Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy Online Professor Ian Walden Institute of Computer and Communications Law, Centre for Commercial Law Studies, Queen Mary, University of London Of.

Published byLeona Madison Beasley Modified over 9 years ago

Similar presentations

Presentation on theme: "Privacy Online Professor Ian Walden Institute of Computer and Communications Law, Centre for Commercial Law Studies, Queen Mary, University of London Of."— Presentation transcript:

1 Privacy Online Professor Ian Walden Institute of Computer and Communications Law, Centre for Commercial Law Studies, Queen Mary, University of London Of Counsel to Baker & McKenzie

2 Introductory Remarks u Personal data –as private life ECHR, Art. 8(1)ECHR, Art. 8(1) –as an asset e.g. Toysmart (2001)e.g. Toysmart (2001) u Internet-based services –nature of the interaction e.g. MySpace, FaceBook, Bebo…e.g. MySpace, FaceBook, Bebo… –mobile Internet u Open networks –issues of identity, sources, recipients..

3 Scope u Distribution of your personal data over the Internet –e.g. telephone directories public information & Freedom of Information lawspublic information & Freedom of Information laws –search engines, spiders & webcrawlers u Obtaining personal data through your use of Internet-based services –e.g. Microsoft’s.NET Passport System –e.g. ‘cookies’

4 Regulatory Framework u European Law –Council of Europe Convention 1981 –EU Directive 95/46/EC Directive 02/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sectorDirective 02/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector u US Law –Privacy Act of 1974 (5 USCA § 552a) –Children’s Online Privacy Protection Act of 1998 under 13, ‘verifiable parental consent’under 13, ‘verifiable parental consent’ –Federal Trade Commission privacy online surveysprivacy online surveys

5 Personal Data u u ‘Personal data’ – –‘relating to an identified or identifiable...directly or indirectly’ – –IP address, domain names & identifying individuals “information that identifies an individual is that which uniquely locates him in that world, by distinguishing him from others” (OIC, 2000) u u ‘Special categories of data’ – –racial/ethnic origin, political, religious or philosophical beliefs, trade-union membership, health or sex life, criminal data u u Use of electronic communications services – –Directive 02/58/EC e.g. ‘traffic data’, ‘location data’

6 Data Protection Principles I u Fair processing –transparency identity, purpose, consequences, disclosuresidentity, purpose, consequences, disclosures related legislation, e.g. distance-selling directive (97/7/EC)related legislation, e.g. distance-selling directive (97/7/EC) placing of ‘privacy statement’placing of ‘privacy statement’ u Lawful processing –not in breach of a legal obligation –based on a legitimate criteria (Article 7) consent or ‘necessary’consent or ‘necessary’ ‘special categories of data’‘special categories of data’

7 Data Protection Principles II u Accurate and kept up to date (art. 6(d)) u Kept no longer than necessary (art. 6(e)) –caching? u Appropriate security measures (art. 17) –“in particular where the processing involves the transmission of data over a network…” e.g. Secure Sockets Layer (SSL)e.g. Secure Sockets Layer (SSL) privacy-enhancing technologiesprivacy-enhancing technologies

8 Exemptions u Distinguishing between the public & private domain –“purely personal and household activities” (Art. 3(2)) Recital 12: ‘activities which are exclusively personal or domestic, such as correspondence and the holding of records of addresses’Recital 12: ‘activities which are exclusively personal or domestic, such as correspondence and the holding of records of addresses’ –Case C-101/01 Lindqvist, ECJ 6 November 2003 para. 47: not applicable ‘publication on the internet so that those data are made accessible to an indefinite number of people’para. 47: not applicable ‘publication on the internet so that those data are made accessible to an indefinite number of people’

9 ‘Cookie’ crumbs u Cookies –profiling e.g. In re DoubleClick Inc. Privacy Litigation (2001)e.g. In re DoubleClick Inc. Privacy Litigation (2001) German Federal Law to Regulate the Conditions for Information and Communications Services (1997)German Federal Law to Regulate the Conditions for Information and Communications Services (1997) –profiling restrictions (art. 4§4) –user awareness & knowledge u Browser software –default settings, e.g. Internet Explorer industry standards, e.g. RFC2109industry standards, e.g. RFC2109

10 International Transfers u Applicable law (Art. 4) –place of establishment –“..for purposes of processing personal data makes use of equipment..” transit exceptiontransit exception web-based forms?web-based forms? –extra-territorial impact u Art. 29 Working Party, No. 56 (2002) u Lindqvist (2003) –uploading to web does not mean ‘transfer’ (para. 68)

11 Spam u Unsolicited contact –distance-selling directives e.g. Directive 97/7/EC, art. 10e.g. Directive 97/7/EC, art. 10 u ‘Unsolicited email’ –Directive 02/58/EC, art. 13: “prior consent” –prohibited e.g. ‘CAN-SPAM’ Act 2003 (15 U.S.C. § 7701)e.g. ‘CAN-SPAM’ Act 2003 (15 U.S.C. § 7701) u Identifiable –e-commerce directive: art.7: “identifiable clearly and unambiguously”“identifiable clearly and unambiguously” –e.g. “ADV:” - California, Tennessee, Nevada

12 Identifying a perpetrator u IP addresses & domain names –P2P participation, dynamic allocation, ‘whois’ databases u Link to user –cybercafes, anonymous remailers, logs EU Directive 06/24/EC: 6-24 monthsEU Directive 06/24/EC: 6-24 months u Obligation to disclose? –criminal procedure e.g. Yahoo!, China & dissident journalist Shi Taoe.g. Yahoo!, China & dissident journalist Shi Tao Regulation of Investigatory Powers Act 2000, Part I, Chap. IIRegulation of Investigatory Powers Act 2000, Part I, Chap. II –civil procedure e.g. Totalise plc v Motley Fool & ors (2001) 4 EMLR 750e.g. Totalise plc v Motley Fool & ors (2001) 4 EMLR 750

13 Self-regulation u ‘Netiquette’ –e.g. ICC Guidelines for access providers & website operators u Privacy-enhancing technologies (PETs) –confidentiality Internet-based payments, e.g. SSL and SET StandardInternet-based payments, e.g. SSL and SET Standard –Platform for Privacy Preferences (P3P) World Wide Web Consortium (W3C)World Wide Web Consortium (W3C) u Labelling –e.g. TRUSTe (www.truste.org)

14 Concluding Remarks u Controller compliance procedures u User knowledge & awareness u Privacy, security & crime –right of anonymity? –reconciling public policy objectives

Download ppt "Privacy Online Professor Ian Walden Institute of Computer and Communications Law, Centre for Commercial Law Studies, Queen Mary, University of London Of."

Similar presentations

Re-use of PSI Data Protection Issues Cécile de Terwangne Professor at the Law Faculty, Research Director at CRIDS University of Namur (Belgium) 2 nd LAPSI.

Re-use of PSI Data Protection Issues Cécile de Terwangne Professor at the Law Faculty, Research Director at CRIDS University of Namur (Belgium) 2 nd LAPSI.
Public Sector Information & Data Protection: A plea for personal privacy settings for the re-use of PSI Bart van der Sloot Institute for Information Law.

Public Sector Information & Data Protection: A plea for personal privacy settings for the re-use of PSI Bart van der Sloot Institute for Information Law.
PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR

PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR
Data Protection Billy Hawkes Data Protection Commissioner Irish Human Rights Commission 20 November 2010.

Data Protection Billy Hawkes Data Protection Commissioner Irish Human Rights Commission 20 November 2010.
DATA PROTECTION and Research University Research Ethics Committee – 30.05.2008 David Cauchi David Cauchi Office of the Commissioner for Data Protection.

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi David Cauchi Office of the Commissioner for Data Protection.
Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.

Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
Convention for the protection of individual with regard to automatic processing of personal data “The purpose of this convention is to secure in the territory.

Convention for the protection of individual with regard to automatic processing of personal data “The purpose of this convention is to secure in the territory.
The Problem Solvers TM www.singleton.com Privacy Rights: Minors and Parents Michael J. Hewitt Marcel Daigle Singleton Urquhart LLP.

The Problem Solvers TM Privacy Rights: Minors and Parents Michael J. Hewitt Marcel Daigle Singleton Urquhart LLP.
Slide 1 Whois Workshop, ICANN Montreal Meeting Topic, June 2003 Privacy and Data protection consideration of the Whois directories discussion Diana ALONSO.

Slide 1 Whois Workshop, ICANN Montreal Meeting Topic, June 2003 Privacy and Data protection consideration of the Whois directories discussion Diana ALONSO.
DATA PROTECTION and Research University Research Ethics Committee – 08.05.2006 David Cauchi Office of the Data Protection Commissioner.

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi Office of the Data Protection Commissioner.
What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.

What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.
Data Protection and Records Management

Data Protection and Records Management
Data Protection and Ethics Committees in Social Science Research

Data Protection and Ethics Committees in Social Science Research
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Text Privacy and Data Protection in Sweden Christine Kirchberger.

Text Privacy and Data Protection in Sweden Christine Kirchberger.
Personal Data Privacy and The Internet by Stephen Lau Privacy Commissioner for Personal Data, Hong Kong SAR at the Joint Conference of the OECD, HCOPIL,

Personal Data Privacy and The Internet by Stephen Lau Privacy Commissioner for Personal Data, Hong Kong SAR at the Joint Conference of the OECD, HCOPIL,
Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.

Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Data Protection: The Law. EU & Irish Legislation Data Protection Directive 95/46/EC Electronic Privacy Directive 2002/58/EC EUROPOL etc Data Protection.

Data Protection: The Law. EU & Irish Legislation Data Protection Directive 95/46/EC Electronic Privacy Directive 2002/58/EC EUROPOL etc Data Protection.
Class 13 Internet Privacy Law European Privacy.

Class 13 Internet Privacy Law European Privacy.
Attorney at the Bars of Paris and Brussels Database exploitation & Data protection Thibault Verbiest Amsterdam 1 April 2005

Attorney at the Bars of Paris and Brussels Database exploitation & Data protection Thibault Verbiest Amsterdam 1 April 2005

Similar presentations

Ads by Google