The geopolitics of personal data and the governance of privacy
Sponsored Links
This presentation is the property of its rightful owner.
1 / 20

The Geopolitics of Personal Data and the Governance of Privacy PowerPoint PPT Presentation

  • Uploaded on
  • Presentation posted in: General

The Geopolitics of Personal Data and the Governance of Privacy. Colin J. Bennett Department of Political Science University of Victoria BC, Canada [email protected] Presentation to Conference on “Power and Difference,” Tampere, Finland, August 29 th.

Download Presentation

The Geopolitics of Personal Data and the Governance of Privacy

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

The Geopolitics of Personal Data and the Governance of Privacy

Colin J. Bennett

Department of Political Science

University of Victoria

BC, Canada

[email protected]

Presentation to Conference on “Power and Difference,” Tampere, Finland, August 29th

Trends in Surveillance Practices – The “New Transparency”

  • Routinizationand expansion of "everyday surveillance”

  • Ambiguity about the nature of personal information

  • Surveillance of mobility and location

  • Embedding of surveillance in material objects

  • Peer-to-peer (horizontal) surveillance

  • Globalization of surveillance practices and processes

    Is the concept and regime of “privacy” appropriate to meet these challenges?

Justifications for Privacy in the West

  • As a Right of the Person

    • La Vie Privée (France)

    • Privatsphäre (Germany)

    • The “Right to be Let Alone” (United States)

    • “Integritet” (Sweden)

  • As a Political Value: A Check against Powerful State and Private Organizations

  • As an Instrumental Value

    • To ensure that the right data are used by the right people for the right purposes

    • To build “trust”in e-commerce and e-government

    • To manage “risk”

The Sociological Critique of “Privacy”

  • Rooted in individualism

  • A rights-based discourse

  • Excessive use of spatial metaphors

  • Insensitive to discrimination and “social sorting”

  • Cultural relativism

The Information Privacy Principles

  • Accountability

  • Purpose identification at time of collection

  • Informed consent for collection

  • To limit use and disclosure (finality)

  • Retention limitation

  • Data quality

  • Data security

  • Openness about policies and practices

  • Individual access and correction

A principled-based approach appears in:

  • Comprehensive data protection laws in around 80 countries

  • Sectoral Legislation in information intensive industries

  • International agreements from Council of Europe, OECD, European Union, Asia-Pacific Economic Cooperation

  • Self-regulatory codes and management and technical standards

International Policy Convergence

  • International policy learning

  • Elite networking

  • Policy harmonization

  • Policy penetration

The European Union

  • Directive 95/46/EC on Personal Data Protection

    • Harmonization of all European Data Protection laws to higher and common standard

    • Insistence on a “supervisory authority” with common powers in each state

    • An “adequate level of protection” in countries that receive European personal data

  • Directive 2009/136/EC: The “Cookie Rules”

  • Draft Regulation on Data Protection, January 2012

The EU’s “Adequacy Standards”

  • Articles 25 and 26 of the EU Data Protection Directive (1995) 95/46/EC

  • Personal data should not be transferred outside EU unless an “adequate level of protection” which requires:

    • Basic content principles: Purpose limitation; data quality and proportionality; transparency; security; rights of access, rectification and opposition; restrictions on onward transfers

    • Procedural/enforcement principles: good level of compliance with the rules; support and help provided to individual data subjects; appropriate redress provided to the injured party

  • Administered by Article 29 Working Party of Supervisory authorities

The Council of Europe Regime

  • 1981 Convention on the Protection of Individuals with Regard to the Automatic Processing of Personal Data (Treaty 108)

    • Ratified by 25 countries

    • Signed by 33 countries

    • Recommendations on specific practices

The OECD Regime

  • Guidelines on the Protection of Privacy and Transborder Flows of Personal Data(1981)

  • Guidelines for the Security of Information Systems (1992)

  • Guidelines for Cryptography Policy (1997)

  • 30 year anniversary of guidelines and analysis of their future?

The APEC Regime

  • The APEC Privacy Principles (2005)

  • Pathfinder process for accountable cross-border flows of personal data within APEC

International Standards Regime

  • ISO 27000 series (Data Security)

  • ISO 24745 (Biometric Information Protection)

  • ISO 24760 –( Framework for Identity Management).

  • ISO 29100 – (A Privacy Framework)

  • ISO 29101 (Privacy Reference Architecture)

The Policy Dilemma


  • The presence of key legal principles

  • An independent supervisory authority

  • A good level of compliance


  • Makes original collector of personal data ‘responsible’ – ‘liable?’

  • Evaluates the “due diligence” of the organization

    • Use of contracts

    • Binding corporate rules

    • Self-certification schemes

    • Third-party certification to management and technical standards

The Framing (Discursive) Dilemma

  • The Protection of “Privacy”?

  • The Minimization of “Surveillance”?

The Geo-Political Dilemma

  • National Sovereignty

  • Personal Identity and Subjectivity

  • The “Anti-Geography” of the Internet

  • Login