1 / 19

Introduction

Privacy and Human Rights 2004 An International Survey of Privacy Laws and Developments Cédric Laurant Electronic Privacy Information Center Washington, DC - USA. Introduction. Scope: Overview and thematic sections:

mostyn
Download Presentation

Introduction

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Privacy and Human Rights 2004An International Survey ofPrivacy Laws and DevelopmentsCédric LaurantElectronic Privacy Information CenterWashington, DC - USA

  2. Introduction • Scope: • Overview and thematic sections: • E-commerce, Surveillance of communications, genetic privacy, RFID, workplace privacy, video surveillance,... • New sections: e-voting, travel privacy, WSIS, ... • Country reports (~ 60 countries): • Privacy laws and regulations, constitutional framework, landmark case law, news stories, related developments in fields related to privacy, major advocacy work by NGOs and civil society, • Contributors: • Academics, DPA representatives, civil right activists, and other privacy experts. • Method: • Reference in footnotes to primary sources and authoritative secondary sources; • Work with local experts on each country report; • Work with privacy experts for the thematic sections; • Update on most recent work done by data protection authorities.

  3. 1. - New governmental measures related to anti-terrorism • 1.1. - Travel documents • New means to secure identification - Use of new technologies (biometrics, RFID). • US government push, after 11 Sept. 2001, for machine-readable passports that incorporate biometrics. Deadline of October 2004. • This push forced countries all over the world to react. Some governments revived previous national ID schemes that had been rejected in the past. • Examples: Philippines, Canada. • Countries first create identification schemes first for foreigners • Example: Switzerland • Function creep: • Example: Taiwan, UK.

  4. 1. - New governmental measures related to anti-terrorism • 1.2. - Traveler prescreening and profiling schemes • Major leaders: • US: CAPPS-II (then Secure Flight); • Canada, Australia, Philippines,... • Disclosures of passenger information in violation of data protection laws in EU countries • Reactions by some countries: Switzerland, Iceland, Hungary,...

  5. 1. - New governmental measures related to anti-terrorism • 1.3. - New anti-terrorism laws/governmental measures • Laws originally enacted for legitimate purposes (the fight against terrorism) but later enforced for additional purposes • Examples: South Africa, Malaysia. • Laws enacted under the pretenses of the fight against terrorism but enforced for other purposes • Examples: Sweden; United Kingdom. • Laws adopted under influence of international anti-terrorism agreements • Example: New Zealand.

  6. 1. - New governmental measures related to anti-terrorism • 1.4. - Better search capabilities and increased sharing of information among law enforcement authorities • New police cooperation agreements: • Example: Switzerland. • Push for data retention policies: • Examples: Estonia (3 years); Italy (4 yrs); Nigeria (5 yrs proposal); Argentina (10 yrs) • Improved collection of information: • Example: Canada.

  7. 2. Other governmental measures • 2.1. - Video surveillance • New governmental uses: • Examples: public places (ex.: Malaysia), for toll collection purposes (ex.: Germany); in transportation means (ex.: in Italy); etc. • Purposes: • Examples: Monitor and prevent violent activities by Islamic groups (Thailand). • Oversight measures: • Examples: complaints by the DPA (ex.: Canada); consultations/hearings (ex.: Quebec); opinions/guidelines by DPA (ex.: Italy and Canada (Ontario)). • Safeguard measures: • Examples: mandatory notice (ex.: Netherlands); protection of recorded images (ex.: Brazil); maximum retention periods (ex.: Slovenia). • Bad actors: • Example: Switzerland (legal basis contested, video surveillance system legalized after the fact).

  8. 2. Other governmental measures • 2.2. - Smart cards • Uses: • Unique ID number (ex.: Ireland); passport; driver’s license; banking card (ex.: Malaysia); sensitive information (health data (e.g., blood type, in Taiwan and Thailand); religion and tax information (ex.: Thailand); secure token of identity (ex.: Ireland). • Coupled with biometric information: • Fingerprints (ex.: Thailand). • Connected to e-government services: • Examples: Thailand. • Information to be stored in a central database: • Example: Germany. • Generally first developed with minority populations: • Examples: refugees, illegal foreigners (ex.: South Africa). • Problems/Criticism: • No data protection law in place (ex.: Malaysia); • Violation of constitution and/or data protection law: (ex.: Germany and Taiwan); • Opposition by DPA: ex.: Germany.

  9. 2. Other governmental measures • 2.3. - Constitution of DNA or health information databases • Their establishment and use have increased: • Increasing reliance upon DNA evidence; use of DNA databanks is expected to double in the next few years. Creation of a national DNA database (ex.: Australia, Israel, UK). • Extension of the number of offenses leading to a record in the database/number of people compelled to be recorded/duration of retention: • Sexual offenders (ex.: France); violent offenders or all felons (ex.: USA); persons arrested-not charged yet or later acquitted (ex.: UK); drunk drivers-not convicted yet (ex.: UK); babies and parents (ex.: UK); indefinite retention (UK). • New purposes: • Social security (ex.: France); medical research (ex.: Estonia and Iceland). • Privacy risks: • No control by individuals of when genetic testing is conducted or how results are used; • Two most controversial areas: genetic testing in the workplace and as a condition to obtain medical and life insurance coverage.

  10. 2. Other governmental measures • 2.3. - Constitution of DNA or health information databases • Privacy protections: • Examples: genome project (Estonia). • Legality/constitutionality: • Law considered in violation of the Constitution (ex.: Iceland). • No public awareness: Ex.: in New Zealand. • Oversight: DPA investigation (ex.: Netherlands).

  11. 2. Other governmental measures • 2.4. - Censorship measures • Monitoring of e-mails, telephone and fax communications, SMS, and Internet browsing: • Examples: China. • Internet filtering: • Singapore, Peru. • Surveillance of Internet cafés: • Examples: China. • Censorship-type regulation of the Internet: • Examples: Russia (pending bill). • Debates/Criticism: • Examples: Slovenia: debate after publication of Secret Service files on 1.5 million persons on the Internet and blocking by the DPA; Thailand: journalist associations criticized government’s information access policy and editorial intervention on media content.

  12. 3. Private sector surveillance • 3.1. - Radio Frequency Identification (RFID) • Various uses: • Libraries (book management - ex.: Finland, Singapore); money (ex.: Japan); location of people (ex.: Mexico); medical purposes (ex.: Mexico); tracking of dangerous dogs (Peru); cashless payment (Spain); license plates (UK); political purposes (Switzerland),... • Problems/criticism: • No notification to consumers: big retail chain in Germany; WSIS meeting (Switzerland); • Violation of data protection laws: Switzerland; • Laws/guidelines: • Laws: EU Dir. 1995/46/EC data protection framework; pending bills (USA). • Guidelines: Italy, Japan, Portugal, ... • Technology in development: • Example: Taiwan. • Opposition by privacy and consumer groups: ex.: in USA.

  13. 3. Private sector surveillance • 3.2. - Workplace monitoring • DPAs’ positions: • Examples: German DP Commissioner; French DPA’s report. • New laws/bills: • Example: new Czech Republic law to end continued intrusions into employees’ privacy. • New case law: • Example: Brazil: case law limits employer’s monitoring of employee’s computer; bills soon to be proposed to protect privacy in the workplace.

  14. 3. Private sector surveillance • 3.3. - Video Surveillance • Obligation of notification: • Example: Brazil. • Complaints: • Example: complaints launched by Canadian DP commissioner. • Guidelines: • Example: Swiss DPA’s guidelines.

  15. 4. New data protection laws and data protection authorities • 4.1. - New data protection laws/pending bills • Areas of protection: • Health personal information (ex.: Bulgaria, Japan; Uruguay); • Credit data (ex.: Japan); • Smart card users (ex.: Malaysia); • Telecom data: implementation of EU Dir. on Privacy and Electronic Communications throughout EU Member States); new telecom law (Ukraine); • Surreptitious taking of pictures in public areas w/o consent (ex.: South Korea, USA); • Consumers regarding spam and other unsolicited communications (ex.: Chile). • Implementation of EU Data Protection Directive (1995/46/EC): • All new EU Member States, France, Ireland, Italy,... • Privacy and Electronic Communications Services (2002/58/EC): • At various stages of implementation in all EU Member States. • Model: • EU Data Protection Directive model: Costa Rica, Mexico, Sri Lanka, Turkey, Thailand. • 4.2. - New data protection authorities • Ukraine: new telecom law creates a DPA whose mission is to protect consumers and data subjects’ rights. Not yet operational.

  16. 5. Recent developments • 5.1. - Spam • New laws or bills throughout the world (esp. new EU Dir. 2002/58 implemented throughout EU Member States); new anti-spam groups; new case law; public consultations; fracture: opt-in (esp. European Union) >< opt-out (United States). • 5.2. - E-government • 5.3. - E-voting • 5.4. - Mismanagement of personal data - Data leaks • Examples: Japan, Peru, Slovenia, South Africa, Switzerland,...

  17. 6. Successful advocacy and oversightby NGOs and civil liberties groups • France: campaign against the Loi sur l’Economie Numérique that got struck down by the Constitutional Council. • Germany: outcry against retail chain’s use of RFID tags unbeknownst to its customers. Metro stopped using RFID tags. • Greece: DPA struck down the use of biometric identity verification in airports because the collection exceeded its purpose. • Malaysia: Bar Council criticized security and privacy risks of Mykad. As a result the government is now working on a bill to answer such concerns. • Poland: Constitutional Tribunal found illegal a law that allowed police officers to observe and record events in public places. Public interest groups had opposed the law b/c considered that it violated the right to privacy. • Sweden: DPA forbade a school’s fingerprint recognition program. • Ukraine: a new law that restricts access to information was strongly opposed by several NGO’s and int’l organizations b/c violates Constitution and global FOI standards. In reaction, amendments were introduced that improve the final version of the law.

  18. 7. Developments in open government • 7.1. - New FOI laws • China; • Mexico; • Poland; • Slovenia; • Turkey. • Lack of enforcement criticized in Thailand. • Law that restricts access to information: in Ukraine. Criticized as violating the Constitution and and global FOI standards. • 7.2. - New FOI agencies • Mexico; • Slovenia.

  19. 8. Open questions • Are the measures undertaken in response to terrorism legitimate in all cases? • How proportionate are these measures with regard to their intended purposes? • Is a data protection legal framework always necessary to protect people from invasive governmental surveillance measures? • Is the public sufficiently aware of the privacy implications of new surveillance measures? • Have increased powers for law enforcement authorities been matched with adequate oversight measures? • Has privacy been taken enough into account in the enactment of new surveillance laws?

More Related