Privacy and Human Rights 2004
This presentation is the property of its rightful owner.
Sponsored Links
1 / 19

Introduction PowerPoint PPT Presentation


  • 82 Views
  • Uploaded on
  • Presentation posted in: General

Privacy and Human Rights 2004 An International Survey of Privacy Laws and Developments Cédric Laurant Electronic Privacy Information Center Washington, DC - USA. Introduction. Scope: Overview and thematic sections:

Download Presentation

Introduction

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Introduction

Privacy and Human Rights 2004An International Survey ofPrivacy Laws and DevelopmentsCédric LaurantElectronic Privacy Information CenterWashington, DC - USA


Introduction

Introduction

  • Scope:

    • Overview and thematic sections:

      • E-commerce, Surveillance of communications, genetic privacy, RFID, workplace privacy, video surveillance,...

      • New sections: e-voting, travel privacy, WSIS, ...

    • Country reports (~ 60 countries):

      • Privacy laws and regulations, constitutional framework, landmark case law, news stories, related developments in fields related to privacy, major advocacy work by NGOs and civil society,

  • Contributors:

    • Academics, DPA representatives, civil right activists, and other privacy experts.

  • Method:

    • Reference in footnotes to primary sources and authoritative secondary sources;

    • Work with local experts on each country report;

    • Work with privacy experts for the thematic sections;

    • Update on most recent work done by data protection authorities.


1 new governmental measures related to anti terrorism

1. - New governmental measures related to anti-terrorism

  • 1.1. - Travel documents

    • New means to secure identification - Use of new technologies (biometrics, RFID).

    • US government push, after 11 Sept. 2001, for machine-readable passports that incorporate biometrics. Deadline of October 2004.

    • This push forced countries all over the world to react. Some governments revived previous national ID schemes that had been rejected in the past.

      • Examples: Philippines, Canada.

    • Countries first create identification schemes first for foreigners

      • Example: Switzerland

    • Function creep:

      • Example: Taiwan, UK.


1 new governmental measures related to anti terrorism1

1. - New governmental measures related to anti-terrorism

  • 1.2. - Traveler prescreening and profiling schemes

    • Major leaders:

      • US: CAPPS-II (then Secure Flight);

      • Canada, Australia, Philippines,...

    • Disclosures of passenger information in violation of data protection laws in EU countries

    • Reactions by some countries: Switzerland, Iceland, Hungary,...


1 new governmental measures related to anti terrorism2

1. - New governmental measures related to anti-terrorism

  • 1.3. - New anti-terrorism laws/governmental measures

    • Laws originally enacted for legitimate purposes (the fight against terrorism) but later enforced for additional purposes

      • Examples: South Africa, Malaysia.

    • Laws enacted under the pretenses of the fight against terrorism but enforced for other purposes

      • Examples: Sweden; United Kingdom.

    • Laws adopted under influence of international anti-terrorism agreements

      • Example: New Zealand.


1 new governmental measures related to anti terrorism3

1. - New governmental measures related to anti-terrorism

  • 1.4. - Better search capabilities and increased sharing of information among law enforcement authorities

    • New police cooperation agreements:

      • Example: Switzerland.

    • Push for data retention policies:

      • Examples: Estonia (3 years); Italy (4 yrs); Nigeria (5 yrs proposal); Argentina (10 yrs)

    • Improved collection of information:

      • Example: Canada.


2 other governmental measures

2. Other governmental measures

  • 2.1. - Video surveillance

    • New governmental uses:

      • Examples: public places (ex.: Malaysia), for toll collection purposes (ex.: Germany); in transportation means (ex.: in Italy); etc.

    • Purposes:

      • Examples: Monitor and prevent violent activities by Islamic groups (Thailand).

    • Oversight measures:

      • Examples: complaints by the DPA (ex.: Canada); consultations/hearings (ex.: Quebec); opinions/guidelines by DPA (ex.: Italy and Canada (Ontario)).

    • Safeguard measures:

      • Examples: mandatory notice (ex.: Netherlands); protection of recorded images (ex.: Brazil); maximum retention periods (ex.: Slovenia).

    • Bad actors:

      • Example: Switzerland (legal basis contested, video surveillance system legalized after the fact).


2 other governmental measures1

2. Other governmental measures

  • 2.2. - Smart cards

    • Uses:

      • Unique ID number (ex.: Ireland); passport; driver’s license; banking card (ex.: Malaysia); sensitive information (health data (e.g., blood type, in Taiwan and Thailand); religion and tax information (ex.: Thailand); secure token of identity (ex.: Ireland).

    • Coupled with biometric information:

      • Fingerprints (ex.: Thailand).

    • Connected to e-government services:

      • Examples: Thailand.

    • Information to be stored in a central database:

      • Example: Germany.

    • Generally first developed with minority populations:

      • Examples: refugees, illegal foreigners (ex.: South Africa).

    • Problems/Criticism:

      • No data protection law in place (ex.: Malaysia);

      • Violation of constitution and/or data protection law: (ex.: Germany and Taiwan);

      • Opposition by DPA: ex.: Germany.


2 other governmental measures2

2. Other governmental measures

  • 2.3. - Constitution of DNA or health information databases

    • Their establishment and use have increased:

      • Increasing reliance upon DNA evidence; use of DNA databanks is expected to double in the next few years. Creation of a national DNA database (ex.: Australia, Israel, UK).

    • Extension of the number of offenses leading to a record in the database/number of people compelled to be recorded/duration of retention:

      • Sexual offenders (ex.: France); violent offenders or all felons (ex.: USA); persons arrested-not charged yet or later acquitted (ex.: UK); drunk drivers-not convicted yet (ex.: UK); babies and parents (ex.: UK); indefinite retention (UK).

    • New purposes:

      • Social security (ex.: France); medical research (ex.: Estonia and Iceland).

    • Privacy risks:

      • No control by individuals of when genetic testing is conducted or how results are used;

      • Two most controversial areas: genetic testing in the workplace and as a condition to obtain medical and life insurance coverage.


2 other governmental measures3

2. Other governmental measures

  • 2.3. - Constitution of DNA or health information databases

    • Privacy protections:

      • Examples: genome project (Estonia).

    • Legality/constitutionality:

      • Law considered in violation of the Constitution (ex.: Iceland).

    • No public awareness: Ex.: in New Zealand.

    • Oversight: DPA investigation (ex.: Netherlands).


2 other governmental measures4

2. Other governmental measures

  • 2.4. - Censorship measures

    • Monitoring of e-mails, telephone and fax communications, SMS, and Internet browsing:

      • Examples: China.

    • Internet filtering:

      • Singapore, Peru.

    • Surveillance of Internet cafés:

      • Examples: China.

    • Censorship-type regulation of the Internet:

      • Examples: Russia (pending bill).

    • Debates/Criticism:

      • Examples: Slovenia: debate after publication of Secret Service files on 1.5 million persons on the Internet and blocking by the DPA; Thailand: journalist associations criticized government’s information access policy and editorial intervention on media content.


3 private sector surveillance

3. Private sector surveillance

  • 3.1. - Radio Frequency Identification (RFID)

    • Various uses:

      • Libraries (book management - ex.: Finland, Singapore); money (ex.: Japan); location of people (ex.: Mexico); medical purposes (ex.: Mexico); tracking of dangerous dogs (Peru); cashless payment (Spain); license plates (UK); political purposes (Switzerland),...

    • Problems/criticism:

      • No notification to consumers: big retail chain in Germany; WSIS meeting (Switzerland);

      • Violation of data protection laws: Switzerland;

    • Laws/guidelines:

      • Laws: EU Dir. 1995/46/EC data protection framework; pending bills (USA).

      • Guidelines: Italy, Japan, Portugal, ...

    • Technology in development:

      • Example: Taiwan.

    • Opposition by privacy and consumer groups: ex.: in USA.


3 private sector surveillance1

3. Private sector surveillance

  • 3.2. - Workplace monitoring

    • DPAs’ positions:

      • Examples: German DP Commissioner; French DPA’s report.

    • New laws/bills:

      • Example: new Czech Republic law to end continued intrusions into employees’ privacy.

    • New case law:

      • Example: Brazil: case law limits employer’s monitoring of employee’s computer; bills soon to be proposed to protect privacy in the workplace.


3 private sector surveillance2

3. Private sector surveillance

  • 3.3. - Video Surveillance

    • Obligation of notification:

      • Example: Brazil.

    • Complaints:

      • Example: complaints launched by Canadian DP commissioner.

    • Guidelines:

      • Example: Swiss DPA’s guidelines.


4 new data protection laws and data protection authorities

4. New data protection laws and data protection authorities

  • 4.1. - New data protection laws/pending bills

    • Areas of protection:

      • Health personal information (ex.: Bulgaria, Japan; Uruguay);

      • Credit data (ex.: Japan);

      • Smart card users (ex.: Malaysia);

      • Telecom data: implementation of EU Dir. on Privacy and Electronic Communications throughout EU Member States); new telecom law (Ukraine);

      • Surreptitious taking of pictures in public areas w/o consent (ex.: South Korea, USA);

      • Consumers regarding spam and other unsolicited communications (ex.: Chile).

    • Implementation of EU Data Protection Directive (1995/46/EC):

      • All new EU Member States, France, Ireland, Italy,...

    • Privacy and Electronic Communications Services (2002/58/EC):

      • At various stages of implementation in all EU Member States.

    • Model:

      • EU Data Protection Directive model: Costa Rica, Mexico, Sri Lanka, Turkey, Thailand.

  • 4.2. - New data protection authorities

    • Ukraine: new telecom law creates a DPA whose mission is to protect consumers and data subjects’ rights. Not yet operational.


5 recent developments

5. Recent developments

  • 5.1. - Spam

    • New laws or bills throughout the world (esp. new EU Dir. 2002/58 implemented throughout EU Member States); new anti-spam groups; new case law; public consultations; fracture: opt-in (esp. European Union) >< opt-out (United States).

  • 5.2. - E-government

  • 5.3. - E-voting

  • 5.4. - Mismanagement of personal data - Data leaks

    • Examples: Japan, Peru, Slovenia, South Africa, Switzerland,...


6 successful advocacy and oversight by ngos and civil liberties groups

6. Successful advocacy and oversightby NGOs and civil liberties groups

  • France: campaign against the Loi sur l’Economie Numérique that got struck down by the Constitutional Council.

  • Germany: outcry against retail chain’s use of RFID tags unbeknownst to its customers. Metro stopped using RFID tags.

  • Greece: DPA struck down the use of biometric identity verification in airports because the collection exceeded its purpose.

  • Malaysia: Bar Council criticized security and privacy risks of Mykad. As a result the government is now working on a bill to answer such concerns.

  • Poland: Constitutional Tribunal found illegal a law that allowed police officers to observe and record events in public places. Public interest groups had opposed the law b/c considered that it violated the right to privacy.

  • Sweden: DPA forbade a school’s fingerprint recognition program.

  • Ukraine: a new law that restricts access to information was strongly opposed by several NGO’s and int’l organizations b/c violates Constitution and global FOI standards. In reaction, amendments were introduced that improve the final version of the law.


7 developments in open government

7. Developments in open government

  • 7.1. - New FOI laws

    • China;

    • Mexico;

    • Poland;

    • Slovenia;

    • Turkey.

    • Lack of enforcement criticized in Thailand.

    • Law that restricts access to information: in Ukraine. Criticized as violating the Constitution and and global FOI standards.

  • 7.2. - New FOI agencies

    • Mexico;

    • Slovenia.


8 open questions

8. Open questions

  • Are the measures undertaken in response to terrorism legitimate in all cases?

  • How proportionate are these measures with regard to their intended purposes?

  • Is a data protection legal framework always necessary to protect people from invasive governmental surveillance measures?

  • Is the public sufficiently aware of the privacy implications of new surveillance measures?

  • Have increased powers for law enforcement authorities been matched with adequate oversight measures?

  • Has privacy been taken enough into account in the enactment of new surveillance laws?


  • Login