EPIC logo

=======================================================================
                              E P I C   A l e r t
=======================================================================
Volume 16.14                                              July 21, 2009
-----------------------------------------------------------------------

                                Published by the
                   Electronic Privacy Information Center (EPIC)
                                Washington, D.C.

                 http://www.epic.org/alert/EPIC_Alert_16.14.html

			"Defend Privacy. Support EPIC."
			     http://epic.org/donate


=======================================================================
Table of Contents
=======================================================================
[1] Justice Department Open Antitrust Inquiry in Google Book Deal
[2] Nomination Hearings for Judge Sotomayor
[3] Inspector Generals Issue Report on President's Surveillance Program
[4] Canadian Commissioner Holds that Facebook Must Strengthen Privacy
[5] Global Privacy Standards in a Global World
[6] News in Brief
[7] EPIC Bookstore: "Global Employee Privacy and Data Security Law"
[8] Upcoming Conferences and Events
        - Join EPIC on Facebook http://epic.org/facebook
  	- Privacy Policy
  	- About EPIC
  	- Donate to EPIC http://epic.org/donate
  	- Subscription Information

=======================================================================
[1] Justice Department Open Antitrust Inquiry in Google Book Deal
=======================================================================

On July 2, 2009, the Department of Justice announced an investigation
into Google's proposed settlement with book publishers and authors. The
settlement addresses a federal lawsuit filed by rights holders against
Google, and arose from Google's large-scale digitization of books.
The Department "determined that the issues raised by the settlement
warrant further inquiry," and noted that commentators have "expressed
concern that aspects of the settlement agreement may violate the
Sherman [anti-trust] Act." The announcement follows the European
Commission's notice of a similar investigation. The European Commission
has announced that it will hold a hearing on September 7 for
interested parties to comment.

Commentators have criticized the proposed settlement on privacy
grounds. University of California Professor Pamela Samuelson filed a
letter with the court warning that the settlement will enable entities
to "gather detailed information about the type and extent of academic
research . . . inconsistent with norms and sound practices within
academic communities." Library groups, including the American Library
Association, caution that the settlement fails to protect user privacy,
placing no restrictions on what information Google will retain about
the user, how it will use that information, or how it will protect user
data. 

Academics and others also object to the settlement on anti-trust
grounds. The Institute for Information Law and Policy at New York Law
School told the Court that the settlement "threaten[s] the public
interest" by providing Google with "exclusive access to a large portion
of the market for electronic versions of books," and granting Google
the opportunity to "impose unfair and overreaching terms on libraries
and readers." Professor Samuelson notes that the settlement-created
Book Rights Registry could "have an institutional bias against helping
academic authors who might want to put their books in the public domain
or make them available under Creative Commons Licenses."

The Google Books project began in 2004 as an online research tool and
database to access the texts or large portions of the texts of millions
of books. Google entered into agreements with several libraries to
digitize books, including books protected by U.S. Copyright law, in
those libraries' collections. In 2005, the Authors Guild and several
publishers sued Google. The rights holders alleged that the project's
digitization process infringed their copyrights. In response, Google
argued that its digitization of the books is permitted under U.S.
Copyright law's "fair use" doctrine. In 2008, the parties negotiated
a proposed settlement. The federal court for the Southern District of
New York must analyze the settlement's fairness, and approve or reject
the terms. The Court has solicited comments, which are due September 4,
2009.

EPIC has a long history of opposing actions that consolidate data
concerning users' online habits. On April 20, 2007, EPIC and other
privacy groups filed a complaint with the Federal Trade Commission,
requesting that the agency open an investigation into the proposed
Google/Doubleclick merger. EPIC identified specific privacy threats
arising from the heightened ability of the merged company to record,
analyze, track, and profile Internet users' activities. The Department
of Justice later scuttled Google's proposed deal with Yahoo based on
similar privacy concerns. The Department's probe focused on Google's
growing power in advertising.


July 2, 2009 Department of Justice Letter to Judge Denny Chin:
     http://epic.org/privacy/googlebooks/7-2-09_ltr.pdf

Judge Chin's Response to July 2, 2009 DOJ Letter:
     http://epic.org/privacy/googlebooks/7-2-09_order.pdf

EPIC - Google Books Settlement and Privacy:
     http://epic.org/privacy/googlebooks/default.html	

Pamela Samuelson, "Legally Speaking: The Dead Souls of the Google
Booksearch Settlement:"
     http://epic.org/redirect/072009_Samuelson_LegallySpeaking.html

Information Note filed by the German Delegation to the Council of the
European Union:
     http://register.consilium.europa.eu/pdf/en/09/st10/st10221.en09.pdf

EPIC - Search Engine Privacy:
     http://epic.org/privacy/search_engine/

EPIC - Privacy? Proposed Google/DoubleClick Deal:
     http://www.epic.org/privacy/ftc/google/

Yahoo! Inc. and Google Inc. Abandon Their Advertising Agreement,
Justice Department Press Release, November 5, 2008:
     http://www.usdoj.gov/opa/pr/2008/November/08-at-981.html


=======================================================================
[2] Nomination Hearings for Judge Sotomayor
=======================================================================

President Obama nominated Judge Sonia Sotomayor to replace Justice
David H. Souter as an Associate Justice of the Supreme Court of the
United States earlier in May this year. On July 13, the Senate Judiciary
Committee began its hearings to consider the nomination of Judge
Sotomayor. After the President selects, but before the Senate as a
whole considers the nominee, the Senate Judiciary Committee initiates
its own intensive investigation into the nominee's background. 

The confirmation hearing began with a statement from the Committee
chairman, Senator Patrick Leahy, followed by a statement from Judge
Sotomayor. Senators, starting with the Chairman, then commenced the
questioning in descending order of seniority.

Several questions from the Senators concerned privacy issues. Senator
Herb Kohl of Wisconsin first asked Judge Sotomayor if she believed
there was a general right to privacy in the Constitution. Sotomayor
responded in the affirmative. Senator Sheldon Whitehouse of Rhode
Island questioned Sotomayor about her views on the privacy of
information stored on electronic databases. Sotomayor explained that
the circumstances in which stored information received protection 
depended on Congress's determinations about safeguarding certain
types of information and what the Constitution had to say about such
matters. Senator Arlen Specter of Pennsylvania also solicited the
Supreme Court nominee's views on whether she believed the Supreme
Court should have granted certiorari in a case involving the Foreign
Intelligence Surveillance Act. Sotomayor did not provide a direct
answer to the Senator's question.

Senator Russ Feingold of Wisconsin asked Sotomayor to comment on Open
Government issues, particularly about circumstances in which the
Supreme Court has issued rulings containing substantive interpretations
of FISA that were neither available to a full Congress nor the public.
Sotomayor expressed that Congressional intent behind a statute was of
primary importance. Al Franken of Minnesota also asked Sotomayor
whether the words "privacy" could be found in the Constitution.
Sotomayor responded in the negative, but nonetheless stated, in
general, that courts recognize the right to privacy. Senator Diane
Feinstein questioned Sotomayor on how she, as a Supreme Court Justice,
would balance the executive branch's expertise in national security
matters with the judicial branch's constitutional duty to enforce the
Constitution and to prevent abuses of power.

Senator Cardin elicited Judge Sotomayor's views on the role the court
faced on privacy issues in the 21st century, especially since the
Constitution was drafted in the 18th century. The nominee responded
that the right to privacy has been recognized in a wide variety of
cases and circumstances for over 100 years. She stated that such
cases provided precedents and frameworks - although society changes,
the Constitution and its principles have remained the same.

Although the Committee vote on the nomination was to be held on
Tuesday, July 21, the voting was postponed by a week. The full Senate
is expected to vote on the nomination before the summer recess,
scheduled for August 7.

EPIC prepared an extensive page on Judge Sotomayor's view on privacy
and other related issues. EPIC also provided running coverage of the
nomination hearings and the Committee vote over Twitter at
@privacy140 #sotomayor #scotus #privacy.


EPIC - The Nomination of Judge Sotomayor:
     http://epic.org/privacy/sotomayor

The President's Nominee: Judge Sotomayor, The White House Blog Post,
May 26, 2009:
     http://www.whitehouse.gov/sotomayor/

Testimony of Judge Sonia Sotomayor:
     http://epic.org/redirect/072009_Sotomayor_Senate_Testimony.html

Transcript from The Los Angeles Times:
     http://epic.org/redirect/072009_Sotomayor_LATimes.html

Twitter - privacy@140:
     http://www.twitter.com/privacy140

Statement of the Honorable Patrick Leahy:
     http://epic.org/redirect/072009_Sotomayor_Leahy_Open.html

Rules of Procedure United States Senate Committee on the Judiciary:
     http://judiciary.senate.gov/about/committee-rules.cfm



=======================================================================
[3] Inspector Generals Issue Report on President's Surveillance Program
=======================================================================

The Inspector Generals of the Intelligence Community released a report
on the President's Surveillance Program. A separate classified version
was also provided to the relevant Congressional Committees. The
unclassified report summarizes the collective results of the reviews
that can be publicly disclosed. The report was mandated under the
Foreign Intelligence Surveillance Act Amendments Act of 2008. The
review, prepared by the Inspectors General of the participating
Intelligence Community describe how following the terrorist attacks of
September 11, 2001, the President directed the NSA's signals
intelligence collection capabilities be used. Although President Bush
referred to the activities as the "Terrorist Surveillance Program,"
the Inspectors Generals chose instead to describe the program as the
President's Surveillance Program (PSP)."

The report examined (a) all the facts necessary to describe the
establishment, implementation, product, and use of the PSP;
(b) access to legal reviews of the PSP and access to information about
the PSP; (c) communications with, and participation of, individuals
and entities in the private sector related to the PSP; (d) interaction
with the Foreign Intelligence Surveillance Court and transition to
court orders related to the PSP; and (e) any other matters identified
by any such IG that would enable that IG to complete a review of the
PSP, with respect to such Department or element.

The review details the inception of the PSP and the expansion of
NSA's collection activities to conduct electronic surveillance within
the United States without an order from the Foreign Intelligence
Surveillance Court; the implementation of the surveillance program;
the subsequent legal reassessment and the transition of certain
activities to the FISC orders and the impact of PSP on the Intelligence
Community's counterterrorism efforts.

The report also states various conclusions of the different IGs of the
Intelligence Community. Although the NSA OIG report found no evidence
of intentional misuse of the program, the DOJ OIG concluded that it
was "foreseeable that [PSP derived] information might impact the
process and that the initial delay in reading anyone from DOJ's Office
of Intelligence Policy and Review or the FISC into the PSP
unnecessarily jeopardized DOJ's relationship with the Court. In
addition, overly restrictive limitations on the number of OIPR
attorneys and FISC judges who were read into the program created
significant and avoidable problems of workload imbalance." The DOJ OIG
concluded that once the PSP began to affect the functioning of the 
FISA process, the number of OIPR staff and FISC judges read into the
PSP to manage the program's impact should have been increased.

The DOJ OIG also concluded that it was extraordinary and inappropriate
that a single DOJ attorney, John Yoo, conducted the initial legal
assessment of the PSP, and that the lack of oversight and review of
Yoo's work contributed to a legal analysis of the PSP that at a minimum
was factually flawed. Upon Yoo's departure, his successors at DOJ began
developing an analysis to more fully address the FISA statute with
respect to the PSP. The DOJ OIG further concluded that the White
House's strict controls over DOJ access to the PSP undermined DOJ's
ability to perform its critical legal function during the PSP's early
phase of operation and the circumstances plainly called for additional
DOJ resources to be applied to the legal review.

Finally, the DOJ OIG found it difficult to assess or quantify the
overall effectiveness of the PSP program as it related to the FBI's
counterterrorism activities. However, based on the interviews conducted
and documents reviewed, the DOJ OIG concluded that although PSP-derived
information had value in some counterterrorism investigations, it
generally played a limited role in the FBI's overall counterterrorism
efforts. The DOJ OIG advised that "the retention and use by [Intelligence
Community] organizations of information collected under the PSP and
FISA should be carefully monitored."

In December 2005, EPIC requested the legal opinions that were prepared
to justify the program. The government has refused to produce many key
documents, and EPIC sued under the Freedom of Information Act. In March
this year, the Attorney General released several related memos, which
previously were secret, following President Obama's statement on
government transparency. However, the legal authority for the wiretap
program still remains secret.


Intelligence Community:
     http://www.intelligence.gov/index.shtml

Unclassified Report on the President's Surveillance Program:
     http://judiciary.house.gov/hearings/pdf/IGTSPReport090710.pdf

EPIC's FOIA Complaint:
     http://www.epic.org/privacy/nsa/complaint_doj.pdf

Department of Justice Releases Nine Office of Legal Counsel
Memoranda and Opinions:
     http://www.usdoj.gov/opa/pr/2009/March/09-ag-181.html

USDOJ - Office of Legal Counsel Memoranda:
     http://www.usdoj.gov/opa/documents/olc-memos.htm

EPIC FISA:
     http://epic.org/privacy/terrorism/fisa/

EPIC FOIA Work on NSA's Warrantless Surveillance Program:
     http://epic.org/privacy/nsa/foia/default.html

EPIC Wiretapping:
     http://epic.org/privacy/wiretap/

EPIC National Security Letters:
     http://epic.org/privacy/nsl/default.html



=======================================================================
[4] Canadian Commissioner Holds that Facebook Must Strengthen Privacy
=======================================================================

The Office of the Privacy Commissioner of Canada released a Report of
"Findings into the Complaint Filed by the Canadian Internet Policy and
Public Interest Clinic" against Facebook, Inc. The complaint was filed
by the CIPPIC under the Personal Information Protection and Electronic
Documents Act, and contained twenty-four allegations concerning a range
of Facebook business practices.

The PIPEDA covers privacy protections by private data holders, including
the actions of third parties to whom the data holders provide
information. It requires data holders to obtain individual consent for
any use of such data, and requires data holders, upon request, to
provide details regarding the nature of information held, and a list of
all third parties to whom the information has been provided.

The charges include allegations that Facebook fails to inform users:
how it uses the personal information it collects; the extent of
disclosures of such information to the more than 950,000 third-party
application developers; of new uses of the personal data collected; of
monitoring for anomalous behavior; and, of persistent cookies in mobile
Facebook. The complaint further alleges that Facebook fails to allow
for deletion (as opposed to deactivation) of user accounts or obtain
consent from non-users for upload and storage of personal information.
Privacy Commissioner Jennifer Stoddart stated that while Facebook has
clearly made efforts to maintain user privacy, "we found serious
privacy gaps in the way the site operates."

Facebook has agreed to many of the Commission's recommendations, and
has also proposed what the Commission calls "reasonable alternatives"
to others. The company has not, however, addressed all of the
recommendations, noting that under the current "statement of rights
and responsibilities" it would have to consult users regarding changes
to certain policies. The Commission, however, states in its report
that "[w]hile we understand the importance Facebook places on user
feedback, the legislative requirements and obligations imposed by the
Act are not contingent on user approval."

The Commission will review Facebook's new policies in 30 days to
assess that the company is in compliance with the ruling. If Facebook's
changes are unsatisfactory, the Commission can take the issue to Federal
Court to enforce the recommendations.

In June, the Article 29 Working Party warned about the dissemination
and use of information available on Social Networking Sites for other
secondary, unintended purposes. Earlier, in February, Facebook had
announced that it was opening its site governance to user voting after
the new Terms of Service were widely criticized, and were to be the
subject of an EPIC complaint to the Federal Trade Commission. Facebook
restored the old terms and sought user feedback on the new terms. About
75 percent of the users voted to adopt new terms re-drafted from user
feedback. Under the updated terms, users have the right to "own and
control their information." Facebook had also taken some steps to
improve account deletion, to limit sublicenses, and reduce data
exchanges with application developers. EPIC supported the adoption
of the new terms.


Office of the Privacy Commissioner of Canada:
     http://www.priv.gc.ca/index_e.cfm

Report of Findings into the Complaint Filed by the CIPPIC against
Facebook, Inc. under PIPEDA:
     http://www.priv.gc.ca/cf-dc/2009/2009_008_0716_e.cfm

Personal Information Protection and Electronic Documents Act (PIPEDA):
     http://www.priv.gc.ca/cf-dc/2009/2009_008_0716_e.cfm#appendixB

Article 29 Working Party Opinion of Social Networking Sites:
     http://epic.org/privacy/socialnet/Opinion_SNS_090316_Adopted.pdf

Facebook Privacy Policy:
     http://www.facebook.com/policy.php

Facebook Statement of Rights and Responsibilities:
     http://www.facebook.com/terms.php

EPIC - Facebook Privacy:
     http://epic.org/privacy/facebook/

EPIC - Social Networking Privacy:
     http://epic.org/privacy/socialnet/



=======================================================================
[5] Global Privacy Standards in a Global World
=======================================================================

The 31st International Conference of Data Protection and Privacy
Commissioners, hosted by the Spanish Data Protection Authority, will be
held November 4-6, 2009, in Madrid, Spain. The annual event draws
Privacy Commissioners from around the world, as well as a host of
experts from academia, civil society and the private sector. The theme
of this year's conference is "Privacy: Today is Tomorrow."

The core issues at the Privacy Commissioners' conference will be the
education of minors, social networks and new technologies and its
impact in terms of data protection and privacy; data protection as a
strategic element in the scope of business and international data
transfers in a globalized world. The conference will also address
new advertising and sales techniques, together with their incidence
in the field of data protection. The security – privacy binomial is
another issue that will be discussed, for instance, the proliferation
of video-surveillance devices, and biometrics.

The Spanish Data Protection Director, Artemi Rallo Lombarte
stated "the challenge we face as the organizers of the 31st
International Conference is that of achieving the approval of a
joint proposal on "International Standards for the Protection of
Privacy and Personal Data," allowing the development of a
universal, binding legal document."

A civil society Symposium, entitled "Global Privacy Standards in a
Global World" will take place on November 3, 2009, also at Madrid.
This one-day event aims to "Review the privacy developments of the
past year and release the current edition of the Privacy and Human
Rights report;" "Promote civil society participation in decisions
concerning the protection of privacy as both a fundamental human
right and an essential facilitator for a global economy;" "Develop
global privacy standards in a global world," and "Review and
coordinate civil society involvement in privacy discussions in
regional and other global arenas such as the United Nations
Internet Governance Forum, The Asia Pacific Economic Cooperation
Forum, the Organization for Economic Co-operation and Development,
Internet Corporation for Assigned Names and Numbers, among others.

Some of the issues to be addressed at the civil society conference
will include: A country-by-country privacy overview: Are governments
getting better at protecting citizens' data or is the surveillance
society expanding?; Examples and experience sharing of privacy and
data protection rights advocacy around the world, what can be
achieved and lessons to be learned; Your Data in the Cloud: What if
it Rains?"; Newest emerging issues and their implications for
consumer digital rights: Cloud Computing, Search and Privacy and
Google Book Settlement; "Freedom of Movement: Bridges for People,
Walls for Data". A panel on "Towards Global Privacy Standards?"
will also be held. The panel will discuss the key elements necessary
to be included in a global privacy framework. For example, the right
to access to his or her personal data as a key element to empower any
citizen to exercise his or her right to control their own personal
information.

31st International Conference of Data Protection and
Privacy Commissioners:
     http://epic.org/redirect/072009_31Conf_IntlDPA.html

The Public Voice: Global Privacy Standards in a Global World:
     http://thepublicvoice.org/events/madrid09/

The Public Voice: Estandares Globales sobre Privacidad en un
Mundo Globalizado:
     http://thepublicvoice.org/events/madrid09/es.html 

Resolution on Standards On Privacy And Personal Data:
     http://epic.org/redirect/072009_PC09_PrivStandard.html

The Public Voice: Civil Society Privacy Workshop: Privacy Rights
in a World Under Surveillance
     http://thepublicvoice.org/events/montreal07

The Public Voice:
     http://thepublicvoice.org

Privacy and Human Rights Report 2006:
     http://epic.org/phr06



=======================================================================
[6] News in Brief
=======================================================================


Senate Homeland Security Committee Considers REAL ID 2.0

On July 15, 2009, the Senate Homeland Security Committee held a hearing
to reevaluate the REAL ID Act law. The hearing focused on a new bill
S. 1261, the "Providing for Additional Security in States'
Identification Act of 2009" or the "PASS ID Act." Janet Napolitano,
Secretary of Homeland Security, testified that REAL ID law "is unlikely
to be implemented by the states." Civil liberties groups have expressed
opposition to the PASS ID Act. However, the focus of the hearing was on
reinstating many of the provisions of REAL ID under a new name "PASS ID."

EPIC - PASS ID:
     http://epic.org/privacy/pass_id/

PASS ID Act:
     http://epic.org/privacy/pass_id/pass_id.pdf


Federal Court Affirms Penalties for Sale of Telephone Records

A Federal Appellate Court has ruled that a conduct by an entity may be
an unfair trade practice although it may otherwise be lawful. The case
involved a website that sold confidential telephone records. A federal
statute forbids telecommunications carriers from disclosing telephone
records absent customer consent. The Court, in upholding a lower court
opinion ordering disgorgement of profits for the sale of private
information, also held that the Federal Trade Commission had the right
to pursue the unfair trade practice even if the area of law was
strictly not administered by the FTC. The Tenth Circuit Court of
Appeals further held that the Federal Trade Commission Act "enables the
FTC to take action against unfair practices that have not yet been
contemplated by more specific laws." The Office of the Privacy
Commissioner of Canada had filed a "friend-of-the-court" brief in the
case. Previously, EPIC had filed an amicus brief in a case before the
D.C. Circuit Court urging support for opt-in safeguards for telephone
customers. The EPIC brief had stated that "[c]onsumers have a
legitimate expectation of privacy with respect to sensitive personal
information such as whom they call on a telephone." "An opt-out policy
would provide neither adequate protection for consumer data nor
sufficient notice to consumers," the brief added.


FTC v. Accusearch, Inc. - Tenth Circuit Court of Appeals:
     http://www.ca10.uscourts.gov/opinions/08/08-8003.pdf

FTC v. Accusearch, Inc., - FTC Page:
     http://www.ftc.gov/os/caselist/pretextingsweep/accusearch.shtm

FTC Seeks Halt to Sale of Consumers’ Confidential Telephone Records:
     http://www.ftc.gov/opa/2006/05/phonerecords.shtm

EPIC - NCTA v. FCC:
     http://epic.org/privacy/nctafcc/

EPIC -  CPNI (Customer Proprietary Network Information):
     http://epic.org/privacy/nctafcc/



GAO Finds Continued Federal Efforts Needed to Protect Cybersecurity

The Government Accountability Office testified before Congress that DHS
has yet to satisfy its key cybersecurity
responsibilities which include increasing efforts to protect cyber
critical infrastructure and act on key areas identified in recent GAO
reports, such as enhancing partnerships with the private sector.
The GAO testified that although DHS has taken actions to remedy
security weaknesses in its Secure Flight program, it still needed to
address remaining GAO recommendations for strengthening controls 
for systems supporting the US-VISIT program. The GAO also testified
a majority of the federal agencies continue to exhibit deficiencies
in their implementation of information security policies and
procedures. 20 of 24 major agencies has noted that their information
system controls over their financial systems and information were
either a material weakness or a significant deficiency. The GAO has
previously reported that agencies did not consistently (1) identify
and authenticate users to prevent unauthorized access; (2) enforce
the principle of least privilege to ensure that authorized access was
necessary and appropriate; (3) establish sufficient boundary
protection mechanisms; (4) apply encryption to protect sensitive data
on networks and portable devices; and (5) log, audit, and monitor
security-relevant events. Furthermore, those agencies also had
weaknesses in their agency-wide information security programs. EPIC
has a longstanding interest in computer and network security policy
and its potential impact on civil liberties.

GAO Testimony on Cybersecurity:
     http://www.gao.gov/new.items/d09835t.pdf

DHS/TSA Secure Flight:
     http://www.tsa.gov/secureflight/

DHS US-VISIT:
     http://www.dhs.gov/us-visit

EPIC - Secure Flight:
     http://epic.org/privacy/airtravel/secureflight.html

EPIC - US-VISIT:
     http://epic.org/privacy/us-visit/



DHS Issues Notice Requiring More Personal Information, Seeks Comments

The Department of Homeland Security issued a notice proposing to
update, rename, and reissue the record system. The notice expands the
categories of records to include maiden name, mother's maiden name,
date of birth, clearance level, identifying physical information,
financial history, entry on duty date, and weapons bearer designation.
The additions are supposed to ensure compatibility with DHS's Personal
Identity Verification Management Record System. The new system,
according to DHS, will support the administration of the Homeland
Security Presidential Directive 12 which directs the use of a common
identification credential for both logical and physical access to
federally controlled facilities and information systems. The notice
also states that the information in the system may be shared with other
DHS components and appropriate Federal, state, local, tribal, foreign
or international government agencies on a "need to know" basis.
Comments are due on or before July 27, 2009.


DHS Federal Register Notice [DHS-2008-0167]:
     http://edocket.access.gpo.gov/2009/E9-14905.htm

Federal e-Rulemaking Portal:
     http://www.regulations.gov

EPIC - Privacy and Control of Personal Data:
     http://epic.org/privacy/consumer/action.html



EC Seeks Comments on EU Data Protection Framework

The European Commission is seeking public comments on an effective
and comprehensive legal framework that protects individual's
personal data within the European Union. The Commission is seeking
comments from  citizens, organizations and public authorities. The
questionnaire specifically asks about on the new challenges for
personal data protection; whether the current legal framework
meets those challenges; and what future action would be needed to
address the identified challenges. Comments are due by December 31,
2009.

Consulting the public - European Commission:
     http://epic.org/redirect/072009_EC_PubComm_Framewrk.html

European Commission - Freedom, Security, Justice:
     http://ec.europa.eu/justice_home/fsj/privacy/index_en.htm

EPIC - Council of Europe Privacy Convention:
     http://epic.org/privacy/intl/coeconvention/



EU Data Protection Supervisor Issues Draft Guidance on Video Privacy

The European Data Protection Supervisor has created a consultation
draft of the EDPS Video-surveillance Guidelines for review and
comments. The purpose of the guidelines are to (i) contribute to the
prevention of uncontrolled proliferation of video-surveillance in
cases where not required; and (ii) assist the Community institutions
in using video-surveillance responsibly and with effective safeguards
in place where such surveillance is justified. The guidelines recommend
that before implementing the technology, the purpose for using video
surveillance be clearly established; address whether the technology is
efficient and proportionate to the purpose; look for alternative
solutions; and work together with Data Protection Officers to decide on
camera locations, method of operations, and what safeguards are
required to protect privacy and other legitimate interests or
fundamental rights of the individuals captured on the cameras. The
deadline for the written comments is September 15, 2009 and a workshop
would be conducted on September 30, 2009 in Brussels. The guidelines
would be formally issued subsequently.

Draft Video-Surveillance Guidelines:
     http://epic.org/redirect/072009_EDPS_VideoSurv_Guide.html

European Data Protection Supervisor:
     http://www.edps.europa.eu/EDPSWEB/edps/pid/1?lang=en

EPIC - Video Surveillance:
     http://epic.org/privacy/surveillance/

EPIC - Observing Surveillance:
     http://www.observingsurveillance.org/


=======================================================================
[7] EPIC Bookstore: "Global Employee Privacy and Data Security Law"
=======================================================================

"Global Employee Privacy and Data Security Law"
Edited by Miriam H. Wugmeister & Christine E. Lyon

     http://www.amazon.com/gp/product/157018805X?tag=e03a6-20

As the offices of the world become increasingly interconnected and
the flow of information from one place to another happens almost
naturally, workplace privacy and data protection laws are sometimes all
that stands between the proliferation of employee personal information
from the workplace to the world.

This book is aimed at employers who need to understand the legal
landscape of workplace privacy and data security issues. The authors
guide the employers begin asking the questions necessary to make key
decisions. Privacy laws vary from state to state and from country to
country. In this publication, the authors describe the contours of the
protections arising from the varied social, cultural and legal regimes
that influenced the evolution of privacy laws and how they impact
today's offices.

Edited by two partners of the Morrison and Foerster, the topics delve
into multiple arenas of workplace privacy such as background checks and
investigations; data communications monitoring and physical
surveillance; non work related conduct; health information; use and
disclosure of personnel records; security breach notifications; and the
maintenance of the security of employee data.

This compendium of workplace privacy laws provides a unique and
invaluable aid to every employer to comprehend what information is
really personal, in what context, and how it should be protected. This
handbook is strongly recommended as a "must-have" to be on the
shelves of every organization that not only wants to know of the
affected privacy rights, but also desires to create an employer
workplace privacy policy.


-- Anirban Sen


================================
EPIC Publications:

"Litigation Under the Federal Open Government Laws 2008," edited by
Harry A. Hammitt, Marc Rotenberg, John A. Verdi, and Mark S. Zaid
(EPIC 2008). Price: $60.

http://epic.org/bookstore/foia2008/
	
Litigation Under the Federal Open Government Laws is the most
comprehensive, authoritative discussion of the federal open access
laws. This updated version includes new material regarding the
substantial FOIA amendments enacted on December 31, 2007. Many of the
recent amendments are effective as of December 31, 2008. The standard
reference work includes in-depth analysis of litigation under Freedom
of Information Act, Privacy Act, Federal Advisory Committee Act,
Government in the Sunshine Act. The fully updated 2008 volume is the
24th edition of the manual that lawyers, journalists and researchers
have relied on for more than 25 years. 

================================

"Information Privacy Law: Cases and Materials, Second Edition" Daniel
J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98.

http://www.epic.org/redirect/aspen_ipl_casebook.html

This clear, comprehensive introduction to the field of information
privacy law allows instructors to enliven their teaching of fundamental
concepts by addressing both enduring and emerging controversies. The
Second Edition addresses numerous rapidly developing areas of privacy
law, including: identity theft, government data mining and electronic
surveillance law, the Foreign Intelligence Surveillance Act,
intelligence sharing, RFID tags, GPS, spyware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive foundation
for an exciting course in this rapidly evolving area of law.

================================

"Privacy & Human Rights 2006: An International Survey of Privacy Laws
and Developments" (EPIC 2007). Price: $75.
http://www.epic.org/phr06/

This annual report by EPIC and Privacy International provides an
overview of key privacy topics and reviews the state of privacy in over
75 countries around the world. The report outlines legal protections,
new challenges, and important issues and events relating to privacy.
Privacy & Human Rights 2006 is the most comprehensive report on privacy
and data protection ever published.

================================

"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.

http://www.epic.org/bookstore/pvsourcebook

This resource promotes a dialogue on the issues, the outcomes, and the
process of the World Summit on the Information Society (WSIS). This
reference guide provides the official UN documents, regional and
issue-oriented perspectives, and recommendations and proposals for
future action, as well as a useful list of resources and contacts for
individuals and organizations that wish to become more involved in the
WSIS process.

================================

"The Privacy Law Sourcebook 2004: United States Law, International Law,
and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price:
$40.

http://www.epic.org/bookstore/pls2004/

The Privacy Law Sourcebook, which has been called the "Physician's Desk
Reference" of the privacy world, is the leading resource for students,
attorneys, researchers, and journalists interested in pursuing privacy
law in the United States and around the world. It includes the full
texts of major privacy laws and directives such as the Fair Credit
Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as
well as an up-to-date section on recent developments. New materials
include the APEC Privacy Framework, the Video Voyeurism Prevention Act,
and the CAN-SPAM Act.

================================

"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.

http://www.epic.org/bookstore/filters2.0

A collection of essays, studies, and critiques of Internet content
filtering. These papers are instrumental in explaining why filtering
threatens free expression.

================================

EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:

EPIC Bookstore
http://www.epic.org/bookstore


================================

EPIC also publishes EPIC FOIA Notes, which provides brief summaries of
interesting documents obtained from government agencies under the
Freedom of Information Act.

Subscribe to EPIC FOIA Notes at:
https:/mailman.epic.org/mailman/listinfo/foia_notes


=======================================================================
[8] Upcoming Conferences and Events
=======================================================================

"Online Child Safety, Privacy, and Free Speech: An Overview of
Challenges in Congress & the States", The Progress Freedom Foundation,
July 27, 2009, 12:00 p.m. to 1:30 p.m., Room SVC-208, Capitol Visitor
Center, 1st Street and East Capitol Street, NE (entrance across from
Supreme Court) For more information, http://tinyurl.com/kmgmgh

Engaging Data: First International Forum on the Application and
Management of Personal Electronic Information hosted by
SENSEable City Lab, Massachusetts Institute of Technology. October
12-13, 2009. Submission Deadline (extended) - July 27, 2009, 11:59 p.m.
PDT (Los Angeles). For more information,
http://senseable.mit.edu/engagingdata

Pan-European Dialogue on Internet Governance (EuroDIG), 
Geneva, Switzerland, September 14-15, 2009. For more information,
http://www.eurodig.org/

ASAP FOIA/Privacy Act Workshop, Chicago, Illinois, September 21-23,
2009. Registration: July 7, 2009 - September 11, 2009. For more
information, http://www.accesspro.org/

2nd International Action Day "Freedom not Fear - Stop the
Surveillance Mania," September 12, 2009, Worldwide Demonstrations,
Events, Privacy Parties etc. in many countries. For more information,
http://wiki.vorratsdatenspeicherung.de/Freedom_Not_Fear_2009

3rd European Privacy Open Space,
October 24-25, 2009, Vienna, Austria.
For more information, http://www.privacyos.eu

Global Privacy Standards in a Global World, The Public Voice,
Madrid, Spain, November 3, 2009. For more information,
http://thepublicvoice.org/events/madrid09/

31st International Conference of Data Protection and Privacy
Commissioners, Madrid, Spain, November 4-6, 2009. For more information,
http://epic.org/redirect/072009_31Conf_IntlDPA.html

UN Internet Governance Forum,
November 15-18, 2009, Sharm El Sheikh, Egypt.
For more information, http://www.intgovforum.org/


=======================================================================
Join EPIC on Facebook
=======================================================================

Join the Electronic Privacy Information Center on Facebook
http://epic.org/facebook

Start a discussion on privacy. Let us know your thoughts.
Stay up to date with EPIC's events.
Support EPIC.


=======================================================================
Privacy Policy
=======================================================================

The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities. We do not sell, rent or share our
mailing list. We also intend to challenge any subpoena or other legal
process seeking access to our mailing list. We do not enhance (link to
other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail address
from this list, please follow the above instructions under "subscription
information."


=======================================================================
About EPIC
=======================================================================

The Electronic Privacy Information Center is a public interest research
center in Washington, DC. It was established in 1994 to focus public
attention on emerging privacy issues such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale of personal information. EPIC publishes the
EPIC Alert, pursues Freedom of Information Act litigation, and conducts
policy research. For more information, see http://www.epic.org or write
EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202
483 1140 (tel), +1 202 483 1248 (fax).

=======================================================================
Donate to EPIC
=======================================================================

If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible. Checks
should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW,
Suite 200, Washington, DC 20009. Or you can contribute online at:

http://www.epic.org/donate

Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government regulation of encryption and
expanding wiretapping powers.

Thank you for your support.


=======================================================================
Subscription Information
=======================================================================

Subscribe/unsubscribe via web interface:
http://mailman.epic.org/mailman/listinfo/epic_news

Back issues are available at:
http://www.epic.org/alert


The EPIC Alert displays best in a fixed-width font, such as Courier.


------------------------- END EPIC Alert 16.14 ------------------------

.