By not informing its users about what data it collects and by not asking for permission, Google is breaking the Dutch data protection act, privacy watchdog CBP said in a press release last Thursday.
The investigation shows that Google combines personal data relating to Internet users that the company obtains from different services. Google does this, amongst others, for the purposes of displaying personalised ads and to personalise services such as YouTube and Search. Some of these data are of a sensitive nature, such as payment information, location data and information on surfing behaviour across multiple websites. Data about search queries, location data and video’s watched can be combined, while the different services serve entirely different purposes from the point of view of users.
Internet lawyer Arnoud Engelfriet points to a peculiarity of Dutch privacy law that says you have to ask users for informed consent. It’s not enough to say ‘this is how we deal with your privacy’, users should be able to understand what is going to happen and say ‘no’ before it happens. Also, Google shouldn’t say what they could do with your data, they are obliged to say what they will do with your data.
Apparently Google tried to defend themselves by claiming they do not collect personal data, they merely create profiles. CBP quotes Google’s own CEO Eric Schmidt back at them who once stated: “We don’t need you to type at all. We know where you are. We know where you’ve been. We can more or less know what you’re thinking about.” Google’s chief Internet evangelist (and Internet co-inventor) Vint Cerf said two weeks ago at a privacy and security workshop of (of all people) the US Trade Commission (40 minutes into the video): “I would not go as far as to simply, baldy assert that privacy is dead. [...] But let me tell you that it would be increasingly difficult for us to achieve privacy. I want you to think for just a minute about the fact that privacy may actually be an anomaly.”
Engelfriet concludes: “Google of course believes the criticism is invalid and uses a barrage of marketing language [...] to keep dancing around the issue. And that is all that will happen. I don’t see what kind of effective measures CBP can take to make Google fundamentally change its ways—which is a pity, because this is one of the most substantial reports CBP has issued in a long time.”
(Link: the Register; photo by Jeff Schuler, some rights reserved)
Tags: Eric Schmidt, Google, privacy, Vint Cerf
Screenshot of uitzendinggemist.nl with the cookie dialogue.
The website that the public broadcasters of the Netherlands use to display videos of programmes that have already been broadcast, Uitzending Gemist, has been locked down for visitors who refuse to accept Internet cookies.
Volkskrant quotes a spokes person of NPO, the organization running Uitzending Gemist, saying: “We are legally obliged to report how many people we reach, and cookies are important to this goal. This is why our websites and on-line videos can only be made accessible to those who accept cookies.”
The public broadcasters are paid from general taxes. OPTA, the government watchdog for telecom issues, has been leaning heavy on the owners of publicly funded websites lately. The agency stated that government organisations have to set the right example.
One commenter at Arnoud Engelfriet’s blog said (and in my opinion he or she is right): “A law that was enacted to protect consumers is now being used to hijack consumers. [...] In my opinion the law was set up to give people an actual choice—to allow cookies or not. Forcing visitors to allow cookies (or else the site cannot be visited) is absurd.”
Disclaimer: 24 Oranges has yet to determine how to apply the cookie law without inconveniencing its visitors.
Tags: cookie law, cookies, NPO, privacy, public television, public utilities, Uitzending Gemist
Dutch Rail is on a roll. Last Tuesday Webwereld reported that the state-owned monopolist has been sending spam to the users of the ‘anonymous’ version of the OV-chipkaart, the troubled Dutch transport card.
According to the tech news site, users of the anonymous card, with which you can pay for travel across modes and providers, had to give Dutch Rail their e-mail address in order to be able to travel with the company—presumably so that Dutch rail could differentiate between first and second class. Dutch Rail would then, however, abuse those addresses by inundating them with spam.
Earlier Dutch Rail was fined 125,000 euro by the Dutch privacy authority CBP for storing sensitive data about student travellers for too long.
It has not been a good week for Dutch Rail. Yesterday De Volkskrant reported that the company has been evading taxes by buying trains using a subsidiary in Ireland. The subsidiary would then leases those trains to the Dutch parent company. Train companies pay 9% in taxes in Ireland, but 25% in the Netherlands.
Par for the course for big business, you say? That may be true, but Dutch Rail is owned by the government. Basically, this is the example the Dutch state is setting to all tax payers. To make matters worse, Dutch Rail has a monopoly on all the juicy routes in the country. Other transport companies are allowed to run trains in the country, but only in areas that are not as profitable.
Suffice it to say that politicians were not happy, with for example PvdA (Labour) leader Diederik Samson calling Dutch Rails’ tactics ‘wrong’ and an example of ‘a lack of morals’. It is unclear to me whether politicians are upset because of Dutch Rails’ behaviour, or because their baby got caught red-handed.
(Photo by Flickr user UggBoy hearts UggGirl, some rights reserved)
Tags: Dutch Rail, government, privacy, tax evasion, taxes
Hardly any Dutch website adheres to the new cookie law that came into force last Tuesday, online tech mag Webwereld reports.
The law, which is a strict implementation of the EU cookie directive, aims to protect website visitors’ privacy by making tracking illegal. Tracking is a way of building a profile of you and your likes by monitoring which websites you visit. This profile can then be used to tailor advertisements to your tastes, or for far more heinous purposes.
Enforcement agency OPTA says it is not their job to determine the contours of the law. “We expect the market to take care of that.” The agency told Webwereld it will start enforcing the law right away, but will first focus on “sites with dangerous cookies, and sites with cookies that are hard to remove.”
Arnoud Engelfriet points out that even the government is still serving cookies without permission at rijksoverheid.nl.
24 Oranges is currently looking at its cookie use and responsibilities before the law. As you may gather from the above article, this matter is more complex than it seems at first sight, so apologies for the delay.
In the meantime if you’re worried about your privacy—as you should—consider disabling third-party cookies in your browser and installing ad blockers. Neither method is perfect as far as I know.
(Screenshot: the Telegraaf cookie banner)
Tags: cookies, privacy
Eight months ago the city of The Hague refused to provide Louise van Luijk with a passport, even though as a Dutch citizen she has the right to one. Last Monday (Webwereld) or Tuesday (De Stentor) Van Luijk was heard by an appeals court which expects to have a ruling ready on March 23.
As part of new European rules for biometric passports, Van Luijk would have to provide the state with her fingerprints, which she refuses to do. For that reason the city has refused to issue her a passport. Van Luijk claims this is a human rights issue, as all kinds of official activities in the Netherlands require being able to identify yourself.
The Dutch government wants to store fingerprints from passports in a central database—not required by the new European law—, and Van Luijk fears that the French company managing this database could sell her private data to other parties. The fear may be unfounded, but the Dutch government does not have a good track record when it comes to securing the private data of its citizens.
According to De Groene Amsterdammer, passports are required if you want to register with the Chamber of Commerce, file a report with the police, register a newborn with the municipality, vote, buy a house, and so on. Van Luijk’s personal experience is different: when her child was born, the city accepted a copy of her birth certificate as proof of her existence. People in the Netherlands are obliged to identify themselves to the authorities when asked.
Tags: biometrics, civil rights, fingerprints, passports, privacy
The Court of Appeal in Den Bosch has recently ruled that the public prosecutor must start a case against
reporters Sophie Hilbrand and Filemon Wesselink for spying on TV presenter Albert Verlinde and his husband, Onno Hoes.
Ironically, Albert Verlinde is one of the presenters of TV gossip programme RTL Boulevard, and Onno Hoes is the Mayor of Maastricht—between them they must have committed more privacy violations than all the hidden cameras in girls’ locker rooms the world over combined.
Volkskrant reports that reporters Sophie Hilbrand and Philemon Wesselink installed audio recording equipment in an award they presented to Verlinde, the ‘Golden Ear”, with which they successfully recorded a discussion Verlinde and Hoes had in the car on their way home. The public prosecutor had already fined the reporters
, so that they now get punished for the same offence twice. For the record, double jeopardy—or ne bis in idem as it is called here—is illegal in the Netherlands.
(Photo of Albert Verlinde by Thomas van de Weerd, some rights reserved)
Tags: Den Bosch, journalism, judges, law, privacy, spying
The Hague residents who wish to go all Wikileaks on civil servants by filming their interrogators, risk losing their welfare benefits, Sargasso reports.
Blogger Dimitri Tokmetzis discovered this when he received the results of a freedom of information request about the so-called Haagse Pand Brigade, a unit of municipal civil servants that invades the homes of those vaguely suspected of such wrongdoings as welfare fraud, growing marijuana or illegal sub-letting.
A manual for the Brigade dictates:
Sometimes welfare recipients wish to make an audio or video recording of the visit. This recording could be against the will of team members, and could lead to publication that is against their will. This can have far-reaching personal consequences for the team members. This is not tolerable, and therefore we prescribe the following:
1) If a customer indicates that he wishes to record the visit, or if he is already in the process of recording the visit, the team members will indicate clearly that they do not give permission for the recording, and will stop the visit.
2) The team members will explain to the customer that their behaviour will be interpreted as refusing to cooperate in determining the right to welfare benefits (article 17 WWB), and that this can have consequences for their right to welfare. When the customer publishes his recordings, he will be reported to the police.
For the record, in the Netherlands you do generally not need permission to film someone, and so-called portrait rights (the limited right to object to publication of your portrait) are part of civil law, not of criminal law.
Tokmetzis adds that since the Brigade members are doing their work in public, they should expect and accept public scrutiny.
(Photo by FaceMePLS, some rights reserved)
Tags: copyright, homes, portraits, privacy, The Hague, Wikileaks
Not only have three Dutch guys (Barry Borsboom, Boy van Amstel and Frank Groeneveld) managed to make a point about privacy on the Internet, they have attracted the international blogosphere with their site Please Rob Me, “Listing all those empty homes out there”.
Please Rob Me basically shows you how much info you are giving out through social networks. You Twitter ‘Stuck in traffic’ or ‘I’m in Rome for a week’, you use Tripit to announce where you’re jet-setting off to next, Facebook to update your ‘friends’ on your whereabouts and Foursquare to tell people you are the ‘mayor’ of that noodle place downtown because you chow down there so often.
Boy van Amstel said on telly that he had no bone to pick with Foursquare, but did say it was the prime example of telling potential thieves when someone is not at home. Although other sites tell people where you are as I mentioned, Please Rob Me is aiming its guns at Foursquare with a Twitter account showing all the Foursquare tweets.
In a long blog posting, Foursquare tell us they are not happy campers and that they do respect privacy. It’s how people choose to give out information that is the problem. Two thirds of the Western world is not at home during the day and geo-location services like Foursquare will probably not lead to more robberies. However, on both Twitter and Facebook, you get to choose who follows you and therefore who reads your information. With Foursquare people tend (my Dutch friends do this) to push where they are to Twitter and Facebook, letting everybody read it.
But do we care? I don’t get why these guys felt the need to make this site or target Foursquare. Many Dutch houses don’t even have curtains (an old Dutch tradition!) and you can see the entire living room, flat screen TV and all. This site has the finger wagging ‘Dutch uncle’ (someone who always knows better) all over it.
So don’t overshare (most of us already do) and go easy on the drunken photos or photos of you drinking booze, it will damage your chances of getting a job (that’s me finger wagging now).
(Links: Please Rob Me, Foursquare, Photo of Living room window by Jimmy2000, some rights reserved.
Tags: Facebook, Foursquare, privacy, Tripit, Twitter
The Netherlands scores a poor 21st place on the international list of countries that uphold citizens’ privacy, according to the 2007 International Privacy Ranking of Great Britain. The Netherlands is in the category labelled “systematic failure to uphold safeguards” when it comes to privacy. The Netherlands also scores poorly when it comes to ID cards and biometrics.
According to Privacy International, the Netherlands’ score is so bad because of its compulsory identification, the possibility of listening in on phone conversations (communication interception) and the obligation of storing Internet data (data sharing). If you read the section entitled ‘countries with the worse records’, the Netherlands gets nailed for its leadership, albeit along with half the EU and others.
Some highlights of the privacy problems specific to the Netherlands:
- Continued proposals to increase power of law enforcement agencies
- Plans to implement in 2008 a database of all children to record development from birth
- Compulsory identification for all persons from age of 14, where 5,300 individuals are fined every month for not carrying ID
- Courts have ruled that subscriber data can be disclosed to copyright industry, and anonymous website owners
(Link: Het Parool)
Tags: copyright, Netherlands, privacy, rights, safeguards
Yesterday Schiphol Airport began using new body-scanning machines at security checkpoints, becoming the first major airport to use the technology to find metals and explosives hidden under clothing.The “security scan” system, which uses harmless radio waves to display head-to-toe images of people, is also being used by other airports on a trial basis, but Schiphol is the only one to deploy the technology for regular use at its checkpoints. It takes three seconds to go through the scanner.
Schiphol is one of the world’s most modern airports, with flat-panel screens (as long as the info is somewhere), airport-wide Web access (totally overpriced BTW) and iris scanners already on offer to those who want to bypass passport lines (it’s the baggage check lines that are nasty).
Tags: privacy, Schiphol