and have sufficient resources to do so in practice." European Commission's Legal Service says EU-USA PNR agreement is "not compatible with fundamental rights" (03.06.2011) http://www.statewatch.org/news/2011/jun/03eu-us-pnr-com-ls.htm Observatory on the exchange of data on passengers (PNR) with USA http://www.statewatch.org/pnrobservatory.htm Air passenger data plans in US-EU agreement are illegal, say lawyers (20.06.2011) http://www.guardian.co.uk/world/2011/jun/20/air-passenger-data-plans-illegal Opinion of the European Union Agency for Fundamental Rights (FRA) on the Proposal for a Directive on the use of Passenger Name Record (PNR) data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime (COM(2011) 32 final) (14.06.2011) http://www.statewatch.org/news/2011/jun/eu-pnr-fra-opinion.pdf ============================================================ 5. High level discussions on online tracking ============================================================ A meeting organised jointly by the University of Berkeley and the Institute for Information Law of the University of Amsterdam drew together an outstanding collection of international experts, NGOs and industry representatives to discuss online tracking protection and browsers. Information Society Commissioner Neelie Kroes opened the event where she brandished the "stick" of strict enforcement of the e-Privacy Directive if industry did not accept the "carrot" of self-regulation to achieve compliance. She described as "encouraging" the EASA and IAB Best Practice Recommendation, which uses a tiny icon to alert users to the fact that they are being tracked and profiled and being delivered advertising designed to match that profile - using a cookie as an opt-out mechanism. She pointed out that tracking is far more than cookies and can be done via browser fingerprinting and add-ons. She therefore called on the advertising industry to come up with a "do not track" (DNT) standard that "must be rich enough for users to know exactly what compliant companies do with their information and for me to be able to say to industry: if you implement this, then I can assume you comply with your legal obligations under the ePrivacy Directive." She challenged the industry to come up with such a standard within twelve months. Commissioner Kroes' speech was followed by one from Federal Trade Commissioner Julie Brill. She provided an overview of the current US thinking and policy development. She said that her thinking was driven by three key concepts - the need for privacy by design, the need for simplified choice and the need for increased transparency. Regarding a DNT standard, she said it needed to be easy to use, effective, universal, had to cover collection as well as use of data and had to represent a persistent choice. The final point was clearly an issue due to at least one case in the US where an "opt-out" offered by an online company only lasted several days. Commissioner Brill expressed particular concern about the situation in the mobile market. She said that, of the top 30 mobile apps, 22 did not have a privacy policy and those that did have a policy, did not make them particularly easy to find. The third policy-maker to speak was Robert Madelin, Director General of DG Information Society of the European Commission. He acknowledged and welcomed the G8 approach that Internet regulation needed to be convergent and interoperable. He described his minimum criteria for the creation of self-regulatory systems, the basis of which comes from a document produced when Mr Madelin was Director General of the Health and Consumer Protection Directorate General of the Commission. Key points which he stresses are clear goals from the outset, involvement of all relevant stakeholders from the outset and clear metrics for the measurement of results. The remainder of the meeting consisted mainly of very high-level panel discussions and a fascinating insight into the extent of online tracking, the technologies used and the main companies involved by Ashkan Soltani. Self-regulation principles http://ec.europa.eu/consumers/overview/report_advertising_en.pdf Ashkan Soltani http://ashkansoltani.org/ Event website http://www.law.berkeley.edu/11166.htm IAB/EASA Best practice guideline http://www.easa-alliance.org/binarydata.aspx?type=doc/EASA_BPR_OBA_12_APRIL_... Do Not Track: The Regulators' Challenge http://www.w3.org/QA/2011/06/do_not_track_the_regulators_ch.html (Contribution by Joe McNamee - EDRi) ============================================================ 6. New draft law for data retention in Romania ============================================================ The Romanian Ministry of Information Society and Communication (MCSI) submitted, for public comments, on 23 June 2011, a new draft law for the implemention of the EU data retention directive, after the Romanian Constitutional Court decided on 7 October 2009 that the Romanian law was unconstitutional. The explanation for the new text is merely a copy&paste from former documents. The new text just adds that this law was necessary because the European Commission has initiated a new action of infringement (letter C(2011) 4111 dated 16 June 2011) in the case 2011/2089 for not implementing the data retention directive. Although the explanation of the Ministry is that the new text is compliant with the decision of the Constitutional Court and the ECHR jurisprudence, the text of the draft law is nothing else than a copycat of the former law 298/2008, that has been already declared unconstitutional. The only addition that is supposed to solve this problem is the new article 13 that says the data retention activity must fulfil the principles of same quality and security than other data used by electronic communication providers, and of "appropriate technical and organisational measures" for not losing or abusing the data (without making any reference to what that might mean in practice). Instead, the present text is in fact vaguer than the initial law that was declared unconstitutional. The procedure to access the data has been deleted, just saying that the data might be accessed under the conditions of the "Penal procedure code and other special laws". Only that the current Penal procedure code does not foresee any procedure in this respect and, at least this moment, there are no special laws on the subject. Also the right to access the data can now be exerted by any "judicial authorities" and "authorities with attributions for national security and safety", which was a vagueness of the text already criticized by the Constitutional Court. Ionut Negrescu, the deputy general secretary in the MCSI claims that the Romanian authorities have been working for 1 year and a half in a working group led by the Ministry of Justice together with the MCSI, Ministry of Internal Affairs and Department of European Affairs. However, MCSI refused to admit even the existence of such a group, despite several questions publicly addressed by the civil society since 2010. Also, there was no public statement on this matter during all this period. At the same time, Negrescu admits that MCSI is in a deadlock: "The Constitutional Court says you may not retain for 6 months the traffic data of a person that is not under penal investigation and we were retaining all citizens' data. On the other hand, this is against the EU directive, which asks to retain this data for a minimum of 6 months. Here, we are in a deadlock". Basically, between respecting human rights and the Constitutional Court decision and following the opinions of the European Commission, the Romanian Government choose the latter. Five civil society NGOs, including EDRi-member ApTI, have asked for a public debate on the subject organized by MCSI, claiming that the current text is still unconstitutional. So far, no official reaction from MCSI has been received. Draft law on data retention (only in Romanian, 23.06.2011) http://www.mcsi.ro/Transparenta-decizionala/24/ProiectRetinereaDatelor Reasoing for the draft law on data retention (only in Romanian, 23.06.2011) http://www.mcsi.ro/Transparenta-decizionala/24/ExpunereMotive 5 NGOs warn that the new Big Brother draft law is still unconstitutional (only in Romanian, 28.06.2011) http://economie.hotnews.ro/stiri-telecom-9185463-cinci-ong-uri-avertizeaza-n... Romania: Data retention law declared unconstitutional (21.10.2008) http://www.edri.org/edrigram/number7.20/romania-data-retention-law-unconstit... Decision of the Romanian Constitutional Court (8.10.2009) http://www.legi-internet.ro/english/jurisprudenta-it-romania/decizii-it/roma... ============================================================ 7. UK: Copyright holders ask for website blocking ============================================================ According to some leaked reports, copyright holders seem to have proposed during a roundtable with UK Government representatives, ISPs and others on 15 June 2011, plans that could lead to the blocking of websites that allegedly host copyright infringing material. Apparently, the Rightsholder Group' plans include a voluntary website blocking scheme that would involve "expedited court procedures" letting an "expert body" decide if websites that host copyright-infringing material should be blocked, meaning that lobby groups might decide on website content. The leaked document would make reference to a "balance" between evidence and speed of action, no analysis seems to exist on how the blocking will be done or on the effect of such measures, no clear or comprehensive definitions of what content will be considered blockable seem to be mentioned. "The objective is to establish a system that protects a copyright owner's property rights by substantially inhibiting infringement while protecting the legitimate interests of consumers, site operators and service providers, including (where relevant) access to services and information and freedom of expression," says the leaked document. The meeting where the document was presented was closed to copyrights group and only Consumer Focus attended it, as the official "consumer" watchdog. Consumer Focus's opinion is that blocking is no solution: "Consumers' willingness to, or preference for, watching football games online and on mobile devices will not diminish because access to unlicensed websites is blocked." According to Consumer Focus, the copyright holders propose that, after the "expert body" has decided that copyright infringement evidence submitted by copyright holders is valid and that website blocking is appropriate, the Applications Court of the High Court issues permanent injunctions against the respective websites. "These proposals are a significant regulatory intervention and require at the very least significant changes to the Civil Procedure Rules. As such they should be publicly consulted on and evidence based," says Consumer Focus. EDRi-member Open Rights Group (ORG) also believes that discussions over how to enforce online copyright infringement measures should be held in public. "It is critical that policy making happens through a broad and open public debate, especially on matters that so tangibly affect rights such as access to information and freedom of expression," stated Peter Bradwell from ORG. Rights holders' proposed voluntary website blocking scheme (22.06.2011) http://www.openrightsgroup.org/blog/2011/rights-holders-propose-voluntary-we... Secret website blocking proposals presented to Ed Vaizey (21.06.2011) http://www.openrightsgroup.org/blog/2011/secret-website-blocking-proposals Leaked proposals detail copyright holders' website blocking code plans (27.06.2011) http://www.out-law.com/default.aspx?page=12030 Ed Vaizey website blocking roundtable (15.06.2011) http://www.consumerfocus.org.uk/files/2010/10/Consumer-Focus-response-to-web... BT wary of rights holders' site-blocking proposal (23.06.2011) http://www.theregister.co.uk/2011/06/23/site_blocking_vaizey/ ============================================================ 8. No anonymous Internet usage in Denmark? ============================================================ A working group at the Danish Ministry of Justice is debating on a recommendation to the Parliament. The current text suggests that people using open wireless internet connections, e.g. at libraries, cafes, and private companies identify themselves with a personal code. It is not yet determined how people should be identified, but the working group considers social security numbers, electronic digital signatures, and SMS-es. The existing Danish implementation of the Data Retention Directive does not require that users identify themselves, only that data such as payment information, hardware addresses etc. are stored. EDRi-member IT-POL see the recommendations as an attack to anonymity on the Internet. The recommendations are not made public but they are described in the printed edition of newspaper Politiken of 23-24 June 2011. The recommendations were criticized by several civil society members, including Rikke Frank Jxrgensen (Danish Institute for Human Rights), Jacob Mchangama(think tank CEPOS) Niels Elgaard Larsen (IT-Pol), Pernille Drost (Danish Union of Librarians) or Jon Lund (Danish Online News Association). Spokesmen for the two government parties are also critical of the recommendations and do not think that fighting international terrorism mandates that Danes should be surveyed 24/7. So there is some hope that this will not be passed by the Parliament. Last year the Tax Authorities introduced a bill that would allow them to mirror the hard disks of private companies. After criticism in the media, an excellent brief by Mchangama and lack of support from the two governing parties, the Minister of Taxation decided to postpone that bill, pending investigations by a new committee. You can no longer surf the web anonymously (only in Danish, 23.06.2011) http://www.computerworld.dk/art/117279 Will PET curb our freedom on the net? (only in Danish, 28.06.2011) http://politiken.dk/debat/ECE1319843/vil-pet-toejle-vores-frihed-paa-nettet/ Criticism: New Danish monitoring plan similar to DDR (only in Danish, 27.06.2011) http://www.computerworld.dk/art/117284 No. of persons logging on public networks (only in Danish, 24.06.2011) http://www.version2.dk/artikel/logning-af-internetbrugere-maaske-i-fare-2927... (Contribution by Niels Elgaard Larsen - EDRi-member IT-Pol - Denmark) ============================================================ 9. Traffic data fraudulently obtained by the Czech police ============================================================ An inspection of the Czech Interior Ministry has revealed that police detective Marian Hudec from Varnsdorf was gaining phone call statements including those of President Vaclav Klaus4s closest aides as well as those of Constitutional Court Chairman Pavel Rychetsky. According to MfD paper, Hudec obtained the numbers of some prominent people and wrote to the judge that he did not know the owners of the mobile numbers, but that he was working on order and the numbers obtained were linked to the investigation into white slave trade in his region. The judge, however, sanctioned access to the statements. Czech Prime Minister considered this was a serious abuse of the police and showed failure of courts that sign whatever police submits to them. These were traffic and location data retained under the national data retention legislation and a procedure according to the Criminal Procedure Code was used for the access to the respective data. Therefore this might not be an individual mistake but rather a faulty system. Irrespective of who's to be blamed for that, the procedure is worrying as a private person or a firm could thus easily get hold of sensitive data on whom and how often the high-placed people call. Czech police was gaining phone statements of Klaus4s aides- press (20.06.2011) http://www.ceskenoviny.cz/zpravy/policista-nelegalne-ziskal-i-vypisy-telefon... ============================================================ 10. Low level of protection for minor's privacy on social networks ============================================================ Most social networks fail to provide an appropriate level of protection for minors' privacy says a report recently published by the European Commission on the implementation of "Safer Social Networking Principles for the EU", a self-regulatory agreement brokered by the Commission in 2009 to keep children safe online. After several social networks have been tested on behalf of the European Commission during December 2010 and January 2011, the conclusion is that only two social networking sites (Bebo and MySpace) have default settings to make minors' profiles accessible only to their approved list of contacts and only 4 sites (Bebo, MySpace, Netlog and SchuelerVZ) make sure that minors can be contacted by default by friends only. Appropriate safety information for minors is however provided by a majority of the 14 social networks tested, which also respond to requests for help and prevent minors' profiles from being searched via external search engines. Neelie Kroes, Vice President of the European Commission for the Digital Agenda, has shown her concern and disappointment in this matter and said she would discuss with the companies and encourage them to use settings that better protect the teenagers using these sites. "I am disappointed that most social networking sites are failing to ensure that minors' profiles are accessible only to their approved contacts by default. I will be urging them to make a clear commitment to remedy this in a revised version of the self-regulatory framework we are currently discussing. This is not only to protect minors from unwanted contacts but also to protect their online reputation. Youngsters do not fully understand the consequences of disclosing too much of their personal lives online. Education and parental guidance are necessary, but we need to back these up with protection until youngsters can make decisions based on full awareness of the consequences," said Kroes. A worrying fact is that even grown-ups are not very aware of how they should protect their privacy on the online social networks. According to a recent survey carried out by Harris Interactive on more than 2000 US adult subjects, almost 70% of users of social networking websites say they're concerned about security but most of them don't do much to protect themselves. Digital Agenda: only two social networking sites protect privacy of minors' profiles by default (21.06.2011) http://europa.eu/rapid/pressReleasesAction.do?reference=IP/11/762&format=HTML&aged=0&language=EN&guiLanguage=en Social network sites fail to protect minors: EU report (21.06.2011) http://www.reuters.com/article/2011/06/21/us-eu-privacy-socialnetworking-idU... Social Networking: Survey finds gaps between user security concerns and behavior (23.06.2011) http://www.signonsandiego.com/news/2011/jun/23/social-networking-survey-find... ============================================================ 11. Recommended Action ============================================================ Norway: Open source code for e-voting system on the Internet (10.06.2011) http://www.regjeringen.no/en/dep/krd/press/press-releases/2011/open-source-c... http://www.regjeringen.no/en/dep/krd/prosjekter/e-vote-2011-project/source-c... ============================================================ 12. Recommended Reading ============================================================ Proposals for EU Council Decision on signing & conclusion of ACTA http://bit.ly/me5oh8 http://bit.ly/kDnxjC Sex, Lies and Cyber-crime Surveys (06.2011) http://research.microsoft.com/apps/pubs/default.aspx?id=149886 The Entire Internet Under Governmental Censorship In France? (15.06.2011) http://www.laquadrature.net/en/the-entire-internet-under-governmental-censor... Anonymous Blogging with WordPress and Tor guide in Spanish (21.06.2011) http://advocacy.globalvoicesonline.org/2011/06/21/anonymous-blogging-with-wo... Security and Human Behaviour 2011 Workshop 2011 (17-18.06.2011) http://www.lightbluetouchpaper.org/2011/06/17/security-and-human-behaviour-2... http://www.heinz.cmu.edu/~acquisti/shb/participants.htm CfP 2011 (14-16.06.2011) http://www.cfp.org/2011/wiki/index.php/Media ============================================================ 13. Agenda ============================================================ 30 June - 1 July 2011, Berlin, Germany OKCon 2011 - annual open knowledge conference of the Open Knowledge Foundation http://okcon.org/2011 1 July 2011, London, UK The Power of Open http://thepowerofopenlondon.eventbrite.com/ 5-6 July 2011, Gvttingen, Germany International Social Networking Summit Organized by CONSENT consortium http://consent.law.muni.cz/view.php?cisloclanku=2011050001 11-12 July 2011, Barcelona, Spain 7th International Conference on Internet, Law & Politics (IDP 2011): Net Neutrality and other challenges for the future of the Internet http://edcp.uoc.edu/symposia/lang/en/idp2011/?lang=en 24-30 July 2011, Meissen, Germany European Summer School on Internet Governance 2011 http://www.euro-ssig.eu/ 11 October 2011, Brussels, Belgium ePractice Workshop: Addressing evolving needs for cross-border eGovernment services http://www.epractice.eu/en/events/epractice-workshop-cross-border-services 27 - 30 October 2011, Barcelona, Spain Free Culture Forum 2011 http://fcforum.net/ ============================================================ 14. About ============================================================ EDRi-gram is a biweekly newsletter about digital civil rights in Europe. Currently EDRi has 28 members based or with offices in 18 different countries in Europe. European Digital Rights takes an active interest in developments in the EU accession countries and wants to share knowledge and awareness through the EDRi-grams. All contributions, suggestions for content, corrections or agenda-tips are most welcome. Errors are corrected as soon as possible and are visible on the EDRi website. Except where otherwise noted, this newsletter is licensed under the Creative Commons Attribution 3.0 License. See the full text at http://creativecommons.org/licenses/by/3.0/ Newsletter editor: Bogdan Manolea <edrigram@edri.org> Information about EDRI and its members: http://www.edri.org/ European Digital Rights needs your help in upholding digital rights in the EU. If you wish to help us promote digital rights, please consider making a private donation. http://www.edri.org/about/sponsoring - EDRI-gram subscription information subscribe by e-mail To: edri-news-request@edri.org Subject: subscribe You will receive an automated e-mail asking to confirm your request. Unsubscribe by e-mail To: edri-news-request@edri.org Subject: unsubscribe - EDRI-gram in Macedonian EDRI-gram is also available partly in Macedonian, with delay. Translations are provided by Metamorphosis http://www.metamorphosis.org.mk/edri/2.html - EDRI-gram in German EDRI-gram is also available in German, with delay. Translations are provided Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for Internet Users http://www.unwatched.org/ - Newsletter archive Back issues are available at: http://www.edri.org/edrigram - Help Please ask <edrigram@edri.org> if you have any problems with subscribing or unsubscribing. ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE