Presentation is loading. Please wait.

Presentation is loading. Please wait.

CyLab Usable Privacy and Security Laboratory 1 Privacy Policy, Law and Technology Privacy Law September 9, 2010.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "CyLab Usable Privacy and Security Laboratory 1 Privacy Policy, Law and Technology Privacy Law September 9, 2010."— Presentation transcript:

1 CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 1 Privacy Policy, Law and Technology Privacy Law September 9, 2010

2 CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 2 Privacy laws around the world  Privacy laws and regulations vary widely throughout the world  US has mostly sector-specific laws, with relatively minimal protections - often referred to as “patchwork quilt” – Federal Trade Commission has jurisdiction over fraud and deceptive practices – Federal Communications Commission regulates telecommunications  European Data Protection Directive requires all European Union countries to adopt similar comprehensive privacy laws that recognize privacy as fundamental human right – Privacy commissions in each country (some countries have national and state commissions) – Many European companies non-compliant with privacy laws (2002 study found majority of UK web sites non-compliant)

3 CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 3 US law basics  Constitutional law governs the rights of individuals with respect to the government  Tort law governs disputes between private individuals or other private entities  Congress and state legislatures adopt statutes  Federal agencies can adopt regulations which are equivalent to statutes, as long as they don’t conflict with statute

4 CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 4 US Constitution  No explicit privacy right, but a zone of privacy recognized in its penumbras, including – 1st amendment (right of association) – 3rd amendment (prohibits quartering of soldiers in homes) – 4th amendment (prohibits unreasonable search and seizure) – 5th amendment (no self-incrimination) – 9th amendment (all other rights retained by the people)  Penumbra: “fringe at the edge of a deep shadow created by an object standing in the light” (Smith 2000, p. 258, citing Justice William O. Douglas in Griswold v. Connecticut)

5 CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 5 The Bill of Rights  http://en.wikipedia.org/wiki/United_States_Bi ll_of_Rights http://en.wikipedia.org/wiki/United_States_Bi ll_of_Rights

6 CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 6 Federal statutes and state laws  Federal statutes – Tend to be narrowly focused  State law – State constitutions may recognize explicit right to privacy (Georgia, Hawaii) – State statutes and common (tort) law – Local laws and regulations (for example: ordinances on soliciting anonymously)

7 CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 7 Four aspects of privacy tort  You can sue for damages for the following torts (Smith 2000, p. 232-233) – Disclosure of truly intimate facts May be truthful Disclosure must be widespread, and offensive or objectionable to a person of ordinary sensibilities Must not be newsworthy or legitimate public interest – False light Personal information or picture published out of context – Misappropriation (or right of publicity) Commercial use of name or face without permission – Intrusion into a person’s solitude

8 CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 8 The Authority of the FTC  Federal Trade Commission deals with consumer protection  Section 5 of the FTC Act allows the FTC to bring action against any “unfair or deceptive trade practice” – Deceptive = false or misleading claims – Unfair = commercial conduct that causes substantial injury that consumers can’t reasonable avoid, without offsetting benefits  FTC can also enforce certain laws  FTC does not have jurisdiction over certain industries, for example financial  FTC action does not preclude state action  FTC may work with companies to resolve problems informally or launch a formal enforcement action – May result in consent decree and/or fines

9 CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 9 How does the law regulate privacy?  Law may require waiving privacy interests  Law may enforce privacy interests  Typically, the law identifies relevant privacy interests to protect, identifies relevant interests supporting disclosure, and tries to balance both sets of issues in a single resolution

10 CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 10 Difficult legal problems  Can an individual “own” (and therefore sell) his or her own privacy rights?  Should the default assumption be “protect the privacy interest” or “compel waiver of the privacy interest”?  When should the law defer to informal or social norms, or to technological barriers or solutions?

11 CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 11 Some US privacy laws  Fair Credit Reporting Act, 1971 – http://www.ftc.gov/os/statutes/031224fcra.pdf http://www.ftc.gov/os/statutes/031224fcra.pdf  Privacy Act, 1974 – http://www.usdoj.gov/oip/privstat.htm http://www.usdoj.gov/oip/privstat.htm  Right to Financial Privacy Act, 1978 – http://www.fdic.gov/regulations/laws/rules/6500-2550.html http://www.fdic.gov/regulations/laws/rules/6500-2550.html  Cable TV Privacy Act, 1984 – http://epic.org/privacy/cable_tv/ctpa.html http://epic.org/privacy/cable_tv/ctpa.html  Video Privacy Protection Act, 1988 – http://www4.law.cornell.edu/uscode/18/2710.html http://www4.law.cornell.edu/uscode/18/2710.html – http://epic.org/privacy/vppa/ http://epic.org/privacy/vppa/  Family Educational Right to Privacy Act, 1993 – http://www.ed.gov/policy/gen/reg/ferpa/index.html http://www.ed.gov/policy/gen/reg/ferpa/index.html  Electronic Communications Privacy Act, 1994 – http://www4.law.cornell.edu/uscode/18/2701.html http://www4.law.cornell.edu/uscode/18/2701.html  Freedom of Information Act, 1966, 1991, 1996 – http://www.usdoj.gov/oip/index.html http://www.usdoj.gov/oip/index.html

12 CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 12 US law – recent additions  HIPAA (Health Insurance Portability and Accountability Act, 1996) – When implemented, will protect medical records and other individually identifiable health information  COPPA (Children‘s Online Privacy Protection Act, 1998) – Web sites that target children must obtain parental consent before collecting personal information from children under the age of 13  GLB (Gramm-Leach-Bliley-Act, 1999) – Requires privacy policy disclosure and opt-out mechanisms from financial service institutions

13 CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 13 Safe harbor  Membership – US companies self-certify adherence to requirements – Dept. of Commerce maintains signatory list http://www.export.gov/safeharbor/ http://www.export.gov/safeharbor/ – Signatories must provide notice of data collected, purposes, and recipients choice of opt-out of 3rd-party transfers, opt-in for sensitive data access rights to delete or edit inaccurate information security for storage of collected data enforcement mechanisms for individual complaints  Approved July 26, 2000 by EU – reserves right to renegotiate if remedies for EU citizens prove to be inadequate

14 CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 14 Data protection agencies  Australia: http://www.privacy.gov.au/http://www.privacy.gov.au/  Canada: http://www.privcom.gc.ca/http://www.privcom.gc.ca/  France: http://www.cnil.fr/http://www.cnil.fr/  Germany: http://www.bfd.bund.de/http://www.bfd.bund.de/  Hong Kong: http://www.pco.org.hk/http://www.pco.org.hk/  Italy: www.garanteprivacy.it www.garanteprivacy.it  Spain: http://www.ag-protecciondatos.es/http://www.ag-protecciondatos.es/  Switzerland: http://www.edsb.ch/http://www.edsb.ch/  UK: http://www.dataprotection.gov.uk/http://www.dataprotection.gov.uk/  … And many more

15 CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 15 Proposed legislation  Boucher Bill – http://www.boucher.house.gov/images/stories/Pr ivacy_Draft_5-10.pdf http://www.boucher.house.gov/images/stories/Pr ivacy_Draft_5-10.pdf  Rush Bill (BEST PRACTICES) – http://www.house.gov/apps/list/press/il01_rush/ h_r_5777_the_best_practices_act_2010.pdf http://www.house.gov/apps/list/press/il01_rush/ h_r_5777_the_best_practices_act_2010.pdf

Download ppt "CyLab Usable Privacy and Security Laboratory 1 Privacy Policy, Law and Technology Privacy Law September 9, 2010."

Similar presentations

EU Privacy Directive. What is a directive? A piece of European legislation, passed by bureaucrats, addressed to member states Member states must ensure.

EU Privacy Directive. What is a directive? A piece of European legislation, passed by bureaucrats, addressed to member states Member states must ensure.
The Law of Privacy Prof. Michael Madison – University of Pittsburgh School of Law – January 22, 2004 [1] What is privacy? [2] What law regulates privacy?

The Law of Privacy Prof. Michael Madison – University of Pittsburgh School of Law – January 22, 2004 [1] What is privacy? [2] What law regulates privacy?
International Privacy Laws Ashley Michele Green Sensitive Information in a Wired World October 30, 2003.

International Privacy Laws Ashley Michele Green Sensitive Information in a Wired World October 30, 2003.
Mobile Payments and the FTC Manas Mohapatra Director of Mobile Policy Mobile Technology Unit Federal Trade Commission The views expressed are not necessarily.

Mobile Payments and the FTC Manas Mohapatra Director of Mobile Policy Mobile Technology Unit Federal Trade Commission The views expressed are not necessarily.
E-Commerce and the Law Section 13.3. Understanding Business and Personal Law E-Commerce and the Law Section 13.3 Contracts for the Sale of Goods Electronic.

E-Commerce and the Law Section Understanding Business and Personal Law E-Commerce and the Law Section 13.3 Contracts for the Sale of Goods Electronic.
US Constitution and Right to Privacy Generally only protects against government action Doesn’t obligate government to do something, but rather to refrain.

US Constitution and Right to Privacy Generally only protects against government action Doesn’t obligate government to do something, but rather to refrain.
4.01 Foundational knowledge of promotion

4.01 Foundational knowledge of promotion
Silicon Valley Apps for Kids Meetup Laura D. Berger October 22, 2012 The views expressed herein are those of the speaker, and do not represent the views.

Silicon Valley Apps for Kids Meetup Laura D. Berger October 22, 2012 The views expressed herein are those of the speaker, and do not represent the views.
Privacy and the Right to Know Grayson Barber, Esq. Grayson Barber, LLC.

Privacy and the Right to Know Grayson Barber, Esq. Grayson Barber, LLC.
Children's Online Privacy Protection Act and the Video Privacy Protection Act By: Alana Rushing.

Children's Online Privacy Protection Act and the Video Privacy Protection Act By: Alana Rushing.
IS3350 Security Issues in Legal Context

IS3350 Security Issues in Legal Context
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2005 Lorrie Cranor 1 Fair Information Practice.

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2005 Lorrie Cranor 1 Fair Information Practice.
13.1 Chapter 13 Privacy © 2003 by West Legal Studies in Business/A Division of Thomson Learning.

13.1 Chapter 13 Privacy © 2003 by West Legal Studies in Business/A Division of Thomson Learning.
Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.

Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.
Managing Personal Information - Australian Companies Outsourcing to India and the Philippines Professor Margaret Jackson and Marita Shelly.

Managing Personal Information - Australian Companies Outsourcing to India and the Philippines Professor Margaret Jackson and Marita Shelly.
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Privacy Law.

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Privacy Law.
CS294-1 Deeply Embedded Networks Privacy Discussion 11/25/03 David Culler University of California, Berkeley.

CS294-1 Deeply Embedded Networks Privacy Discussion 11/25/03 David Culler University of California, Berkeley.
Security of Computerized Medical Information: Threats from Authorized Users James G. Anderson, Ph.D. Purdue University.

Security of Computerized Medical Information: Threats from Authorized Users James G. Anderson, Ph.D. Purdue University.
Disclaimer This Presentation is provided “as is” without any express or implied warranty. This Presentation is for educational purposes only and does not.

Disclaimer This Presentation is provided “as is” without any express or implied warranty. This Presentation is for educational purposes only and does not.
Computers and Society Carnegie Mellon University Spring 2006 Cranor/Tongia/Farber 1 Intellectual Property.

Computers and Society Carnegie Mellon University Spring 2006 Cranor/Tongia/Farber 1 Intellectual Property.

Similar presentations

Ads by Google