International Privacy Laws Ashley Michele Green Sensitive Information in a Wired World October 30, 2003.

Slides:



Advertisements
Similar presentations
TECHNO-TONOMY Privacy & Autonomy in a Networked World Learning Module 2: Legislating Privacy: Your Rights.
Advertisements

EU Privacy Directive. What is a directive? A piece of European legislation, passed by bureaucrats, addressed to member states Member states must ensure.
Renewed EU strategy for corporate social responsibility CSR by Ms Evelyne Pichenot, EESC member 10 April 2012 – Hong Kong.
1 Enforcement Powers of National Data Protection Authorities and Experience gained of the Data Protection Directive Safe Harbour Conference Washington.
Data Protection Billy Hawkes Data Protection Commissioner Irish Human Rights Commission 20 November 2010.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
Could mandatory Privacy Impact Assessment be a solution to enhance Personal Privacy and Data Protection? Chester Soong.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
Data Protection & Privacy in Singapore
1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,
CSE2500 Systems Security and Privacy Week 11 Privacy Law in Australia (after 2000)
Data Protection and Records Management
Managing Personal Information - Australian Companies Outsourcing to India and the Philippines Professor Margaret Jackson and Marita Shelly.
Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.
The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.
What if my organization conducts business across borders ? Your footnote Privacy and “Personal Information” have different meanings in different countries;
A European View of Privacy Protection John Woulds Director of Operations UK Data Protection Commissioner National Conference on Privacy, Technology & Criminal.
Towards a Freedom of Information Law in Qatar Fahad bin Mohammed Al Attiya Executive Chairman, Qatar National Food Security Programme.
Per Anders Eriksson
Transborder dataflows Flow of information across national borders Much of this data involves personal information.
Anomalous Aspects of Transfer of Personal Data from the E.U. to the U.S. Stephen R. Bell Willkie Farr & Gallagher ABA Section of International Law New.
Class 13 Internet Privacy Law European Privacy.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview
Protecting information rights –­ advancing information policy Privacy law reform for APP entities (organisations)
Using the UN Convention against Corruption as a Basis for Good Governance.
The Sixth Annual African Consumer Protection Dialogue Conference
“Export Credit Agencies and Human Rights”
Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.
1 Freedom of Information (Scotland) Act 2002 A strategic view.
M. ANGELA JIMENEZ 1 UNIT 5. REGULATION OF EXTERNAL AUDIT IFAC AND E.C.
1 SAFE HARBOR FRAMEWORK Barbara S. Wellbery Morrison & Foerster LLP 2000 Pennsylvania Avenue Washington, DC /
25-1 Chapter 1 Legal Heritage and the Digital Age.
The European influence on privacy law and practice Nigel Waters, Pacific Privacy Consulting International Dimension of E-commerce and Cyberspace Regulation.
A Perspective: Data Flow Governance in Asia Pacific & APEC Framework Martin Abrams October 21, 2008.
Moving Forward With the African Dialogue Cross-Border Principles By Mary Gurure Manager, Legal Services and Compliance COMESA Competition Commission Lilongwe,
1 Information Sharing Environment (ISE) Privacy Guidelines Jane Horvath Chief Privacy and Civil Liberties Officer.
Data Protection Act AS Module Heathcote Ch. 12.
IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.
Environmental Management System Definitions
The Data Protection Act What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;
Robert Guerra Director, CryptoRights Foundation Implementing Privacy Implementing Privacy: Rules of the Game for Developers Mac-Crypto Conference on Macintosh.
BC Public Libraries November, 2008 Privacy Principles.
ANTI-MONEY LAUNDERING COMPLIANCE PROGRAM FCM TRAINING
PROTECTION OF PERSONAL DATA. OECD GUIDELINES: BASIC PRINCIPLES OF NATIONAL APPLICATION Collection Limitation Principle There should be limits to the collection.
A project implemented by the HTSPE consortium This project is funded by the European Union SECURITY AND CITIZENSHIP RIGHT AND CITIZENSHIP
Privacy: An International Perspective Marty Abrams August 18, 2008.
Data protection and compliance in context 19 November 2007 Stewart Room Partner.
1 Copyright © International Security, Trust & Privacy Alliance -All Rights Reserved Making Privacy Operational International Security, Trust.
Human Rights Act, Privacy in the context of auditing Phil Huggins Chief Technologist, IRM PLC
Access to Information: Bolivia Main Headline Goes Here Special Meeting of the Juridical and Political Affairs OAS December 13, 2010 Laura Neuman Access.
APEC Privacy Framework “The lack of consumer trust and confidence in the privacy and security of online transactions and information networks is one element.
GCSE ICT Data and you: The Data Protection Act. Loyalty cards Many companies use loyalty cards to encourage consumers to use their shops and services.
© University of Reading Lee Shailer 06 June 2016 Data Protection the basics.
Introduction to the Australian Privacy Principles & the OAIC’s regulatory approach Privacy Awareness Week 2016.
Presented by Ms. Teki Akuetteh LLM (IT and Telecom Law) 16/07/2013Data Protection Act, 2012: A call for Action1.
Protection of Personal Information Act An Analysis on the impact.
-1- WORKSHOP ON DATA PROTECTION AND DATA TRANSFERS TO THIRD COUNTRIES Technical and organizational security measures Skopje, 16 May - 17 May 2011 María.
Data Protection Laws in the European Union John Armstrong CMS Cameron McKenna.
Framework of engagement : big data for official use Roy D. Ibay AVP Regulatory PLDT – Smart.
THE NEW GENERAL DATA PROTECTION REGULATION: A EUROPEAN OR A GLOBAL STANDARD? Bart van der Sloot Senior Researcher Tilburg Institute for Law, Technology,
Data Protection: EU & International
APP entities (organisations)
Information Governance and Data Privacy: A World of Risk
Data Protection Legislation
Protection of Personal Information Bill: An International Perspective
UNIT 24: . THE LEGAL FOUNDATIONS OF THE EUROPEAN UNION
SRO APPROACH TO REGULATION
Outline Background: development of the Commission’s position
Presentation transcript:

International Privacy Laws Ashley Michele Green Sensitive Information in a Wired World October 30, 2003

Presentation Outline World Views on Privacy International Privacy Laws: Comprehensive and Sectoral Conflict A Common Approach: PIAs Observations Suggestions Conclusion

World Views on Privacy General belief: privacy is a fundamental human right that has become one of the most important rights of the modern age

World Views on Privacy Privacy protected by various world-wide organizations: 1. Universal Declaration of Human Rights 2. International Covenant on Civil and Political Rights

World Views on Privacy Privacy also recognized and protected by individual countries At a minimum each country has a provision for rights of inviolability of the home and secrecy of communications. Definitions of privacy vary according to context and environment.

World Views on Privacy United States: Privacy is the right to be left alone - Justice Louis Brandeis UK: the right of an individual to be protected against intrusion into his personal life or affairs by direct physical means or by publication of information Australia: Privacy is a basic human right and the reasonable expectation of every person

World Views on Privacy Reasons for defining and protecting privacy: 1. Remedy past injustices (Central Europe, South America, South Africa) 2. Promote electronic commerce (Asia) 3. Ensure laws are consistent with Pan-European laws (central and eastern Europe are adopting news laws with the hope of joining the European Union)

Presentation Outline World Views on Privacy International Privacy Laws: Comprehensive and Sectoral Conflict A Common Approach: PIAs Observations Suggestions Conclusion

International Privacy Laws Two types of privacy laws have been established by various countries to protect privacy: Comprehensive and Sectoral

International Privacy Laws (Comprehensive Laws) Definition: general laws that govern the collection, use and dissemination of personal information by public and private sectors. Examples: European Union, Australia, Canada and the UK.

International Privacy Laws (Comprehensive Laws) Often comprehensive laws require commissioners or some independent enforcement body The government must consult the body when drawing up new privacy legislation Difficulty: lack of resources to conduct oversight and enforcement; agencies under control of government

International Privacy Laws (Comprehensive Laws) Examples: 1. European Union requires all member countries to have an independent enforcement body 2. UK has an official to enforce the jurisdiction of the Freedom of Information Act (discussed later)

International Privacy Laws (Sectoral Laws) Idea is to avoid general laws and, instead, focus on specific sectors Advantage: enforcement is achieved through a range of mechanisms Disadvantage: new legislation has to be introduced with each new technology. Used by the United States

Comprehensive Laws European Union European Union Council adopted the new Privacy Electronic Communications Directive Prohibits secondary uses of data without informed consent No transfer of data to non EU countries unless there is adequate privacy protection

Comprehensive Laws Canada Canadian Personal Information Protection and Electronic Documents Act Provides protection for certain personal data transferred from the European Union to Canada.

Comprehensive Laws United Kingdom 1. No written constitution, but in 1998 approved the Human Rights Act which incorporates the European Convention on Human Rights into domestic law. 2. Data Protection Act of 1998

Comprehensive Laws United Kingdom Data Protection Act covers records held by government agencies and private entities Individual has right: a. Of access to personal information b. To prevent processing for direct market purposes c. To prevent processing likely to cause damage or distress d. To compensation e. To rectification, blocking, erasing or destroying data

Comprehensive Laws United Kingdom Data controller must inform individual if their information is being processed Requires the establishment of an independent commissioner to enforce the act. All entities that maintain records must register with the Data Protection Commissioner.

Comprehensive Laws United Kingdom 3. In addition to the Data Protection Act, the UK has also adopted the OECD guidelines on the Protection of Privacy and Transborder Flows of Personal Data.

Sectoral Laws United States No explicit right to privacy in the constitution Limited constitutional right to privacy implied in number of provisions in the Bill of Rights United States did not adopt a comprehensive privacy law, instead have a patchwork of federal laws that cover specific categories of personal information ie. financial reports, credit reports, video rentals, etc.

Sectoral Laws United States Employs specific laws, but no legal protections for individuals privacy on the internet are in place White House and private sector believe that self- regulation is enough and that no new laws are needed (exception: medical records) Leads to conflicts with other countries privacy policies

Sectoral Laws United States Example: Privacy Act of Criminalizes the misuse, purchase, sale or disclosure of an individuals social security number without individuals permission

Sectoral Laws United States (Privacy Act of 2003 continued) 2. Attempts to preempt identity theft and other types of theft by prohibiting the display and usage of social security numbers and their derivatives on federal documents also, by putting the responsibility on the commercial entities

Sectoral Laws United States (Privacy Act of 2003 continued) 3. Provides legal recourse for FTC on behalf of individuals for misuse, trafficking of personal identifiable information in between commercial entities and nonaffiliated third parties.

Presentation Outline World Views on Privacy International Privacy Laws: Comprehensive and Sectoral Conflict A Common Approach: PIAs Observations Suggestions Conclusion

Conflict European Union v. The United States 1998: US lobbied the European Union and its member countries to convince them that the US system is adequate Result was the negotiation of the Safe Harbor Agreement: US companies would voluntarily self-certify to adhere to a set of privacy principles worked out by US Department of Commerce and Internal Market Directorate of the European Commission

Conflict European Union v. The United States Negotiations lasted 2 years and despite doubts the agreement was passed by the Commission on July 26, 2000 The agreement (criticized by both US and Europe privacy advocates and consumer groups) rests on a self-regulatory system in which companies merely promise not to violate their declared privacy practices Little enforcement: agreement being re-evaluated this year

Conflict European Union v. The United States Main issue: European commission has doubts to the sectoral/self-regulatory approach to privacy protection the US has adopted.

Presentation Outline World Views on Privacy International Privacy Laws: Comprehensive and Sectoral Conflict A Common Approach: PIAs Observations Suggestions Conclusion

A Common Approach Privacy Impact Assessments An evaluation conducted to assess how the adoption of new information policies, the procurement of new computer systems, or the initiation of new data collection programs will affect individual privacy. The premise being that considering privacy issues at the early stages of a project cycle will reduce potential adverse impacts on privacy after it has been implemented.

A Common Approach Privacy Impact Assessments Requirements: 1. PIA process should be independent 2. PIA performed by an independent entity (office and/or commissioner) not linked to the project under review. 3. Participating countries: European Union, Canada, US, etc.

A Common Approach PIA – European Union All European Union members have implemented PIAs Under the European Union Data Protection Directive, all EU member must have an independent privacy enforcement body

A Common Approach PIA – Canada Canada: first government to make PIAs mandatory PIA ensure that organizations/federal departments are held accountable for their information handling practices Commissioner functions independently from other parts of the government when investigating. To ensure this independence commissioner serves as an officer of the Parliament and reports directly to Canadas House of Commons and it Senate.

A Common Approach PIA – United States PIAs soon to come to the United States In the mean time, the US passed the E- Government Act of 2002 which requires federal agencies to conduct privacy impact assessments before developing or procuring information technology

Presentation Outline World Views on Privacy International Privacy Laws: Comprehensive and Sectoral Conflict A Common Approach: PIAs Observations Suggestions Conclusion

Observations Observation 1: At present too many mechanisms seem to operate on a national or regional, rather than global level (OECD) Observation 2: Use of self-regulatory mechanisms for the protection of online online seems somewhat haphazard and is concentrated in a few member countries

Observations Observation 3: technological solutions to protect privacy are implemented to a limited extent only Observation 4: not enough being done to encourage the implementation of technical solutions for privacy compliance and enforcement (only a few member countries reported this as an area with much activity)

Presentation Outline World Views on Privacy International Privacy Laws: Comprehensive and Sectoral Conflict A Common Approach: PIAs Observations Suggestions Conclusion

Suggestions Suggestion 1: More member countries should encourage appointment of company privacy officers to oversee data processing (often it is implemented by companies on a purely voluntary or self-regulatory basis)

Suggestions Suggestion 2: countries should focus on areas where individual users suffer the most harm as a consequence of misuse of their personal data. Suggestion 3: Key for coming years will be to make traditional means of regulatory enforcement even more efficient

Presentation Outline World Views on Privacy International Privacy Laws: Comprehensive and Sectoral Conflict A Common Approach: PIAs Observations Suggestions Conclusion

Conclusions Still work to be done to ensure the security of personal information for all individuals in all countries. Critical that privacy protection be viewed in a global perspective, rather than in a purely national one, to better handle privacy violations that cross national borders.