Tracking and Controlling Your Child’s Mobile Phone Activities

I just came across a post on golem.de (a rather good IT news site – in German only, sadly) about bemilo, a service in the UK that (I quote)

“puts [parents] in full control of [their] child’s mobile service”;

“puts [parents] in the driving seat, 24 hours a day”;

“[gives parents] FULL control [w]ho [their] children can contact and who can contact them, time of das [their] children can use their phone, WHEN they can browse the web”;

“[enables parents to] [r]eview all calls & SMS messages at any time, block bullies at the flick of a switch, control mobile spend with no fuss [emphasis added].”

Do watch the intro on the website. It’s rather, well, unique, besides the fact that it the little toy man in the intro looks suspiciously similar to a typical LEGO design. Continue reading

Germany is Ready for Cloud Computing? Well, if the BSA says so…

According to the Business Software Alliance’s (BSA) “Global Cloud Computing Scorecard”, Germany is ready for the cloud computing age, ranking at a spectacular No. 3, ahead of such cloud computing powerhouses as the United States, Italy and Poland! If you’re interested in the methodology (a word that my spell check has never heard of) uses by the BSA, go here. Either way, the result is interesting. Because, and I know I’m repeating myself, if you ask data protection practitioners in Germany, “ready” is certainly not the term that comes to mind when dealing with the cloud. Continue reading

Fraunhofer Study on the (Lack of) Data Security of Cloud Storage Services

Popular cloud storage sercives often lack data security. This is the result of a detailed study published by MP3 inventor Fraunhofer Institute. Fraunhofer has scrutinized  Dropbox, Cloudme, Crashplan, Mozy, Teamdrive, Ubuntu One and Wuala. Continue reading

Art. 82 of the (Draft) General Data Protection Regulation

The (Draft) General Data Protection Regulation being a Regulation it not only aims at fully harmonizing the field of law it covers (as some Directives do) but would achieve that goal by simply being the (only) directly applicable law as far as its reach goes. Plus the Commission’s “empowerment to adopt delegated acts”, of course, which is a rather intriguing idea from a democracy point of view. But that’s another story.

One of the very few areas where the member states are given a certain amount of legislative leeway is set forth in Art. 82 of the Draft Regulation. Continue reading

Direct Effect of the “Cookie Directive” in Germany?

It has been reported that today Mr. Peter Schaar, head of the Federal Commissioner for Data Protection and Freedom of Information, announced at the Data Protection Congress 2012 that is currently held in Berlin that the EU “Cookie Directive” – which has not yet been implemented into German law – has EU law’s “direct effect” (also known as “immediate applicability”), making Art 5 (3) of the Directive directly applicable and effective under German law. He (as reported) added that therefore Art. 5 (3) of the Directive can be applied and enforced by the German data protection authorities in their day to day business. Ooops! Continue reading

Analytics Cookies to Be Exempt from Consent Requirement in France

As reported by DataGuidance, the UK Information Commissioner the enforcement of the “cookie law” will be “pragmatic and realistic” in the UK. “Pragmatic” and realistic”: Sounds good doesn’t it? Doesn’t sound very German, though, does it? As explained here, the cookie situation in Germany is still unresolved, largely due to the (my take on the matter) inability to come up with a draft for transforming the Directive’s into German law that provides for a workable solution the problem. It seems that at least the current government feels uncomfortable to pass a law the wording of which would effectively rule out a good portion of how websites work today.

Even more interestingly, in the same DataGuidance post they report that the French Data Protection Authority (CNIL) will exempt analytics cookies from the new requirement of prior consent. Continue reading

On Facebook Fan Pages

As you may have heard, as per the self-appointedly competent data protection authorities in Germany you may not set up and maintain a Facebook fan page, nor may you embed Facebook plugins into to your web pages (it’s true, read here, here, here, and here). If you do, you’re acting in violation of German data protection law. Continue reading

The “Sopot Memorandum”: Recommendations on Cloud Computing

The International Working Group on Data Protection in Telecommunications, a working group of the International Conference of Data Protection and Privacy Commissioners (no entry in the Wikipedia. Should that make us think?), established and still run by the head of the data protection authority of the federal state of Berlin, has published a working paper with recommendations regarding the use of cloud computing services by companies and public authorities. They’ve called it the “Sopot Memorandum“. Conference pros never fail to pick one of the nicer and more interesting spots to meet, do they?

Starting from the usual analysis (cloud computing is risky with respect to privacy, data protection “and other legal issues”, you know the deal), the Working Group, essentially, recommends: Continue reading

EU Cookie Law in Germany

As we are quickly moving towards Germany’s 1st anniversary of non-compliance with the infamous “EU Cookie Directive“, one would expect the legislator to really make a push to get something on paper, right? Well, not so. In fact, there isn’t even a legislative silver lining anywhere to be seen. We have witnessed one draft of a change to the “Telemedia Act” (the place where any transforming the EU’s wisdom into German law would take place) submitted by the federal state of Hessen last year that no one has really talked much about, and one draft submitted by the current opposition in the Bundestag that has now been rebuffed on committee level without before even getting a proper hearing in parliament – without spoiling us by publishing any reasons for the government’s stance, sadly. That said, that’s all good news, really. Continue reading

Employee Data Protection Act to be (Finally) Finalized?

It has been an ongoing (if disrupted) saga since 2010, but it could be that the pending Federal Act on Employee Data Protection (we Germans simply cannot live without regulation on each and every aspect of life) will be finished and pushed through the competent legislative bodies (in 2012 even, as it has been suggested?).

So, what would be new? Well, until now we have been doing with just one, if very abstact, section in the Federal Data Protection Act. Now, we’d enjoy some 13 or so sections, each, not surprisingly, composed of several exhausting paragraphs. Fun for us lawyers, certainly! On the other hand, however, some grey areas (e.g. video surveillance, collecting telecommunications data) would actually be (somewhat) clarified. Yet, the most interesting new development is that, apparently, it would be possible Continue reading