Joanna Kulesza, University of Lodz: Transboundary Challenges of Privacy Protection
Upcoming SlideShare
Loading in...5
×
 

Joanna Kulesza, University of Lodz: Transboundary Challenges of Privacy Protection

on

  • 2,079 views

Network of Excellence Internet Science Summer School. The theme of the summer school is "Internet Privacy and Identity, Trust and Reputation Mechanisms". ...

Network of Excellence Internet Science Summer School. The theme of the summer school is "Internet Privacy and Identity, Trust and Reputation Mechanisms".
More information: http://www.internet-science.eu/

Statistics

Views

Total Views
2,079
Views on SlideShare
1,438
Embed Views
641

Actions

Likes
0
Downloads
8
Comments
0

4 Embeds 641

http://www.internet-science.eu 607
http://internet-science.eu 31
http://www.slashdocs.com 2
http://webcache.googleusercontent.com 1

Accessibility

Upload Details

Uploaded via as Adobe PDF

Usage Rights

CC Attribution License

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Joanna Kulesza, University of Lodz: Transboundary Challenges of Privacy Protection Joanna Kulesza, University of Lodz: Transboundary Challenges of Privacy Protection Presentation Transcript

    • Transboundary  challenges     to  privacy  protec5on   Joanna  Kulesza   University  of  Lodz   Faculty  of  Law  and  Administra5on   Department  of  Interna5onal  Law  and  Interna5onal  Rela5ons     Oxford  Internet  Ins5tute,  August  15th,  2012    
    • scope  •  legal  tools  for  privacy  protec5on  •  privacy  as  an  unenforcable  human  right  •  European  approach  to  privacy  protec5on  •  peer-­‐to-­‐peer  privacy  (Web  2.0)  •  safe  harbor  agreements    •  walled  gardens  of  privacy    •  extra-­‐legal  solu5on  to  the  privacy  challenge  
    • Universal  Declara2on  of  Human  Rights  (UDHR)  1948  Ar2cle  12.  No  one  shall  be  subjected  to  arbitrary  interference  with  his  privacy,  family,  home  or  correspondence,  nor  to  aPacks    upon  his  honour  and  reputa5on.  Ar2cle  29.  (2)  In  the  exercise  of  his  rights  and  freedoms,  everyone  shall  be  subject  only  to  such  limita2ons  as  are        •  determined  by  law   •  solely  for  the  purpose  of  securing  due  recogni5on  and  respect   for  the  rights  and  freedoms  of  others  and   •  of  mee5ng  the  just  requirements  of  morality,  public  order   and  the  general  welfare  in  a  democra5c  society.   author: unknown, source: Wikipedia
    • Interna5onal  Covenant  on  Civil  and     Poli5cal  Rights  (ICCPR)  •  draUed:  1954  •  adopted  :  1966  •  entry  into  force:  1976   author: IdiotSavant, source: Wikipedia,
    • Interna2onal   Ar2cle  17    Covenant  on   1.  No  one  shall  be  subjected  Civil  and   to  arbitrary  or  unlawful  Poli2cal  Rights   interference  with  his   privacy,  family,  home  or   correspondence,  nor  to  unlawful   aPacks  on  his  honour  and   reputa5on.     UN  Human  Rights  Commi2ee  (HRC)   CCPR  General  Comment  No.  16:  Ar?cle  17  (Right  to  Privacy)     The  Right  to  Respect  of  Privacy,  Family,  Home  and   Correspondence,  and  Protec?on  of  Honour  and  Reputa?on     8  April  1988  
    • CCPR  General  Comment  No.  16  •  States  are  required  to  adopt  measures  to  ensure  that  the   prohibi5on  against  privacy  interferences  and  aPacks  is   effec5ve    •  A  posi5ve  obliga5on  of  states  to  ac5vly  protect  individual   privacy  against  interference:  „Effec?ve  measures  have  to  be   taken  by  States  to  ensure  that  informa?on  concerning  a   persons  private  life  does  not  reach  the  hands  of  persons  who   are  not  authorized  by  law  to  receive,  process  and  use  it  •  Surveillance,  whether  electronic  or  otherwise,  intercep?ons  of   telephonic,  telegraphic  and  other  forms  of  communica?on,   wire-­‐tapping  and  recording  of  conversa?ons  should  be   prohibited.  
    • CCPR  General  Comment  No.  16  •  Lawfulness:  no  interference  can  take  place  „except  in  cases   envisaged  by  the  law  •  relevant  legisla5on  must  specify  in  detail  the  precise   circumstances  in  which  such  interferences  may  be  permiPed,   while:  „A  decision  to  make  use  of  such  authorized  interference   must  be  made  […]  on  a  case-­‐by-­‐case  basis  •  Arbitrariness:  „even  interference  provided  for  by  law  should   be  in  accordance  with  the  provisions,  aims  and  objec?ves  of   the  Covenant  and  reasonable  in  the  par?cular  circumstances  
    • Why  doesn t  the  ICCPR  regime  work?  
    • World  Court  of  Human  Rights?  
    • World  Court  of  Human  Rights?  The  establishment  of  a  World  Court  of  Human  Rights   could  help  to  bridge  the  gap  between  codified  rights   and  reality.  The  idea  of  such  a  Court  dates  back  to   1947.  Due  to  the  Cold  War,  however,  the  proposal   did  not  find  consensus  among  States.  Thus  the  World   Court  of  Human  Rights  was  never  realised  and   remained  s?gma?sed  as  utopian.     Author: Sylvain Savolainen, source: www.udhr60.ch
    • Privacy  protec5on  in  Europe  
    • Privacy  protec5on  in  Europe  (ECHR)  Conven2on  for  the  Protec2on  of  Human  Rights  and  Fundamental  Freedoms   (European  Conven5on  on  Human  Rights,  ECHR),  1953  (draUed  1950)     ECHR  jurisprudence  recognizes  the  right  to  privacy  in  its  Ar5cle  8  as  a   deriva5ve  of  the  right  to  have  one’s  private  and  family  life  respected.  Ar?cle  8  1.  Everyone  has  the  right  to  respect  for  his  private  and  family  life,  his  home   and  his  correspondence.  2.  There  shall  be  no  interference  by  a  public  authority  with  the  exercise  of  this   right  except  such  as  is  in  accordance  with  the  law  and  is  necessary  in  a   democra?c  society  in  the  interests  of  na?onal  security,  public  safety  or  the   economic  well-­‐being  of  the  country,  for  the  preven?on  of  disorder  or   crime,  for  the  protec?on  of  health  or  morals,  or  for  the  protec?on  of  the   rights  and  freedoms  of  others.   à  rich  jurisprudence  
    • Privacy  protec5on  in  Europe  (EU)   Charter  of  Fundamental  Rights  of  the  European  Union  2009  (2000)  Ar?cle  7  Respect  for  private  and  family  life  Everyone  has  the  right  to  respect  for  his  or  her  private  and  family  life,  home   and  communica5ons.  Ar?cle  8  Protec2on  of  personal  data  1.  Everyone  has  the  right  to  the  protec5on  of  personal  data  concerning  him   or  her.  2.  Such  data  must  be  processed  fairly  for  specified  purposes  and  on  the  basis   of  the  consent  of  the  person  concerned  or  some  other  legi5mate  basis  laid   down  by  law.  Everyone  has  the  right  of  access  to  data  which  has  been   collected  concerning  him  or  her,  and  the  right  to  have  it  rec5fied.  3.  Compliance  with  these  rules  shall  be  subject  to  control  by  an  independent   authority.   effec5veness  ques5oned,  esp.  with  the  Bri5sh,  Czech  and  Polish  opt-­‐out  protocol  
    • privacy  and  personal  data  
    • Privacy  protec5on  in  Europe  (EU)   Direc5ve  95/46/EC  of  the  European  Parliament  and  of  the  Council  of  24   October  1995  on  the  protec5on  of  individuals  with  regard  to  the   processing  of  personal  data  and  on  the  free  movement  of  such  data      Ar5cle  3    Scope  2.  This  Direc5ve  shall  not  apply  to  the  processing  of  personal   data:  -­‐  by  a  natural  person  in  the  course  of  a  purely  personal  or   household  ac2vity.     author/source:  promo5onal-­‐items.in    
    • „a  purely  personal  ac5vity on-­‐line  ü social  networks?  ü private  pages?  weblogs?  criteria?  •  data  availability?  •  network  character?   J. Kulesza, Transboundary challenges to privacy protection
    • peer-­‐to-­‐peer  privacy   Web  2.0  challenge   J. Kulesza, Transboundary challenges to privacy protection
    • J. Kulesza, Transboundary challenges to privacy protection 18
    • J. Kulesza, Transboundary challenges 19 to privacy protection
    • geolocalisa5on  data   20
    • social  seman5c  web   J. Kulesza, Transboundary challenges to privacy protection 21
    • J. Kulesza, Transboundary challenges to privacy protection 22
    • peer-­‐to-­‐peer  privacy  •  new  categories  of  data  (geolocalisa5on)  •  new  tools  enabling  detailed  personal  profiling   for  private  purposes      •  no  anonymity    •  durability  of  data  (right  to  be  forgoPen?)   J. Kulesza, Transboundary challenges to privacy protection 23
    • Privacy  2.0  „Mash  together  these  technologies  (…)  and  it  becomes  trivial  to   receive  answers  to  ques?ons  like:  Where  was  Jonathan   Zi2rain  last  year  on  the  fourteenth  of  February?,  or,  Who   could  be  found  near  the  entrance  to  the  local  Planned   Parenthood  clinic  in  the  past  six  months?  The  answers  need   not  come  from  government  or  corporate  cameras,  which  are   at  least  par?ally  secured  against  abuse  through  well-­‐ considered  privacy  policies  from  Privacy  1.0.  Instead,  the   answers  come  from  a  more  powerful,  genera?ve  source:  an   army  of  the  world’s  photographers,  including  tourists  sharing   their  photos  online  without  firm  (or  legi?mate)  expecta?ons   of  how  they  might  next  be  used  and  reused.   J.  Zi2rain,  „The  Future  of  Internet  and  How  to  Stop  It .  p.  46   J. Kulesza, Transboundary challenges to privacy protection
    • Privacy  as  a  personal  right   na5onal  civil  law  challenge  
    • Privacy  as  a  personal  right   public   sphere  (Sozial-­‐/   Öffentlichkeitssphäre)   privacy   sphere   (Privatsphäre)   in5mate   sphere   (In5msphäre)  
    • Privacy  as  a  personal  right   public  sphere  (Sozial-­‐/   Öffentlichkeitssphäre)   social  sphere  (Sozialsphäre)     privacy  sphere   (Privatsphäre)   in5mate   sphere   (In5msphäre)   secret   sphere   (Sekretsphäre)  
    • The  transatlan5c  challenge    
    • U.S.  vs  EU  concept  of  data   protec5on    Ar5cle  25  Direc5ve  95/46/EC    1.  The  Member  States  shall  provide  that  the  transfer  to  a  third  country  of  personal   data  which  are  undergoing  processing  or  are  intended  for  processing  aUer  transfer   may  take  place  only  if  […]  the  third  country  in  ques5on  ensures  an  adequate  level   of  protec2on.  2.  The  adequacy  of  the  level  of  protec5on  afforded  by  a  third  country  shall  be   assessed  in  the  light  of  all  the  circumstances  surrounding  a  data  transfer  opera5on   or  set  of  data  transfer  opera5ons;  […]  3.  The  Member  States  and  the  Commission  shall  inform  each  other  of  cases  where   they  consider  that  a  third  country  does  not  ensure  an  adequate  level  of  protec5on   within  the  meaning  of  paragraph  2.  4.  Where  the  Commission  finds  […]  that  a  third  country  does  not  ensure  an  adequate   level  of  protec5on  within  the  meaning  of  paragraph  2  of  this  Ar5cle,  Member   States  shall  take  the  measures  necessary  to  prevent  any  transfer  of  data  of  the   same  type  to  the  third  country  in  ques5on.    
    • U.S.  vs  EU  concept  of  data   protec5on    In  order  to  enable  personal  data  transfer  from  Europe  to  the  U.S.,  the  Department   of  Commerce  (DoC)  coordinated  the  formula5on  of  Safe  Harbor  Privacy   Principles.      
    • safe  harbour  agreements  •  United  States  entrepreneurs  wishing  to  use  personal  data   protected  by  the  EU  law  must  accept  the  Principles   (coordinated  by  the  U.S.  DoC).    •  They  need  to  repeatedly  cer5fy  that  they  meet  the  aims   declared  in  the  principles  by  joining  one  of  the  self-­‐regula5ng   programs,  for  example,  TRUSTe  or  BBBOnline,  verify   compliance  with  the  Safe  Harbor  Privacy  Principles.    •  The  declara5on  of  each  company  to  adhere  to  the  program   includes  an  obliga5on  to  meet  the  seven  basic  aims  of  the   Direc5ve  (no5ce,  choice,  onward  transfer,  security,  data   integrity,  access  and  enforcement).      
    • safe  harbour  agreements  •  Safe  Harbor  Privacy  Principles  are  not  an  act  of  law.  Their  only   legal  effect  is  to  encourage  voluntary  corporate  compliance   with  the  principles  verified  by  authorized  organiza5ons.    •  Viola5ons  of  the  Principles  are  deemed  acts  of  unfair  or   decep5ve  trade  prac5ce  by  the  Federal  Trade  Commission   (FTC).    •  U.S.-­‐based  companies,  opera5ng  in  Europe  may  be  subject  to   European  states’  jurisdic5on  if  they  fail  to  meet  their  data   protec5on  obliga5ons  based  on  na5onal  personal  data   regula5ons.    
    • safe  harbour  agreements  •  The  execu5on  and  enforcement  of  Safe  Harbor  Privacy  Principles  has  been   subject  to  cri5cism,  primarily  because  of  the  lack  of  transparency  on  the   introduc5on  and  verifica5on  of  privacy  policies.    •  The  2004  EU  review  of  the  implementa5on  of  the  Principles  included   repeated  concern  “about  the  number  of  self-­‐cer5fied  organiza5ons  that   have  not  published  a  privacy  policy  or  that  have  published  a  policy  that  is   not  compliant  with  the  Principles.”    •  The  crucial,  prac5cal  problem  originated  from  the  voluntary  character  of   the  guidelines.  Since  some  companies  did  not  introduce  any  privacy  policy,   the  FTC  had  no  jurisdic5on  to  enforce  their  compliance  with  the  Principles.   The  Commission  also  depicted  the  lack  of  a  proac5ve  aptude  in   monitoring  organiza5ons’  compliance  with  the  Principles.    •  An  independent  2008  review  showed  a  growing  number  of  false  claims  by   U.S.  organiza5ons  on  their  Safe  Harbor  compliance  and  recognized  it  as  a   new  and  significant  threat  to  consumers’  privacy.    
    • interna5onal  privacy  protec5on   http://www.privacyinternational.org/survey/dpmap.jpg 34
    • the  source  of  the  problem    
    • shape  of  law         36 http://www.jimmymack.org
    • shape  of  cyberspace     37 author: Dmitri Krioukov, source: SDSC/CAIDA
    • Na5onal  privacy  standards  in  cyberspace?   38 author: Dmitri Krioukov, source: SDSC/CAIDA http://www.jimmymack.org
    • extralegal  solu5ons?  services  and  self-­‐regula5on   J. Kulesza, Transboundary challenges to privacy protection
    • services  J. Kulesza, Transboundary challenges to privacy protection 40
    • walled  gardens  of  privacy   simondseconoart/ sundaypearls.wordpress.com
    • J. Kulesza, Transboundary challenges 42 to privacy protection
    • summary  •  liPle  chance  for  a  binding  and  executable   interna5onal  treaty  on  privacy  protec5on    •  a  good  chance  of  common  business  prac5ces   sepng  a  global  standard    •  alterna5ve:  na5onally  „secured  spaces  of   privacy  protec5on  according  to  na5onal  laws   (e.g.  china)    
    • Joanna  Kulesza   University  of  Lodz    joannakulesza@gmail.com