[Opinion] Kosovo mess: Made in the EU

van EU Observer - ma, 01/11/2016 - 14:58
Eggs. Tear gas. Riots. The Kosovo political crisis is escalating. Is it time for the EU and US to admit they made a bad deal on Serbia relations?

Categorieën: Europees nieuws

[Ticker] David Bowie 'helped bring down' Berlin Wall

van EU Observer - ma, 01/11/2016 - 13:41
Germany's foreign ministry in a message posted on Twitter thanked David Bowie for "helping to bring down the wall", referring to the wall that divided Berlin during the Cold War. The singer died from cancer Monday aged 69. He recorded three albums in West Berlin in the 1970s.

Categorieën: Europees nieuws

[Ticker] Belgium tax scheme illegal, commission says

van EU Observer - ma, 01/11/2016 - 13:11
Belgium's scheme on companies' excess profits is "illegal," the EU commission said Monday. "At least 35 companies were given an unfair competitive tax advantage" because their corporate tax base was reduced by between 50% and 90%, the commission said. The companies, mainly European, will have repay €700 million to Belgium.

Categorieën: Europees nieuws

[Ticker] Report: Putin asks Renzi to join Nord Stream II

van EU Observer - ma, 01/11/2016 - 13:00
Italian dailies La Stampa and Corriere della Sera report Russian leader Putin and Italian PM Renzi have discussed Italy joining the Nord Stream II gas pipeline project in a deal involving asset swaps between Italian firm Saipem and Russian company Rosneft. Renzi had been a vocal critic of the pipeline.

Categorieën: Europees nieuws

Settlement In Lawsuit Over NYPD's Surveillance Of Muslims Bringing A Long List Of Reforms To City's Policing

van TechDirt - ma, 01/11/2016 - 12:23

The NYPD considers itself to be the finest police force in the nation, if not the world. But its track record says otherwise. It lost a lawsuit over its "stop and frisk" program, thanks to its unconstitutionality and appearance of racial bias. It is currently in the middle of a lawsuit related to illegal summons quotas -- one in which it destroyed documents it was ordered to preserve. And now, it has just lost another lawsuit related to its biased policing.

The NYPD's pervasive surveillance of the city's Muslim population violated civil liberties on a massive scale. Despite being given an incredible amount of leeway to pursue its counter-terrorist activities, the so-called "Demographics Unit" did useless things like pressure informants into making stuff up to justify surveillance efforts and designate entire mosques as terrorist entities. What it didn't do, however, is generate any useful intelligence.

The city has just settled with the plaintiffs in the Muslim surveillance lawsuit, which will bring with it a slew of reforms. The proposed settlement includes modification of the guidelines along two principal lines: incorporating new safeguards and installing a civilian representative within the NYPD to reinforce all safeguards. A civilian representative will be a welcome change from the internal "oversight" performed by the NYPD -- which has been pretty much nonexistent. The program was started by an ex-CIA officer who seemingly assumed he could treat US citizens with the same disregard as foreign nationals.

A long list of stipulations could bring about much-needed changes in NYPD counter-terrorist program.

  • Prohibiting investigations in which race, religion, or ethnicity is a substantial or motivating factor
  • Requiring articulable and factual information regarding possible unlawful activity before the NYPD can launch a preliminary investigation into political or religious activity
  • Requiring the NYPD to account for the potential effect of investigative techniques on constitutionally protected activities such as religious worship and political meetings
  • Limiting the NYPD’s use of undercovers and confidential informants to situations in which the information sought cannot reasonably be obtained in a timely and effective way by less intrusive means
  • Putting an end to open-ended investigations by imposing presumptive time limits and requiring reviews of ongoing investigations every six months
  • Installing a civilian representative within the NYPD with the power and obligation to ensure all safeguards are followed and to serve as a check on investigations directed at political and religious activities. The civilian representative must record and report any violations to the police commissioner, who must investigate violations and report back to the civilian representative. If violations are systematic, the civilian representative must report them directly to the judge in the Handschu case.
  • Removing from the NYPD website the discredited and unscientific “Radicalization in the West” report, which justified discriminatory surveillance, and affirming that the report is not and will not be relied upon to open or prolong NYPD investigations

These reforms aren't set in stone yet. A still-pending class action suit over violations of the NYPD's Handschu Agreement (an agreement that was subverted by the CIA officer heading the Demographics Unit, who used post-9/11 terrorism fears to carve huge holes in the stipulation, which forbade the surveillance of First Amendment-protected activity) must be resolved before the proposed settlement can go into effect. Fortunately, the remaining hearing in that case involves comments from the plaintiffs, rather than an attempt by the city to dial back the proposed reforms.

The NYPD has a chance to salvage its reputation. The problem is, it doesn't see it that way, despite losing major lawsuits over two of its biggest programs. Without a doubt, the next few weeks will see plenty of criticism from the usual sources: District Attorney Cyrus Vance, NYPD Commissioner Bill Bratton and, because there's apparently no way to shut him up, NYPD union boss Pat Lynch. Any statements will only make these officials look worse as they'll be arguing on behalf of the wholesale violation of civil liberties.

Permalink | Comments | Email This Story

Categorieën: Technieuws

Five things you should know about the Dutch data breach laws

van ICT recht - ma, 01/11/2016 - 11:45

A new year brings about new opportunities. Also, it means a fresh start to new pieces of law, like the entry into force of the Dutch data breach laws. As of January the 1st of this brand new year, organizations are required to report data breaches to the Dutch Data Protection Authority, and in some cases to the involved data subjects as well. Given the variety of opinions and questions addressed to us, it appears that there is quite a bit of misunderstanding regarding this duty to report. Below you find five minsconceptions clarified.

1. Destruction of data can never be a data breach.
A common argument. After all, if the data is destroyed, they can no longer fall into the hands of malicious people. That’s right. However, destruction of personal data could be detrimental to parties concerned and is therefore considered by the regulator as a data breach.

2. The notification must be made within 24 hours / two business days.
This is incorrect. The period of 24 hours was expressed in another blog post I came across and the period of two business days was set out in the draft version of the guidelines of the regulator. The law states that the data breach should be notified immediately. In the final version of the guidelines, which are now indicated as policies, a 72-hour period is included. The regulator explains that immediately means that you may take some time for further investigation first. Incidentally, and if you can demonstrate why you needed more time, you may also report a leak after 72 hours,.

3. Failure to comply with the duty to report yieds a fine of € 810.000, -.
That is not entirely correct. Apart from the fact that the maximum penalty will be € 820.000, – (the penalties laid down in the Dutch Criminal Code will be increased per 1 January, 2016), the regulator has issued penalty policies in addition. In these policies, each violation of the Dutch Data Protection Act is classified in a separate category. The regulator is authorized to impose a maximum fine of € 820 000, -, but by not satisfying the reporting duty, a fine of the second category of the Dutch Criminal Code can be imposed. That equates to an amount between € 120.000, – and € 500.000, – per violation. You can expect two penalties if you “forget” to make a report to both the regulator and the data subjects involved.

Mind you, this is based on the consultation version of this policy. Perhaps the final version will introduce some changes.

4. The report can only be done in writing.
An often-heard argument is that the report can only be done in writing. Thankfully, this is also a misunderstanding. The regulator makes available a web form which can be used to make a report. If, for whatever reason, you cannot use that form, you may use fax (yes, really).

5. As a data processor, you also have a duty to report.
Only the data controller is obligated to report a data breach to the regulator and under circumstances to the involved data subjects as well. However, a processor plays a crucial role in making a report. A processor can be the one who discovers the leak in the first place. In that case, it is up to the controller to ensure that the processor is obligated to pass on such information as soon as needed. Such arrangements should be laid down in a processor’s agreement.

Would you like to know more? Please read the comprehensive policies of the Dutch Data Protection Authority (currently only available in Dutch).

Gerelateerde artikelen
Categorieën: Technieuws