International Update: Euro Backlash, EU v Microsoft and Google, Right to be Forgotten and Delay in Canadian Spam Law

NSA’s Euro-Backlash: Germany’s Merkel Calls For New EU Privacy Legislation

German Chancellor Angela Merkel of Germany, reflecting the widespread European outrage over the NSA scandal, is calling for the European Union to  iadopt legislation requiring Internet companies to disclose what information about users they store and to whom they provide it.  As the New York Times explains:

Unlike many citizens in the United States, whose desire to prevent the kind of widespread terrorist attacks like those of Sept. 11, 2001, often trumps their concerns about privacy rights and government surveillance, Germans have experienced the corruption of those rights under the Nazis and later the Communist government of East Germany, making them far more sensitive to the issue. Until now, though, Germany has been slow to back an aggressive privacy initiative across Europe partly because the country’s laws are among the tightest in the bloc.  . . . Ms. Merkel said she now believed that only a broader pact could be effective. “That has to be part of such a data privacy agreement because we have great regulation for Germany, but if Facebook is registered in Ireland, then it falls under Irish jurisdiction,” she said. “Consequently we need a common European agreement.”

Merkel indicated that she would meet with her cabinet ministers shortly to develop a privacy proposals.  Previously, Merkel’s Interior Minister had warned German consumers

whoever fears their communication is being intercepted in any way should use services that don’t go through American servers.

Viviane Reding, the EU Vice President who has been spearheading European data protection reform, has said the NSA furor  had given Europeans “a wake-up call” when it came to privacy.

 “Data protection in Europe is a fundamental right.   Strong rules allow trust and, in the Internet world, without trust you cannot go ahead.”

EU Fines Microsoft, Turns Heat Up on Google

googleIn 2009, Microsoft entered into a consent decree with the EU over allegations that it used its market power to tie Internet Explorer to Windows.  As a result, it agreed to offer a browser choice screen to consumers through 2014, but failed to do so for 14 months between May 2011 and July 2012.  This resulted in a €561 million fine on Microsoft since  “[a] failure to comply is a very serious infringement that must be sanctioned accordingly.”

Google is under investigation by privacy enforcement authorities in France, Germany, Italy, Netherlands and the UK over 2012 changes to its privacy policy that created a streamlined policy for multiple Google applications.  The UK has given Google until September to update its privacy policies, noting

the updated policy does not provide sufficient information to enable UK users of Google’s services to understand how their data will be used across all of the company’s products.

France has also given Google three months to address the issue.


European Court of Justice Puts Brake on Push for Right to be Forgotten

The European Court of Justice’s Advocate General, Niilo Jaaskinen, said in a formal opinion that a general “right to be forgotten” is not contemplated in the EU Data Protection Directive.  The AG stated that imposing an obligation to block access to legally-published content would dangerously interfere with search users’ rights to access information, as well as Google’s fundamental right to conduct a business.  The situation would be different, noted the AG, if the underlying content is illegal.  However, in this case, the underlying content is legal, and a right to be forgotten would therefore raise difficult censorship issues.


In 2012, EU Vice President Viviane Redding outlined her privacy initiative with the “Right to be Forgotten” being its centerpiece:

Another important way to give people control over their data: the right to be forgotten. I want to explicitly clarify that people shall have the right – and not only the ‘possibility’ – to withdraw their consent to the processing of the personal data they have given out themselves.

The Internet has an almost unlimited search and memory capacity. So even tiny scraps of personal information can have a huge impact, even years after they were shared or made public. The right to be forgotten will build on already existing rules to better cope with privacy risks online. It is the individual who should be in the best position to protect the privacy of their data by choosing whether or not to provide it. It is therefore important to empower EU citizens, particularly teenagers, to be in control of their own identity online. By the way, 81% of German citizens are worried they are no more in control of their personal data!

If an individual no longer wants his personal data to be processed or stored by a data controller, and if there is no legitimate reason for keeping it, the data should be removed from their system.


Canadian Spam Law Implementation Not Likely Until 2014

industrycanadaOn December 15, 2010, Canada approved the “Fighting Internet and Wireless Spam bill, with implementation on hold pending approval of implementing legislation.  It now appears those regulations will not be released until later this summer with implementation delayed until fall 2014 (and even then there is talk that some portions of the bill might be delayed until 2017.

In comparison, the CAN-SPAM Act was passed in 2003 and became operational fifteen days later and Canadian John Davidson walked across Canada in 251 days.

More Info:  Merkel Urges Europe to Tighten Internet Safeguards, New York Times; Merkel Gets Behind Controversial European Data Protection Reform; Tech Week Europe; EU, US Regulators Turn Up Heat Over Google’s Privacy Policy, Law360;  Antitrust: Commission fines Microsoft for non-compliance with browser choice commitments, EU Press Release; EU Court Rules That You Have No ‘Right To Be Forgotten’ By Google, Huffington Post;  Anti-spam law could be canned by government, Toronto Star