1. 1 Concept for deliverable on privacy issues on pan-European White Pages service 3rd TF-LSD Meeting Antalya, 13.5.2001 Peter Gietz Peter.gietz@DAASI.de

2. 2 Agenda  Preliminary remarks  European privacy legislation  Other texts on the matter  Privacy issues of the CIP WPS  Organizational and technical solutions

3. 3 Personal Statement  Privacy legislation is not a bug it´s a feature Not a burden but a good thing Not the technical possibilities count but the feasability of these possibilities

4. 4 Discussion features  Privacy discussion is more focused on e- Commerce than on directories  Legislation more complies to data servers, not indexing system

5. 5 International Issue  European solution is only half the way to go  Worldwide regulations exist (OECD, UN)  40 countries around the world have enacted, or are preparing to enact privacy legislation E.g.: Switzerland, Hungary, Kanada, Australia Hong Kong, Taiwan, Japan, Malaysia, South Korea.  „The US has isolated itself from the rest of the world“ (EPIC)  Only has legislation for Federal authorities  Possible solution: „Safe Harbor“

6. 6 Safe Harbor  Organized by Department of Commerce  Catalogue of adequate processing rules for data from Europe  Companies can proclaim their committment  www.export.gov/safeharbor

7. 7 Codes of Conduct  Self defined rules to comply with EU- regulations  One for customer data and one for employee data  Privacy statements  Formalizeable see P3P initiative of W3 Consortium

8. 8 OECD Regulations  OECD Recommendation concerning and Guidelines governing the protection of privacy and transborder flows of personal data, O.E.C.D. Document C(80)58(Final), October 1, 1980 http://www.rewi.hu-berlin.de/Datenschutz/ International/1980_oecd_privacy_guidelines.txt Promotes selfregulatory measures

9. 9 United Nations Regulation  Guidelines concerning computerized personal data files, adopted by the General Assembly on 14 December 1990 http://www.datenschutz- berlin.de/recht/int/uno/gl_pbden.htm

10. 10 1995 Directive  Directive on the protection of individuals with regard to the processing of personal data and on the free movement of such data (95/46, October 1995) http://www.privacy.org/pi/intl_orgs/ec/eudp.html  Preamble: Data-processing systems are designed to serve man Data should be able to flow freely But: They must respect the fundamental freedoms and rights

11. 11 Article 1: Object of the directive Member states shall protect the right to privacy with respect to the processing of personal data but shall not restrict or prohibit free flow of information between member states

12. 12 Article 2: Definitions „personal data“: any information relating to an identifiable natural person (called „data subject“)  White Pages data „processing“: (whether or not automated) collection, storage, retrieval, dissemination, erasure etc.  storage, update, replication and retrieval „personal data filing system“: structured set of personal data which are accessible according to specific criteria, whether centralized or decentralised,...  Directory Service

13. 13 Definitions contd. „controller“: natural or legal person, public authority, agency that determines the purpose and means of the processing  Designer of Directory service „processor“: natural or legal person, etc. which processes personal data on behalf of the controller  Data manager „third party“: natural or legal person, etc. other than the data subject, the controller or the processor, or the person who is authorized to process the data  all others

14. 14 Definitions contd. „recipient“: natural or legal person, etc. natural or legal person, etc. to whom data are disclosed, whether third party or not, but not inquiring authorities  Directory service user „the data subject‘s consent“: any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed  ?? See below

15. 15 Article 3: Scope Processing of data wholly or partly by automatic means and nonautomatic if part of a filing system. But not in cases of public security, defence, State security and activities of the State in areas of criminal law And not if done by a natural person in the course of purely personal or household activity

16. 16 Article 6: principals Fairly and lawfully Collected for specified, explicit and legitimate purpose and not further processed incompatible to that. Historical, statistical or scientifical purposes are never incompatible Adequate, relevant and not exessive Accurate and up to date Identifyable not longer than neccessary

17. 17 Article 7: Criteria Data subject consented or If neccessary for the performance of a contract to which the data subject is party or For compliance with legal obligation of controller or To protect vital interest of the data subject or To perform a task carried out in the public interest... For the purpose of the legitimate interest of the controller or recipient except if against interest or fundamental rights of the data subject

18. 18 Article 10/11 Information Controller has to inform data subject about: Identity of controller Purpose of processing Recipients of the data Existence of the right of access and rectify the data Whether controller asks the data from data subject or gets them otherwise

19. 19 Article 12: Right of Access  Data subject has the right to obtain from controller: Without constraint at reasonable intervals without excesive delay Confirmation whether or not data about him are processed, for what purpose, which data categories and recipients Form and logic of the processing Rectification, erasure or blocking of data Notification of recipients about rectification etc., unless this prooves impossible or involves dispropriate effort

20. 20 Article 14: Right to object  Data subject has the right to object to the processing on compelling legitimate grounds Especially if data are to be used for direct marketing

21. 21 Article 17: Security  Controller must implement measures to protect personal data against: Accidental or unlawful destruction or loss Unauthorized alteration, disclosure or access Especially when processing involves transmission over a network Apropriate to the risks Processor must be governed by a contract or legal act binding in writing or equivalent form

22. 22 Article 25: Transfer to third countries - Principals  Third country must ensure an adequate level of protection  Member state shall take measures necessary to prevent transfer to such a country  Commission shall enter into negotiations with a view to remedying the situation  Member states shall take the necessary measures to comply with the Commision‘s decision

23. 23 Article 26: Transfer to third countries - Derogations  Transmission to Countries with unadequate privacy legislation may take place if: Data subject has given his consent or Neccessary for performance of a contract between data subject and controller or Contract between controller and third party in the interest of data subject or On important public interest grounds or

24. 24 Derogations contd. To protect vital interest of data subject or Transfer is made from a register which according to laws or regulations is intended to provide information to the public and which is open to consultation either by the public in general or by any person who can demonstrate legitimate interest, to the extent that the conditions laid down in law for consultation are fulfilled in the particular case

25. 25 Article 29: Working Party  Working party on the protection of individuals with regard to the processing of personal data is hereby set up.  WG with Chair, secretary and rules of procedure  Independent advisory status  Gives opinion on the level of protection in the comunity and in third countries

26. 26 Working Party  Composed a number of documents on Transfer of personal data to third countries: Defining what constitutes adequate protection Possible ways forward in assessing adequacy On processing of personal data on the Internet Recommendation 1/99 on Invisible and automatic processing of personal data on the Internet performed by software and hardware...

27. 27 1997 Directive  Directive concerning the processing of Personal data and the protection of privacy in the telecommunications sector (97/66/EC, 15. December 1997) http://europa.eu.int/ISPO/infosoc/telecompolicy/en/ 9766en.pdfhttp://europa.eu.int/ISPO/infosoc/telecompolicy/en/ Enhancement of the 1995 directive for the telecommunications sector, especially ISDN and mobile networks

28. 28 Article 2: Definitions „subscriber“: any natural or legal person that is party to a contract with the provider of publicly available telecommunications service „user“: any natural person using such a service for private or business purpose, without neccessarily having subscribed to it

29. 29 Definitions contd. „public telecommunications network“: transmission system and switching equipment and other resources which are used in whole or in part for the provision of publicly available telecommunications service „ telecommunications service“: service that consists wholly or partly in the transmission and routing of signals on telecommunications network, with the exception of radio- and TV-broadcasting

30. 30 Article 11: Directories Personal data contained in printed or electronica directories of subscribers available to the public should be limited to what is neccessary to identify a particular subscriber unless the subscriber has given his consent to the publication of additional personal data.

31. 31 Other European texts  COM(99) 337 final: Proposal for a regulation of the European Parliament for the protection of natural persons at the processing of personal data by organs and institutions of the Community and for the free flow of data, 1999  Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data, Council of Europe, European Treaty Series No. 108. Signed January 28, 1981

32. 32 Other valuable texts  SURFnet: Privacy aspects of directory Services – Directory Services and the changes in privacy legislation – new boundaries for a new paradise [no date, but seems quite new]  Arbeitskreis „Technische und organisatorische Datenschutzfragen“: Datenschutzrechtliche Aspekte beim Einsatz von Verzeichnisdiensten [Privacy legislation aspects of using directory services], 26.10.2000

33. 33 Other valuable texts  Catherine Treca (CNRS/UREC), Erik Huizer (SURFnet): An overview of international privacy issues concerning the provision of Directory Services (Draft sent to IETF ids WG 21.7.1994 [sic])  Work of the The RARE WG on Networked Application Services and the IETF ids WG  Who knows what came out of this?

34. 34 Other texts  RFC 1355: J.Curran (NNSC), A. Marine (SRI): Privacy and accuracy issues in Network Information Center databases, August 1992

35. 35 Privacy Issues  Controller and processor are the maintainers of the actual data server  Do the maintainer of the index service have the same legal bindings to the data subject?  If not all data subjects have consented to transmission to unadequate legislation countries, transmission to those countries has to be prevented

36. 36 Solutions Thanks to SURFnet

37. 37 Organizational Solutions Define and stick to purpose of service Call for a data protection officer Define who is the controller and who is processor Define and restrict population of data subjects Define procedures how the data are gathered and processed Inform data subjects about e.g. via email: Who collected data What data For what purpose About the rights of the data subject

38. 38 Organizational Solut. contd. Define procedure of informing the data subjects about rights and data updates Define how data subjects can make use of their rights (e.g. via signed e-mail, Web-Formular) Better have user consent when he applies for a user account Only collect minimum set of data attributes Publish and disseminate all organizational definitions in a policy text

39. 39 Technical Solutions Establish adequate security agains loss, damage and unlawful access or manipulation of the data Restrict maximum number of retrievable entries Disallow wildcards Restrict number of searchable attributes Do robots detection and refuse services to them Restrict access to user from countries with adequate privacy legislation Disallow access from proxies

40. 40 Technical Solut. contd. Encrypt Indexobjects while on the net Define Crawler policies Only let registered crawlers access the data Enforce digital signatures for e-Mail-consent of the data subjects

41. 41 Proposed structure of deliverable 1. Discussion of EU-Regulation 2. Generic description of CIP index system 3. Privacy issues of the system 4. Organizational and technical solutions

42. 42 How to proceed?  Should be restrict ourselfes to EC-Direcive or interprete othe mentioned regulatory texts?  How detailed should we be?  How much of the directive should we quote?  Should a template privacy policy text be included?  Does it make sence to contact Working Party?

43. 43 How to proceed? Contd.  Who will actively join this work?  I intend to get the first draft version out soon  But the matter is very difficult and it is easy to make mistakes