1 / 20

The Geopolitics of Personal Data and the Governance of Privacy - PowerPoint PPT Presentation

  • Uploaded on

The Geopolitics of Personal Data and the Governance of Privacy. Colin J. Bennett Department of Political Science University of Victoria BC, Canada [email protected] Presentation to Conference on “Power and Difference,” Tampere, Finland, August 29 th.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'The Geopolitics of Personal Data and the Governance of Privacy' - tyrell

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
The geopolitics of personal data and the governance of privacy
The Geopolitics of Personal Data and the Governance of Privacy

Colin J. Bennett

Department of Political Science

University of Victoria

BC, Canada

[email protected]

Presentation to Conference on “Power and Difference,” Tampere, Finland, August 29th

Trends in surveillance practices the new transparency
Trends in Surveillance Practices – PrivacyThe “New Transparency”

  • Routinizationand expansion of "everyday surveillance”

  • Ambiguity about the nature of personal information

  • Surveillance of mobility and location

  • Embedding of surveillance in material objects

  • Peer-to-peer (horizontal) surveillance

  • Globalization of surveillance practices and processes

    Is the concept and regime of “privacy” appropriate to meet these challenges?

Justifications for privacy in the west
Justifications for Privacy in the West Privacy

  • As a Right of the Person

    • La Vie Privée (France)

    • Privatsphäre (Germany)

    • The “Right to be Let Alone” (United States)

    • “Integritet” (Sweden)

  • As a Political Value: A Check against Powerful State and Private Organizations

  • As an Instrumental Value

    • To ensure that the right data are used by the right people for the right purposes

    • To build “trust”in e-commerce and e-government

    • To manage “risk”

The sociological critique of privacy
The Sociological Critique of “Privacy” Privacy

  • Rooted in individualism

  • A rights-based discourse

  • Excessive use of spatial metaphors

  • Insensitive to discrimination and “social sorting”

  • Cultural relativism

The information privacy principles
The Information Privacy Principles Privacy

  • Accountability

  • Purpose identification at time of collection

  • Informed consent for collection

  • To limit use and disclosure (finality)

  • Retention limitation

  • Data quality

  • Data security

  • Openness about policies and practices

  • Individual access and correction

A principled based approach appears in
A principled-based approach appears in Privacy:

  • Comprehensive data protection laws in around 80 countries

  • Sectoral Legislation in information intensive industries

  • International agreements from Council of Europe, OECD, European Union, Asia-Pacific Economic Cooperation

  • Self-regulatory codes and management and technical standards

International policy convergence
International Policy Convergence Privacy

  • International policy learning

  • Elite networking

  • Policy harmonization

  • Policy penetration

The european union
The European PrivacyUnion

  • Directive 95/46/EC on Personal Data Protection

    • Harmonization of all European Data Protection laws to higher and common standard

    • Insistence on a “supervisory authority” with common powers in each state

    • An “adequate level of protection” in countries that receive European personal data

  • Directive 2009/136/EC: The “Cookie Rules”

  • Draft Regulation on Data Protection, January 2012

The eu s adequacy standards
The EU’s “Adequacy Standards” Privacy

  • Articles 25 and 26 of the EU Data Protection Directive (1995) 95/46/EC

  • Personal data should not be transferred outside EU unless an “adequate level of protection” which requires:

    • Basic content principles: Purpose limitation; data quality and proportionality; transparency; security; rights of access, rectification and opposition; restrictions on onward transfers

    • Procedural/enforcement principles: good level of compliance with the rules; support and help provided to individual data subjects; appropriate redress provided to the injured party

  • Administered by Article 29 Working Party of Supervisory authorities

The council of europe regime
The Council Privacyof Europe Regime

  • 1981 Convention on the Protection of Individuals with Regard to the Automatic Processing of Personal Data (Treaty 108)

    • Ratified by 25 countries

    • Signed by 33 countries

    • Recommendations on specific practices

The oecd regime
The OECD Regime Privacy

  • Guidelines on the Protection of Privacy and Transborder Flows of Personal Data(1981)

  • Guidelines for the Security of Information Systems (1992)

  • Guidelines for Cryptography Policy (1997)

  • 30 year anniversary of guidelines and analysis of their future?

The apec regime
The APEC Regime Privacy

  • The APEC Privacy Principles (2005)

  • Pathfinder process for accountable cross-border flows of personal data within APEC

International standards regime
International PrivacyStandards Regime

  • ISO 27000 series (Data Security)

  • ISO 24745 (Biometric Information Protection)

  • ISO 24760 –( Framework for Identity Management).

  • ISO 29100 – (A Privacy Framework)

  • ISO 29101 (Privacy Reference Architecture)

The policy dilemma
The Policy Dilemma Privacy


  • The presence of key legal principles

  • An independent supervisory authority

  • A good level of compliance


  • Makes original collector of personal data ‘responsible’ – ‘liable?’

  • Evaluates the “due diligence” of the organization

    • Use of contracts

    • Binding corporate rules

    • Self-certification schemes

    • Third-party certification to management and technical standards

The framing discursive dilemma
The Framing (Discursive) Dilemma Privacy

  • The Protection of “Privacy”?

  • The Minimization of “Surveillance”?

The geo political dilemma
The Geo-Political Dilemma Privacy

  • National Sovereignty

  • Personal Identity and Subjectivity

  • The “Anti-Geography” of the Internet