Europe Gets Serious on Data Protection

Companies like Google, Facebook and Twitter collect data from their users without their permission and this personalized data can be used, in large measure, to produce targeted advertisement. Advertising networks collect information across a wide span of sites, using cookies that are placed on a user’s computer when loading a page containing an ad, and then they use the Web surfing history to deliver other ads. Every time a user clicks on a “like” on Facebook or plus in Google that information is collected use by these companies and their clients. Internet users’ movements on the web are also being tracked for further use by countless other entities—both public and private.

Europe has been signaling an overhaul of its data protection laws that date from 1995. Last week, one legislator, Jan Philipp Albrecht, a member of the Green Party from Hamburg, introduced a bill that would create a new agency to enforce a series of measures giving Internet users greater control of their online information.

If approved, the proposal would replace an advisory panel to the European Commission with a privacy regulator with the power to make decisions for the 27 members of the European Union and levy fines of up to 2 per cent of a company’s revenue that violates Europe’s data protection laws.

The new measures would prohibit the use of a range of standard Web tracking and profiling practices that companies use to produce targeted advertising unless consumers give their explicit prior consent.

The bill would also grant European consumers a fundamental new right: data portability, or the right to easily transfer one’s personal posts, photos and video from one online service site to another.

A coalition of US, Asian and European businesses and advertisers have criticized the proposed plan, which would give Europeans much stronger legal protections to control their online identities than people elsewhere. However, the enactment of these laws is very good news for consumers concerned about the lack of regulation regarding data collection and user’s tracking on the interned and on social networks.

The European Parliament will vote on the proposal in April, and a final agreement with the upper house is expected later this year.

Governmental Intrusions, Twitter and the Right to Privacy

Malcolm Harris, one of about 700 protesters who participated in the Occupy movement march along the Brooklyn Bridge last October, was subsequently arrested and charged with disorderly conduct. The prosecutor in the case subpoenaed hundreds of Twitter messages alleging that they would show that the police did not lead protesters off the bridge’s pedestrian path and then arrest them, an argument that Mr. Harris was expected to make at trial.

Although Twitter originally refused, eventually, the criminal court Judge demanded that Twitter release the data or hand over its confidential earnings statements from the last two quarters so he could determine how much of a fine to levy against the company. Twitter, which keeps such financial data secret, eventually produced the  data.

The judge’s ruling said that, “If you post a tweet, just like if you scream it out the window, there is no reasonable expectation of privacy. There is no proprietary interest in your tweets, which you have now gifted to the world. This is not the same as a private e-mail, a private direct message, a private chat, or any of the other readily available ways to have a private conversation via the internet that now exist. Those private dialogues would require a warrant based on probable cause in order to access the relevant information.”

In its appeal, Twitter wrote that Harris’ tweets are protected by the Fourth Amendment “because the government admits that it cannot publicly access them, thus establishing that the defendant maintains a reasonable expectation of privacy in his communications.” The Twitter accounts in question have been closed and are no longer publicly available.

Technology that allows for the invasion of privacy evolves significantly faster than privacy protecting laws, and as a result, the laws are almost always reactive to these new legal scenarios and often rushed to meet the urgency of the case at hand. In this particular case, the question is whether a message on Twitter that a person posts for his followers is the same as a message “gifted to the world” as the Judge stated in his ruling, for which there is no reasonable expectation of privacy.

To the extent that Twitter allows a user to block a follower, the user has an expectation of privacy regarding his messages. I am pretty sure that Mr. Harris would have blocked a government representative who wanted to become a follower of his tweets.

Under these circumstances, did his messages become public? Were his messages “gifted to the world,” or are his messages more like emails, that would require the government to obtain a warrant to have access to them?