The geopolitics of personal data and the governance of privacy
This presentation is the property of its rightful owner.
Sponsored Links
1 / 20

The Geopolitics of Personal Data and the Governance of Privacy PowerPoint PPT Presentation


  • 48 Views
  • Uploaded on
  • Presentation posted in: General

The Geopolitics of Personal Data and the Governance of Privacy. Colin J. Bennett Department of Political Science University of Victoria BC, Canada www.colinbennett.ca [email protected] Presentation to Conference on “Power and Difference,” Tampere, Finland, August 29 th.

Download Presentation

The Geopolitics of Personal Data and the Governance of Privacy

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


The geopolitics of personal data and the governance of privacy

The Geopolitics of Personal Data and the Governance of Privacy

Colin J. Bennett

Department of Political Science

University of Victoria

BC, Canada

www.colinbennett.ca

[email protected]

Presentation to Conference on “Power and Difference,” Tampere, Finland, August 29th


Trends in surveillance practices the new transparency

Trends in Surveillance Practices – The “New Transparency”

  • Routinizationand expansion of "everyday surveillance”

  • Ambiguity about the nature of personal information

  • Surveillance of mobility and location

  • Embedding of surveillance in material objects

  • Peer-to-peer (horizontal) surveillance

  • Globalization of surveillance practices and processes

    Is the concept and regime of “privacy” appropriate to meet these challenges?


Justifications for privacy in the west

Justifications for Privacy in the West

  • As a Right of the Person

    • La Vie Privée (France)

    • Privatsphäre (Germany)

    • The “Right to be Let Alone” (United States)

    • “Integritet” (Sweden)

  • As a Political Value: A Check against Powerful State and Private Organizations

  • As an Instrumental Value

    • To ensure that the right data are used by the right people for the right purposes

    • To build “trust”in e-commerce and e-government

    • To manage “risk”


The sociological critique of privacy

The Sociological Critique of “Privacy”

  • Rooted in individualism

  • A rights-based discourse

  • Excessive use of spatial metaphors

  • Insensitive to discrimination and “social sorting”

  • Cultural relativism


The information privacy principles

The Information Privacy Principles

  • Accountability

  • Purpose identification at time of collection

  • Informed consent for collection

  • To limit use and disclosure (finality)

  • Retention limitation

  • Data quality

  • Data security

  • Openness about policies and practices

  • Individual access and correction


A principled based approach appears in

A principled-based approach appears in:

  • Comprehensive data protection laws in around 80 countries

  • Sectoral Legislation in information intensive industries

  • International agreements from Council of Europe, OECD, European Union, Asia-Pacific Economic Cooperation

  • Self-regulatory codes and management and technical standards


International policy convergence

International Policy Convergence

  • International policy learning

  • Elite networking

  • Policy harmonization

  • Policy penetration


The european union

The European Union

  • Directive 95/46/EC on Personal Data Protection

    • Harmonization of all European Data Protection laws to higher and common standard

    • Insistence on a “supervisory authority” with common powers in each state

    • An “adequate level of protection” in countries that receive European personal data

  • Directive 2009/136/EC: The “Cookie Rules”

  • Draft Regulation on Data Protection, January 2012


The eu s adequacy standards

The EU’s “Adequacy Standards”

  • Articles 25 and 26 of the EU Data Protection Directive (1995) 95/46/EC

  • Personal data should not be transferred outside EU unless an “adequate level of protection” which requires:

    • Basic content principles: Purpose limitation; data quality and proportionality; transparency; security; rights of access, rectification and opposition; restrictions on onward transfers

    • Procedural/enforcement principles: good level of compliance with the rules; support and help provided to individual data subjects; appropriate redress provided to the injured party

  • Administered by Article 29 Working Party of Supervisory authorities


The council of europe regime

The Council of Europe Regime

  • 1981 Convention on the Protection of Individuals with Regard to the Automatic Processing of Personal Data (Treaty 108)

    • Ratified by 25 countries

    • Signed by 33 countries

    • Recommendations on specific practices


The oecd regime

The OECD Regime

  • Guidelines on the Protection of Privacy and Transborder Flows of Personal Data(1981)

  • Guidelines for the Security of Information Systems (1992)

  • Guidelines for Cryptography Policy (1997)

  • 30 year anniversary of guidelines and analysis of their future?


The apec regime

The APEC Regime

  • The APEC Privacy Principles (2005)

  • Pathfinder process for accountable cross-border flows of personal data within APEC


International standards regime

International Standards Regime

  • ISO 27000 series (Data Security)

  • ISO 24745 (Biometric Information Protection)

  • ISO 24760 –( Framework for Identity Management).

  • ISO 29100 – (A Privacy Framework)

  • ISO 29101 (Privacy Reference Architecture)


The policy dilemma

The Policy Dilemma

ADEQUATE LAWS?

  • The presence of key legal principles

  • An independent supervisory authority

  • A good level of compliance

ACCOUNTABLE ORGANIZATIONS?

  • Makes original collector of personal data ‘responsible’ – ‘liable?’

  • Evaluates the “due diligence” of the organization

    • Use of contracts

    • Binding corporate rules

    • Self-certification schemes

    • Third-party certification to management and technical standards


The framing discursive dilemma

The Framing (Discursive) Dilemma

  • The Protection of “Privacy”?

  • The Minimization of “Surveillance”?


The geo political dilemma

The Geo-Political Dilemma

  • National Sovereignty

  • Personal Identity and Subjectivity

  • The “Anti-Geography” of the Internet


  • Login