It did not look good for the European Commission last week. It announced the result of a long, protracted negotiation over the amount of information handed over about Europeans when they fly into the US.

The Commission lost serious ground to the US except in one area. On further examining, though, the one apparent negotiating victory disappeared in a cloud of clerical pedantry.

Passenger name records (PNR) are the 34 pieces of information which must be sent to US authorities by airlines on any passenger travelling to the US from Europe. Put in place after the terrorist attacks of 11 September 2001, the PNR transfer scheme has long been opposed by privacy activists in Europe.

US security agencies - no slouches, one imagines, when it comes to deal brokering - seemed to have won some pretty major concessions on a new deal to replace one which ran out at the end of July.

US authorities could keep data for longer and they could transfer it to other agencies; even the fact that there was a deal at all on passenger name records (PNR) was seen by the European Parliament and privacy officials as a defeat.

Yet there was one glimmer of light: in the press statement released by several EU bodies and the US, Europe seemed to have won one concession.

"The number of data collected will be of 19, instead of 34 as foreseen by the interim Agreement," said a joint statement from the US and the European Commission, the Council of the European Union and the Presidency of the Council.

So they reduced the amount of information sent to the US, right? That is, surely, the only inference to be drawn from such a statement, isn't it?

Turns out the reader should not be so innocent, or so trusting. What the EU agencies agreed to was that almost all of the data collected in the old agreement would be collected in the new one. The only difference is that they will be collected in 19, not 34, fields.

They argue it makes more sense that way: fine. They say that it puts more order into the system: OK.

It is hard, though, to shake the impression that the EU bodies tried to put a gloss on a bad news day by shuffling some columns around and hoping that nobody looked too closely. Thankfully, it didn't work.

The government said this week that it will consult this autumn on an exemption from copyright law for people who are moving music on to MP3 players

That makes lots of sense: everyone copies music in this way and, provided the music isn't also BitTorrented, the music industry turns a blind eye. A simple tweak to copyright laws should do the trick, right?

If only it were that simple. Trouble is, our laws on this are set by Europe. The Copyright Directive said you can let people copy music to iPods provided you also give fair compensation to copyright holders.

The UK's solution to date has been simple: ban private copying. In other countries that do allow private copying, like France and Germany, there's a levy on blank media. The report from the Parliamentary Select Committee on culture, media and sport scoffs that approach. A tax on blank CDs is a blunt instrument, it says.

So what is proposed instead? No idea. This report doesn't say. Perhaps it hopes that nobody will ask that question. But the music industry surely will.

Andrew Gowers, who reviewed our IP laws last year, was the one who recommended legislative reform to allow private copying. He was brave enough to suggest how it could work: if the music industry thinks it will lose money it can reflect that in the price of recorded music. So we'll add a quid to CDs, perhaps. That won't be popular; but far less popular would be his idea for legalising the music that's already on our iPods and computers. He proposed a licence for the right to keep playing our back catalogues. Will consumers accept, say, the price of an iPhone for the right to legalise their back catalogues? Not a chance.

So it seems that one of Google's fig leaves has been stripped away by European officials, forcing the company one more step along the road through its very public adolescence.

Google used to keep information about user searches, including possibly identifying information about the searcher, indefinitely. Recently Google announced it would anonymise the data after two years.  When justifying keeping identifying information about users' internet searches, Google has relied on the fact that a new EU Directive forced the firm to keep logs for up to 24 months.

European data protection types have been attacking Google for its policies, saying that it has no reason to keep logs for that long. Then this week they announced that the Data Retention Directive does not even apply to search query data.

"The Data Retention Directive applies only to providers of publicly available electronic communications services or of public communication networks and not to search engine systems," said a European data protection official told news site Out-law.com.

"Accordingly, Google is not subject to this Directive as far as it concerns the search engine part of its applications and has no obligations thereof."

It might seem an esoteric clash over barely-relevant minutiae, but in fact it is a vital power clash between Google - which wants one retention rule across the world - and Europe, which is still trying to flex its regulatory muscle in a years-old case with Microsoft, and must also assert its power over Google. Google is still learning what it means to be the big guy. What it means, most of all, is that you are under scrutiny like nobody else. If an authority wants to prove itself it is you they go after.

Google was founded around its 'do no evil' mantra. Yet this slogan has nothing to offer the company in the many situations where the choice is not between good and evil, but between two difficult options, each of which has negative consequences.

If it anonymises data straight away, it says that it can't fight fraud as effectively. If it keeps data forever, it breaks European privacy laws. Which is the 'evil' option there? This is the real world, not a controllable algorithm, and Google is having to learn its lessons about moral and ethical complexities not only in the public eye, but with the luggage of its mantra to weigh it down.

You have to have some sympathy with Google. In a letter to data protection officials the company's top privacy lawyer complained that other search engines still kept data indefinitely, yet Google has voluntarily opted to anonymise it after a period and it is the one that is getting into trouble.  Victim to its own early moralising, Google is only now learning that those attentions are the wages of being at the top.

Like a trigger-happy tourist, Google has shot almost every street in five US cities and added its pictures to what might be the world's biggest holiday album. But if Google ever starts shooting the streets of Europe, courts here could fight back.

Google Maps Street View is the latest service from the search giant. Vehicles with multi-lens cameras travelled the streets of San Francisco, New York, Las Vegas, Denver and Miami and snapped everything in their paths. The images were uploaded to Google Maps and now, when you're looking at a location in Google Maps that has been photographed, you can see the pictures. If you live in a featured city and you've been passed by a Google van or a car from its partner, Immersive Media, the cameras probably saw you too.

Privacy fears were first raised by New Yorker Mary Kalin-Casey. She told the Boing Boing blog that, when trying out Street View, she recognised her cat, Monty, through the window of her own home. She said that the experience made her shake (though she'd have more cause for alarm if the camera captured her Georgian silverware).

If you are caught on camera and complain to Google, Google will remove the pics. But that may not be enough for Europe's courts.

Our data protection regime lets us take holiday snaps, even of strangers, provided we're doing so for private purposes. But if we're taking snaps for commercial use, where individuals are identifiable, there is no such exemption. We need to notify the subjects, and that's hard for Google to do. Even a loudspeaker on top of the camera cars ("Hi, it's Google here, say 'cheese' everybody!") might not suffice.

The law sets extra requirements for so-called sensitive personal data: it demands explicit consent, not just notification. That means when taking pictures of someone leaving a church or sexual health clinic - which could reveal a religious belief or an illness - camera cars might need to pull over and start picking up signatures.

It's not just those who are identifiable and caught in the act that can give Google a tough time. We Europeans could ask Google to ensure that no picture of us appears in Google Maps in the first place.
The nature of this rule varies across Europe, but in the UK we have a right to prevent the display of an image that would cause substantial distress. All we have to do is send an email to Google asking that it does not display a picture of us: "Dear Google, I think your camera caught me in Hyde Park this lunch time canoodling with my wife's best friend. Please make sure I can't be seen in Google Maps because this may cause me substantial distress. I've attached a picture of what I look like." If Google refuses or ignores you, you can go to the Information Commissioner and ask him to enforce the right. If there's damage and distress, you can sue.

Street View on the streets of London? The risks are clear, but few would bet against Google giving it a shot.

It seems that the only people who read blogs are hackers. How else to explain the dire warnings that a third of bloggers risk the sack because they have posted sensitive or revealing work information on their blogs?

Of course as we all know, personal blogs are as widely read as the nutritional information on a deep fried Mars bar, and if I discovered a fourth secret of Fatima and wanted it hidden from human view forever, an 'all about me' blog filled with posts about my cat's hurt paw and how annoying unsolicited marketing calls are would be the perfect place.

The vast lonely tundra of the blogosphere is untouched by the hordes of readers that bloggers crave, but the information is nonetheless out there, and it seems that hackers, and employers, are taking it seriously.

HR firm Croner commissioned a survey which found that 39 per cent of the bloggers asked had at one time posted sensitive or damaging information about their work or a colleague.

Now the sensible thing for companies to do is to have a clear policy on such matters. How much trouble a company can get you into is unclear. A couple of high-profile cases have been lost by companies seeking to punish workers for blog content written in their own time.

There is no reason in principle, though, why a company shouldn't be able to take action against an employee even for behaviour outside of working hours and premises.

The sensible thing for workers to do is to have a think for just one second about what they are saying and how idiotic it is to spill the beans online. Just because it's only you and your mum reading the blog, anyone trawling for dirt could easily come across the information and you are utterly traceable, and could end up being utterly sackable for it.

Paris Hilton might have an ally in Prince Charles. The celebrity heiress is in court in Los Angeles fighting over a collection of personal items that she left in a storage facility. These are alleged to include steamy videos starring the 25-year-old as well as her passport, diaries, medical records and other items. It seems that a bill went unpaid and the storage company sold her belongings. The new owner launched a web site that offered voyeurs the chance to see the lot - for a monthly fee of $39.97.

What's interesting (aside from Paris's failure to learn from past mistakes with video cameras) is her argument for getting the web site off-line: fear of identity theft, according to press reports. A preliminary injunction has been granted but it is being challenged and a possible result is that the passport is banned but the videos go back online, unless someone steps forward to claim copyright in the footage.

If Paris sued in a UK court (the US web site may have British customers, which may establish jurisdiction), Prince Charles could be her knight in shining armour. He succeeded late last year in keeping his private notes out of the newspapers, citing a breach of confidence. It was an important case and the same argument that was used by Catherine Zeta Jones and Michael Douglas in their wedding photo dispute. There is no general privacy right in either the UK or the US but breach of confidentiality is fast becoming established over here as the next best thing.

Three men were jailed recently for plotting to rape two young sisters. The BBC reported that it was the first time that internet chat logs had been used to prove a charge of conspiracy to rape a child. Detective Constable Dave Adams told the BBC: "This case should act as a really stark warning that the internet is not a hiding place to plan and participate in criminal acts." He's right: a pub would better suit their ends because the conversation is unlikely to be recorded.

The intentions of David Beavan, Alan Hedgcock and Robert Myers only came to light because Beavan changed his mind and ratted on the other two. Had Beavan not walked into Bournemouth police station, a terrible crime may have followed. DC Adams's comments implied that the internet played some part in the detection and prevention of a terrible act. It didn't. It just made it easy to prove the intent of Beaven and the two men he named.

Meanwhile, Home Secretary John Reid said he may make paedophiles list their online identities on the Sex Offenders Register as part of his effort to "protect our children". Unlike moving house, a username or email address can be changed in about two minutes, so, again, it's difficult to see how this can make a real difference to detection and prevention of a crime.

Reid proposed that mechanisms would flag up anyone using a blacklisted identity on popular web sites used by kids. His plans risk giving misplaced comfort to parents who worry about their own children's use of the internet. There are established mechanisms for keeping kids out of web sites that prohibit under-18s, like credit card checks. These mechanisms are not infallible but it is far more difficult to keep adults out of sites for kids. That's a more important message for Reid to convey to parents.