IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.

Slides:



Advertisements
Similar presentations
EU Privacy Directive. What is a directive? A piece of European legislation, passed by bureaucrats, addressed to member states Member states must ensure.
Advertisements

Public Sector Information & Data Protection: A plea for personal privacy settings for the re-use of PSI Bart van der Sloot Institute for Information Law.
PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR
NATIONAL INFORMATION GOVERNANCE BOARD
The data retention directive: data protection aspects Frank Robben General manager Crossroads Bank for Social Security Sint-Pieterssteenweg 375 B-1040.
Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
US Constitution and Right to Privacy Generally only protects against government action Doesn’t obligate government to do something, but rather to refrain.
The Data Protection (Jersey) Law 2005.
Data Protection.
CSE2500 Systems Security and Privacy Week 11 Privacy Law in Australia (after 2000)
Data Protection and Records Management
The European Union legal framework for clinical data access: The European Union legal framework for clinical data access: potential challenges and opportunities.
EU: Bilateral Agreements of Member States
EU: Bilateral Agreements of Member States. Formerly concluded international agreements of Member States with third countries Article 351 TFEU The rights.
Lecture to Carleton University, Center for European Studies, December 1, 2010.
What if my organization conducts business across borders ? Your footnote Privacy and “Personal Information” have different meanings in different countries;
A European View of Privacy Protection John Woulds Director of Operations UK Data Protection Commissioner National Conference on Privacy, Technology & Criminal.
Per Anders Eriksson
Transborder dataflows Flow of information across national borders Much of this data involves personal information.
Anomalous Aspects of Transfer of Personal Data from the E.U. to the U.S. Stephen R. Bell Willkie Farr & Gallagher ABA Section of International Law New.
Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Attorney at the Bars of Paris and Brussels Database exploitation & Data protection Thibault Verbiest Amsterdam 1 April 2005
Data Protection & Human Rights. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Data Protection Overview
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
1 When hate speech tangles privacy... When hate speech tangles privacy...
EHRs and the European Union – current legislation and future directions. Dr Richard Fitton.
Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.
Health research and the protection of personal information rights in international ethics and human rights law Colin M Harper Promoting Health Research.
The European influence on privacy law and practice Nigel Waters, Pacific Privacy Consulting International Dimension of E-commerce and Cyberspace Regulation.
The Eighth Asian Bioethics Conference Biotechnology, Culture, and Human Values in Asia and Beyond Confidentiality and Genetic data: Ethical and Legal Rights.
Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.
INTERNATIONAL E-DISCOVERY: WHEN CULTURES COLLIDE Alvin F. Lindsay Hogan & Hartson LLP.
The Framework for Privacy Policies in the UK: Is telling people what information is gathered about them part of the framework? Does it need to be? Emma.
The Data Protection Act What the Act covers The misuse of personal data by organisations and businesses.
Malcolm Crompton APEC Information Privacy Framework: review, impact, & progress APEC Symposium on Information Privacy Protection in E Government & E Commerce.
PROTECTION OF PERSONAL DATA. OECD GUIDELINES: BASIC PRINCIPLES OF NATIONAL APPLICATION Collection Limitation Principle There should be limits to the collection.
Basic economic freedoms. 1. Free movement of goods The Community shall be based upon a customs union which shall cover all trade in goods and which shall.
Issues Related to Global Information Systems A business can’t just worry about its home- country laws, rules and regulations. If a business has global.
Breakaway Session 2: Data Protection and The Role of the Data Protection Supervisor Michael Mingle Director, NTSS Solutions (UK) D ATA P ROTECTION C ONFERENCE.
APEC Privacy Framework “The lack of consumer trust and confidence in the privacy and security of online transactions and information networks is one element.
Workshop on Privacy of Public Figures and Freedom of Information - Skopje, 9-10 October 2012.
© University of Reading Lee Shailer 06 June 2016 Data Protection the basics.
1 TAIEX JHA Workshop on data protection and cloud computing Data transfers to third countries and standard contractual clauses Skopje, 29 May 2014.
Data protection—training materials [Name and details of speaker]
Presented by Ms. Teki Akuetteh LLM (IT and Telecom Law) 16/07/2013Data Protection Act, 2012: A call for Action1.
Protection of Personal Information Act An Analysis on the impact.
Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.
Privacy. Some Web Science Issues Kieron O’Hara 29 November 2011.
Agencija za zaštitu ličnih/osobnih podataka u Bosni i Hercegovini Агенција за заштиту личних података у Босни и Херцеговини Personal Data Protection Agency.
Data Protection Laws in the European Union John Armstrong CMS Cameron McKenna.
Framework of engagement : big data for official use Roy D. Ibay AVP Regulatory PLDT – Smart.
Surveillance around the world
THE NEW GENERAL DATA PROTECTION REGULATION: A EUROPEAN OR A GLOBAL STANDARD? Bart van der Sloot Senior Researcher Tilburg Institute for Law, Technology,
Data Protection: EU & International
General Data Protection Regulation
Information Governance and Data Privacy: A World of Risk
EU Directive 95/46/EC (Paragraph 2) “Whereas data-processing systems are designed to serve man; whereas they must Respect their fundamental rights.
Bob Siegel President Privacy Ref, Inc.
Bart van der Sloot Data Protection 2.0 The proposal for a General Data Protection Regulation Bart van.
Employee Privacy and Privacy of Employee Information
General Data Protection Regulation
Data Protection principles
Investor protection and MIFID
Bart van der Sloot Data Protection 2.0 The proposal for a General Data Protection Regulation Bart van.
Data transfers to non-EU countries under the new GDPR
The activity of Art. 29. Working Party György Halmos
IAPP TRUSTe SYMPOSIUM 9-11 JUNE 2004
Universal Declaration of Human Rights
Presentation transcript:

IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University

© 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 2 Information Flow Privacy Efficiency Commercial & Governmental Transparency Freedom of Information Freedom of Speech The right to inform the public

© 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 3 Privacy - Class Discussion F How do you balance your right to keep your personal information private versus companies’ rights to make commerce more efficient? F What should be the government’s role in the protection of privacy? F What are the privacy concerns in IBT? F How differences in privacy regulation among countries affect international trade?

© 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 4 Privacy Rationale F Property Theory F Personal information is the property of its holder. One has the right to control uses made of one’s personal information. F Human Right Theory F The right to privacy derives from the human right to liberty and dignity. Everyone has the right to ‘be left alone’ and to protection of personal matters.

© 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 5 The Right to Privacy No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honor and reputation. Everyone has the right to the protection of the law against such interference or attacks. [Universal declaration of human rights] Warren and Brandeis “The Right to Privacy” Harvard Law Review The right to be left alone.

© 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 6 Privacy Regulation F European Union F Comprehensive regulations on the collection, uses and transfer of personal data. F Data Protection Directive, Became effective on 25 October 1998 F United States F Particular medium- specific or sector- specific laws and regulation. F Industry self- regulation. F Voluntary privacy policies.

© 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 7 Data Protection - US v EU E.C. Data Protection F Directive 94/46/EC on the protection of personal data F Harmonized privacy laws among members of the EU U.S. Data Protection F Fair Credit Reporting Act (“FCRA”) F Privacy Act of 1974 F Ad Hoc and Sectoral Approach

© 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 8 Key Features of the EU Directive F Covers any ‘personal data’ i.e., any information relating an identifiable natural person F Covers all kinds of ‘processing of personal data’ which includes the collection, use, storage, transfer, etc. of such data F Provides detailed guidelines regarding the protection of privacy with regard to such data

© 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 9 Data Protection Principles - 1 EU Directive F Data protection measures in a third country should require that controllers process personal information for a specific purpose and not reuse that data for an incompatible purpose. F Personal information should be accurate, adequate, relevant, and not excessive. F The controller should inform data subjects of the purpose for the processing, the controller’s identity, and any other information to ensure fairness.

© 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 10 F The controller should implement appropriate technical and organizational security measures to protect personal data. F The third country’s data protection measures should also provide the data subject with a right to access personal data, a right to correct inaccurate data, and a right to object to processing of the data. F Transfer of personal data is only allowed to countries with adequate protections in place. Data Protection Principles - 2 EU Directive

© 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 11 EU / US Data Exchange F What the importance of ensuring data exchange in IBT? F Can personal data about EU citizens be transferred to US? F Is US laws provide for adequate protection of personal data?

© 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 12 Transfer of Data from the EU -1 F Allowed only to countries that ‘ensure an adequate level of protection’ of personal data. F The adequacy of the level of protection is assessed in the light of all circumstances surrounding a data transfer operation including the rules of law, both general and sectoral, and the professional rules and security measures which are complied with in those countries. F Data Protection Directive, Article 25.

© 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 13 F Where the European Commission finds that a third country does not ensure an adequate level of protection for personal data, it shall take the measures necessary to prevent the transfer of data to the third country in question. F The Commission shall enter into negotiations with a view to remedy the situation and may find that a third country ensures an adequate level of protection by reason of its domestic law or of the international commitments it has entered into. F Data Protection Directive, Article 25. Transfer of Data from the EU -2

© 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 14 F Issued by the US Department of Commerce on 21 July F Negotiated and approved by the EU authorities for the purposes of the Data Protection Directive. F Provides a framework to enable US companies to obtain personal data from the EU. F U.S. companies are able to apply for safe harbor so they can conduct international business smoothly with respect to EU regulations. Safe Harbor Privacy Principles

© 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 15 Notice F individuals must be informed about the purposes, uses and disclosure of their personal information. Choice F individuals must be offered the opportunity to choose whether their information should be disclosed Safe Harbor Principles - 1 F Opt Out –the default rule –individuals are provided with clear withdrawal choice. F Opt In –with respect to ‘sensitive information’ –users must give affirmative or explicit prior consent for disclosure

© 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 16 F Onward Transfer –disclosure to third parties is allowed if and only if the third parties adhere to the Privacy principles. F Security –organizations must employ security measures to protect personal information F Data Integrity –organization must protect the integrity and the accuracy of the personal information they hold F Access –individuals must have access to their personal information to be able to correct, amend or delete F Enforcement Safe Harbor Principles - 2