Presentation is loading. Please wait.

Presentation is loading. Please wait.

IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.

Published byStephanie Cameron Modified over 9 years ago

Similar presentations

Presentation on theme: "IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University."— Presentation transcript:

1 IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University

2 © 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 2 Information Flow Privacy Efficiency Commercial & Governmental Transparency Freedom of Information Freedom of Speech The right to inform the public

3 © 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 3 Privacy - Class Discussion F How do you balance your right to keep your personal information private versus companies’ rights to make commerce more efficient? F What should be the government’s role in the protection of privacy? F What are the privacy concerns in IBT? F How differences in privacy regulation among countries affect international trade?

4 © 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 4 Privacy Rationale F Property Theory F Personal information is the property of its holder. One has the right to control uses made of one’s personal information. F Human Right Theory F The right to privacy derives from the human right to liberty and dignity. Everyone has the right to ‘be left alone’ and to protection of personal matters.

5 © 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 5 The Right to Privacy No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honor and reputation. Everyone has the right to the protection of the law against such interference or attacks. [Universal declaration of human rights] Warren and Brandeis “The Right to Privacy” Harvard Law Review 1890. The right to be left alone.

6 © 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 6 Privacy Regulation F European Union F Comprehensive regulations on the collection, uses and transfer of personal data. F Data Protection Directive, 1995 - Became effective on 25 October 1998 F United States F Particular medium- specific or sector- specific laws and regulation. F Industry self- regulation. F Voluntary privacy policies.

7 © 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 7 Data Protection - US v EU E.C. Data Protection F Directive 94/46/EC on the protection of personal data F Harmonized privacy laws among members of the EU U.S. Data Protection F Fair Credit Reporting Act (“FCRA”) F Privacy Act of 1974 F Ad Hoc and Sectoral Approach

8 © 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 8 Key Features of the EU Directive F Covers any ‘personal data’ i.e., any information relating an identifiable natural person F Covers all kinds of ‘processing of personal data’ which includes the collection, use, storage, transfer, etc. of such data F Provides detailed guidelines regarding the protection of privacy with regard to such data

9 © 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 9 Data Protection Principles - 1 EU Directive F Data protection measures in a third country should require that controllers process personal information for a specific purpose and not reuse that data for an incompatible purpose. F Personal information should be accurate, adequate, relevant, and not excessive. F The controller should inform data subjects of the purpose for the processing, the controller’s identity, and any other information to ensure fairness.

10 © 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 10 F The controller should implement appropriate technical and organizational security measures to protect personal data. F The third country’s data protection measures should also provide the data subject with a right to access personal data, a right to correct inaccurate data, and a right to object to processing of the data. F Transfer of personal data is only allowed to countries with adequate protections in place. Data Protection Principles - 2 EU Directive

11 © 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 11 EU / US Data Exchange F What the importance of ensuring data exchange in IBT? F Can personal data about EU citizens be transferred to US? F Is US laws provide for adequate protection of personal data?

12 © 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 12 Transfer of Data from the EU -1 F Allowed only to countries that ‘ensure an adequate level of protection’ of personal data. F The adequacy of the level of protection is assessed in the light of all circumstances surrounding a data transfer operation including the rules of law, both general and sectoral, and the professional rules and security measures which are complied with in those countries. F Data Protection Directive, Article 25.

13 © 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 13 F Where the European Commission finds that a third country does not ensure an adequate level of protection for personal data, it shall take the measures necessary to prevent the transfer of data to the third country in question. F The Commission shall enter into negotiations with a view to remedy the situation and may find that a third country ensures an adequate level of protection by reason of its domestic law or of the international commitments it has entered into. F Data Protection Directive, Article 25. Transfer of Data from the EU -2

14 © 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 14 F Issued by the US Department of Commerce on 21 July 2000. F Negotiated and approved by the EU authorities for the purposes of the Data Protection Directive. F Provides a framework to enable US companies to obtain personal data from the EU. F U.S. companies are able to apply for safe harbor so they can conduct international business smoothly with respect to EU regulations. Safe Harbor Privacy Principles

15 © 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 15 Notice F individuals must be informed about the purposes, uses and disclosure of their personal information. Choice F individuals must be offered the opportunity to choose whether their information should be disclosed Safe Harbor Principles - 1 F Opt Out –the default rule –individuals are provided with clear withdrawal choice. F Opt In –with respect to ‘sensitive information’ –users must give affirmative or explicit prior consent for disclosure

16 © 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 16 F Onward Transfer –disclosure to third parties is allowed if and only if the third parties adhere to the Privacy principles. F Security –organizations must employ security measures to protect personal information F Data Integrity –organization must protect the integrity and the accuracy of the personal information they hold F Access –individuals must have access to their personal information to be able to correct, amend or delete F Enforcement Safe Harbor Principles - 2

Download ppt "IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University."

Similar presentations

EU Privacy Directive. What is a directive? A piece of European legislation, passed by bureaucrats, addressed to member states Member states must ensure.

EU Privacy Directive. What is a directive? A piece of European legislation, passed by bureaucrats, addressed to member states Member states must ensure.
Public Sector Information & Data Protection: A plea for personal privacy settings for the re-use of PSI Bart van der Sloot Institute for Information Law.

Public Sector Information & Data Protection: A plea for personal privacy settings for the re-use of PSI Bart van der Sloot Institute for Information Law.
PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR

PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR
NATIONAL INFORMATION GOVERNANCE BOARD

NATIONAL INFORMATION GOVERNANCE BOARD
The data retention directive: data protection aspects Frank Robben General manager Crossroads Bank for Social Security Sint-Pieterssteenweg 375 B-1040.

The data retention directive: data protection aspects Frank Robben General manager Crossroads Bank for Social Security Sint-Pieterssteenweg 375 B-1040.
Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.

Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
US Constitution and Right to Privacy Generally only protects against government action Doesn’t obligate government to do something, but rather to refrain.

US Constitution and Right to Privacy Generally only protects against government action Doesn’t obligate government to do something, but rather to refrain.
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
Data Protection.

Data Protection.
CSE2500 Systems Security and Privacy Week 11 Privacy Law in Australia (after 2000)

CSE2500 Systems Security and Privacy Week 11 Privacy Law in Australia (after 2000)
Data Protection and Records Management

Data Protection and Records Management
The European Union legal framework for clinical data access: The European Union legal framework for clinical data access: potential challenges and opportunities.

The European Union legal framework for clinical data access: The European Union legal framework for clinical data access: potential challenges and opportunities.
EU: Bilateral Agreements of Member States

EU: Bilateral Agreements of Member States
EU: Bilateral Agreements of Member States. Formerly concluded international agreements of Member States with third countries Article 351 TFEU The rights.

EU: Bilateral Agreements of Member States. Formerly concluded international agreements of Member States with third countries Article 351 TFEU The rights.
Lecture to Carleton University, Center for European Studies, December 1, 2010.

Lecture to Carleton University, Center for European Studies, December 1, 2010.
What if my organization conducts business across borders ? Your footnote Privacy and “Personal Information” have different meanings in different countries;

What if my organization conducts business across borders ? Your footnote Privacy and “Personal Information” have different meanings in different countries;
A European View of Privacy Protection John Woulds Director of Operations UK Data Protection Commissioner National Conference on Privacy, Technology & Criminal.

A European View of Privacy Protection John Woulds Director of Operations UK Data Protection Commissioner National Conference on Privacy, Technology & Criminal.
Per Anders Eriksson

Per Anders Eriksson
Transborder dataflows Flow of information across national borders Much of this data involves personal information.

Transborder dataflows Flow of information across national borders Much of this data involves personal information.
Anomalous Aspects of Transfer of Personal Data from the E.U. to the U.S. Stephen R. Bell Willkie Farr & Gallagher ABA Section of International Law New.

Anomalous Aspects of Transfer of Personal Data from the E.U. to the U.S. Stephen R. Bell Willkie Farr & Gallagher ABA Section of International Law New.

Similar presentations

Ads by Google